网络监测仪的 IAM 权限 - Amazon CloudWatch
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

网络监测仪的 IAM 权限

要使用 Amazon CloudWatch 网络监测仪,用户必须拥有正确的权限。

有关 Amazon CloudWatch 安全性的更多信息,请参阅 适用于 Amazon CloudWatch 的 Identity and Access Management

查看监测仪所需的权限

要在 Amazon Web Services Management Console 中查看 Amazon CloudWatch 网络监测仪的监测仪,您必须以具有以下权限的用户或角色身份登录:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "networkmonitor:Get*", "networkmonitor:List*" ], "Resource": "*" } ] }

创建监测仪所需的权限

要在 Amazon CloudWatch 网络监测仪中创建监测仪,用户必须有权创建与网络监测仪关联的服务相关角色。要了解有关服务相关角色的更多信息,请参阅 将服务相关角色用于网络监测仪

要在 Amazon Web Services Management Console 中创建 Amazon CloudWatch 网络监测仪的监测仪,您必须以具有以下策略包含的权限的用户或角色身份登录。

注意

如果您创建更为严格的基于身份的权限策略,则采用该政策的用户将无法创建监测仪。

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "networkmonitor:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor", "Condition": { "StringLike": { "iam:AWSServiceName": "networkmonitor.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:GetRole", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/networkmonitor.amazonaws.com/AWSServiceRoleForNetworkMonitor" }, { "Action": [ "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:CreateTags" ], "Effect": "Allow", "Resource": "*" } ] }