IAM policies for users

CloudWatch Logs has created two IAM policies, CloudWatchOpenSearchDashboardsFullAccess and CloudWatchOpenSearchDashboardAccess. The following table lists which actions each of these policies enables.

Action	IAM policy	Additional permissions needed
Create integration	CloudWatchOpenSearchDashboardsFullAccess
Delete integration	CloudWatchOpenSearchDashboardsFullAccess
Create dashboard	CloudWatchOpenSearchDashboardsFullAccess
Edit dashboard	CloudWatchOpenSearchDashboardsFullAccess
Delete dashboard	CloudWatchOpenSearchDashboardsFullAccess
Refresh dashboard using Synchronize now	CloudWatchOpenSearchDashboardsFullAccess
View integration in Settings	CloudWatchOpenSearchDashboardAccess or CloudWatchOpenSearchDashboardsFullAccess
View dashboard	CloudWatchOpenSearchDashboardAccess or CloudWatchOpenSearchDashboardsFullAccess	Specify the role or user when you create the integration, or edit the data access policy for the collection to add these roles or users. For more information, see Data access control for Amazon OpenSearch Service Serverless in the OpenSearch Service Developer Guide.
View dashboard in OpenSearch Service console	CloudWatchOpenSearchDashboardAccess or CloudWatchOpenSearchDashboardsFullAccess	Specify the role or user when you create the integration, or edit the data access policy for the collection to add these roles or users. For more information, see Data access control for Amazon OpenSearch Service Serverless in the OpenSearch Service Developer Guide.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

View, edit, or delete vended logs dashboards

Permissions that the integration needs