Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅
中国的 Amazon Web Services 服务入门
(PDF)。
网络综合监测仪的 IAM 权限
要使用网络综合监测仪,用户必须拥有正确的权限。
有关 Amazon CloudWatch 安全性的更多信息,请参阅 适用于 Amazon CloudWatch 的 Identity and Access Management。
查看监测仪所需的权限
要在 Amazon Web Services Management Console 中查看网络综合监测仪的监测仪,您必须以具有以下权限的用户或角色身份登录:
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"networkmonitor:Get*",
"networkmonitor:List*"
],
"Resource": "*"
}
]
}
创建监测仪所需的权限
要在网络综合监测仪中创建监测仪,用户必须有权创建与网络综合监测仪关联的服务相关角色。要了解有关服务相关角色的更多信息,请参阅 将服务相关角色用于网络综合监测仪。
要在 Amazon Web Services Management Console 中创建网络综合监测仪的监测仪,您必须以具有以下策略包含的权限的用户或角色身份登录。
如果您创建更为严格的基于身份的权限策略,则采用该政策的用户将无法创建监测仪。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"networkmonitor:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "networkmonitor.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"iam:AttachRolePolicy",
"iam:GetRole",
"iam:PutRolePolicy"
],
"Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor"
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "*"
}
]
}