View a markdown version of this page

Actions, resources, and condition keys for Amazon CloudWatch Application Insights - Service Authorization Reference
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Actions, resources, and condition keys for Amazon CloudWatch Application Insights

Amazon CloudWatch Application Insights (service prefix: applicationinsights) provides the following service-specific operations, resources, actions, and condition keys for use in IAM permission policies.

References:

Actions defined by Amazon CloudWatch Application Insights

You can specify the following actions in the Action element of an IAM policy statement. Use policies to grant permissions to perform an operation in Amazon. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.

Actions Description Resource types (*required) Condition keys Access level

AddWorkload

Grants permission to add a workload

Write

CreateApplication

Grants permission to create an application from a resource group

Write

CreateComponent

Grants permission to create a component from a group of resources

Write

CreateLogPattern

Grants permission to create log a pattern

Write

DeleteApplication

Grants permission to delete an application

Write

DeleteComponent

Grants permission to delete a component

Write

DeleteLogPattern

Grants permission to delete a log pattern

Write

DescribeApplication

Grants permission to describe an application

Read

DescribeComponent

Grants permission to describe a component

Read

DescribeComponentConfiguration

Grants permission to describe a component's configuration

Read

DescribeComponentConfigurationRecommendation

Grants permission to describe the recommended application component configuration

Read

DescribeLogPattern

Grants permission to describe a log pattern

Read

DescribeObservation

Grants permission to describe an observation

Read

DescribeProblem

Grants permission to describe a problem

Read

DescribeProblemObservations

Grants permission to describe the observation in a problem

Read

DescribeWorkload

Grants permission to describe a workload

Read

ListApplications

Grants permission to list all applications

List

ListComponents

Grants permission to list an application's components

List

ListConfigurationHistory

Grants permission to list configuration history

List

ListLogPatternSets

Grants permission to list log pattern sets for an application

List

ListLogPatterns

Grants permission to list log patterns

List

ListProblems

Grants permission to list the problems in an application

List

ListTagsForResource

Grants permission to list tags for the resource

Read

ListWorkloads

Grants permission to list workloads

List

RemoveWorkload

Grants permission to remove a workload

Write

TagResource

Grants permission to tag a resource

aws:RequestTag/${TagKey}

aws:TagKeys

Tagging, Write

UntagResource

Grants permission to untag a resource

aws:TagKeys

Tagging, Write

UpdateApplication

Grants permission to update an application

Write

UpdateComponent

Grants permission to update a component

Write

UpdateComponentConfiguration

Grants permission to update a component's configuration

Write

UpdateLogPattern

Grants permission to update a log pattern

Write

UpdateProblem

Grants permission to update a problem

Write

UpdateWorkload

Grants permission to update a workload

Write

Permission-only actions for Amazon CloudWatch Application Insights

The following actions are defined by Amazon CloudWatch Application Insights but are not directly invocable through any API operation. They can only be used in IAM policy statements to grant or deny permissions.

Actions Description Resource types (*required) Condition keys Access level

Link

Grants permission to share Application Insights resources with a monitoring account

Write

Resource types defined by Amazon CloudWatch Application Insights

Amazon CloudWatch Application Insights does not support specifying a resource ARN in the Resource element of an IAM policy statement.

Condition keys for Amazon CloudWatch Application Insights

Amazon CloudWatch Application Insights defines the following condition keys that can be used in the Condition element of an IAM policy.

Condition keys Description Type

aws:RequestTag/${TagKey}

Filters access by a tag key and value pair that is allowed in the request

String

aws:ResourceTag/${TagKey}

Filters access by a tag key and value pair of a resource

String

aws:TagKeys

Filters access by a list of tag keys that are allowed in the request

ArrayOfString