网络监测仪的 IAM 权限
要使用 Amazon CloudWatch 网络监测仪,用户必须拥有正确的权限。
有关 Amazon CloudWatch 安全性的更多信息,请参阅 适用于 Amazon CloudWatch 的 Identity and Access Management。
查看监测仪所需的权限
要在 Amazon Web Services Management Console 中查看 Amazon CloudWatch 网络监测仪的监测仪,您必须以具有以下权限的用户或角色身份登录:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "networkmonitor:Get*", "networkmonitor:List*" ], "Resource": "*" } ] }
创建监测仪所需的权限
要在 Amazon CloudWatch 网络监测仪中创建监测仪,用户必须有权创建与网络监测仪关联的服务相关角色。要了解有关服务相关角色的更多信息,请参阅 将服务相关角色用于网络监测仪。
要在 Amazon Web Services Management Console 中创建 Amazon CloudWatch 网络监测仪的监测仪,您必须以具有以下策略包含的权限的用户或角色身份登录。
注意
如果您创建更为严格的基于身份的权限策略,则采用该政策的用户将无法创建监测仪。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "networkmonitor:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor", "Condition": { "StringLike": { "iam:AWSServiceName": "networkmonitor.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:GetRole", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor" }, { "Action": [ "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:CreateTags" ], "Effect": "Allow", "Resource": "*" } ] }