从2024年10月31日起,亚马逊Monitron将不再向新客户开放。如果您想使用该服务,请在该日期之前注册。现有客户可以继续照常使用该服务。如需了解与 Amazon Monitron 类似的功能,请参阅我们的博客文章
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWS 亚马逊 Monitron 的托管策略
你可以附加 AmazonMonitronFullAccess 到你的IAM实体。此策略授予管理权限,允许访问所有 Amazon Monitron 资源和操作。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "monitron.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "monitron:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:DescribeKey", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "monitron.*.amazonaws.com" ] }, "Bool": { "kms:GrantIsForAWSResource": true } } }, { "Sid": "AWSSSOPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "ds:DescribeDirectories", "ds:DescribeTrusts" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:DescribeStream", "kinesis:ListStreams" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:CreateLogGroup" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/monitron/*" }, ] }