IAM policy
To use CloudWatch Application Insights, you must create an Amazon Identity and Access Management (IAM) policy and attach it to your user, group, or role. For more information about users, groups, and roles, see IAM Identities (users, user groups, and roles). The IAM policy defines the user permissions.
To create an IAM policy using the console
To create an IAM policy using the IAM console, perform the following steps.
-
Go to the IAM console
. In the left navigation pane, select Policies. -
At the top of the page, select Create policy.
-
Select the JSON tab.
-
Copy and paste the following JSON document under the JSON tab.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "applicationinsights:*", "iam:CreateServiceLinkedRole", "iam:ListRoles", "resource-groups:ListGroups" ], "Effect": "Allow", "Resource": "*" } ] } -
Select Review Policy.
-
Enter a Name for the policy, for example, “AppInsightsPolicy.” Optionally, enter a Description.
-
Select Create Policy.
-
In the left navigation pane, select User groups, Users, or Roles.
-
Select the name of the user group, user, or role to which you would like to attach the policy.
-
Select Add permissions.
-
Select Attach existing policies directly.
-
Search for the policy that you just created, and select the check box to the left of the policy name.
-
Select Next: Review.
-
Make sure that the correct policy is listed, and select Add permissions.
-
Make sure that you log in with the user associated with the policy that you just created when you use CloudWatch Application Insights.
To create an IAM policy using the Amazon CLI
To create an IAM policy using the Amazon CLI, run the create-policy operation from the command line using the JSON document above as a file in your current folder.
To create an IAM policy using Amazon Tools for Windows PowerShell
To create an IAM policy using the Amazon Tools for Windows PowerShell, run the New-IAMPolicy cmdlt using the JSON document above as a file in your current folder.