Amazon CloudWatch 网络监测仪的 IAM 权限 - Amazon CloudWatch
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

Amazon CloudWatch 网络监测仪的 IAM 权限

要访问使用 Amazon CloudWatch 网络监测仪中监测仪和数据的操作,用户必须拥有正确权限。

有关 Amazon CloudWatch 安全性的更多信息,请参阅 适用于 Amazon CloudWatch 的 Identity and Access Management

Amazon CloudWatch 网络监测仪的只读访问权限

要访问使用 Amazon CloudWatch 网络监测仪中监测仪和数据的只读操作,用户必须以具有以下权限的用户或角色身份登录:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "internetmonitor:Get*", "internetmonitor:List*", "internetmonitor:StartQuery", "internetmonitor:StopQuery", "logs:DescribeLogGroups", "logs:GetQueryResults", "logs:StartQuery", "logs:StopQuery" ], "Resource": "*" } ] }

Amazon CloudWatch 网络监测仪的完全访问权限

要在 Amazon CloudWatch 网络监测仪中创建监测仪,并拥有使用网络监测仪中监测仪和数据的操作的完全访问权限,用户必须以具有以下权限的用户或角色身份登录:

注意

如果创建更为严格的基于身份的权限策略,则采用该策略的用户可能没有在网络监测仪中创建和使用监测仪和数据的完全访问权限。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "internetmonitor:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/internetmonitor.amazonaws.com/AWSServiceRoleForInternetMonitor", "Condition": { "StringLike": { "iam:AWSServiceName": "internetmonitor.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/internetmonitor.amazonaws.com/AWSServiceRoleForInternetMonitor" }, { "Action": [ "ec2:DescribeVpcs", "elasticloadbalancing:DescribeLoadBalancers", "workspaces:DescribeWorkspaceDirectories", "cloudfront:GetDistribution" ], "Effect": "Allow", "Resource": "*" } ] }