CloudWatch 网络监测仪的 IAM 权限 - Amazon CloudWatch
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

CloudWatch 网络监测仪的 IAM 权限

要使用 Amazon CloudWatch 网络监测仪,用户必须拥有正确的权限。

有关 Amazon CloudWatch 安全性的更多信息,请参阅 适用于 Amazon CloudWatch 的 Identity and Access Management

查看监测仪所需的权限

要在 Amazon Web Services Management Console 中查看 Amazon CloudWatch 网络监测仪的监测仪,您必须以具有以下权限的用户或角色身份登录:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "networkmonitor:Get*", "networkmonitor:List*" ], "Resource": "*" } ] }

创建监测仪所需的权限

要在 Amazon CloudWatch 网络监测仪中创建监测仪,用户必须有权创建与网络监测仪关联的服务相关角色。要了解有关服务相关角色的更多信息,请参阅 将服务相关角色用于 CloudWatch 网络监测仪

要在 Amazon Web Services Management Console 中创建 Amazon CloudWatch 网络监测仪的监测仪,您必须以具有以下策略包含的权限的用户或角色身份登录。

注意

如果您创建更为严格的基于身份的权限策略,则采用该政策的用户将无法创建监测仪。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "networkmonitor:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor", "Condition": { "StringLike": { "iam:AWSServiceName": "networkmonitor.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:GetRole", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor" }, { "Action": [ "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:CreateTags" ], "Effect": "Allow", "Resource": "*" } ] }