本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
IAM明顯使用政策
若要完全管理「 CloudWatch 明顯」,您必須以具有下列權限的IAM使用者或角色身分登入:
該AmazonCloudWatchEvidentlyFullAccess政策
該ResourceGroupsandTagEditorReadOnlyAccess政策
此外,若要建立將評估事件存放在 Amazon S3 或 CloudWatch 日誌中的專案,您需要下列許可:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:GetObject", "s3:ListBucket" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", "logs:DescribeResourcePolicies", "logs:PutResourcePolicy" ], "Resource": [ "*" ] } ] }
CloudWatch RUM整合的其他權限
此外,如果您打算管理明顯的啟動或與 Amazon 集成的實驗 CloudWatch RUM並使用 CloudWatch RUM指標進行監控,則需要該AmazonCloudWatchRUMFullAccess政策。要創建某個IAM角色以授予 CloudWatch RUM Web 客戶端發送數据的權限 CloudWatch RUM,那么您需要下列權限:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:CreateRole", "iam:CreatePolicy", "iam:AttachRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/service-role/CloudWatchRUMEvidentlyRole-*", "arn:aws:iam::*:policy/service-role/CloudWatchRUMEvidentlyPolicy-*" ] } ] }
Evidently 唯讀存取的許可
對於其他需要查看「明顯」數據但不需要創建 Eviatic 資源的用戶,您可以授予該AmazonCloudWatchEvidentlyReadOnlyAccess策略。