Amazon managed policies for Internet Monitor
An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Services service is launched or new API operations become available for existing services.
For more information, see Amazon managed policies in the IAM User Guide.
Amazon managed policy: CloudWatchInternetMonitorServiceRolePolicy
This policy is attached to the service-linked role named AWSServiceRoleForInternetMonitor to allow Internet Monitor to access resources in your account, such as Amazon Virtual Private Cloud resources or Network Load Balancers, so that you can select them when you create a monitor. For more information, see Service-linked role for Internet Monitor.
Amazon managed policy: CloudWatchInternetMonitorReadOnlyAccess
You can attach CloudWatchInternetMonitorReadOnlyAccess
to your IAM entities.
This policy grants access to read-only actions to work with monitors and data in with Internet Monitor.
Attach it to IAM users and other principals who need access to only read-only actions.
Specifically, the scope of this policy includes internetmonitor:
so that users can
use read-only Internet Monitor actions and resources. It includes some cloudwatch:
policies to retrieve information on
CloudWatch metrics. It includes some logs:
policies to manage log queries.
To view the permissions for this policy, see CloudWatchInternetMonitorReadOnlyAccess in the Amazon Managed Policy Reference.
Amazon managed policy: CloudWatchInternetMonitorFullAccess
You can attach CloudWatchInternetMonitorFullAccess
to your IAM entities.
This policy grants full access to
Actions for Internet Monitor for working with Internet Monitor. Attach it to IAM users and other principals
who need full access to Internet Monitor actions.
Specifically, scope of this policy includes internetmonitor:
so that users can
use Internet Monitor actions and resources. It includes some cloudwatch:
policies to retrieve information on
CloudWatch alarms and metrics. It includes some logs:
policies to manage log queries. It includes some
ec2:
, cloudfront:
, elasticloadbalancing:
, and workspaces:
policies to work with resources that you add to monitors so that Internet Monitor can create a traffic profile for
your application. It contains some iam:
policies to manage IAM roles.
To view the permissions for this policy, see CloudWatchInternetMonitorFullAccess in the Amazon Managed Policy Reference.
Internet Monitor updates to Amazon managed policies
To view details about updates to Amazon managed policies for Internet Monitor since this service began tracking these changes, see CloudWatch updates to Amazon managed policies. For automatic alerts about managed policy changes in CloudWatch, subscribe to the RSS feed on the CloudWatch Document history page.