AWS IAM许可在自定义仪表板中查看公制资源管理器上的指标
我创建了一个用户组,并将AWS托管策略:CloudWatchReadonLyAccess与一个组一起。我创建了一个自定义仪表板来监视我的资源,并在其中添加了很少的资源管理器。所有小部件都是访问权限的,但是Explorer's正在抛出权限错误:您无权访问生成图表所需的标签和资源。要获取正确的访问,请联系您的管理员。探险家使用资源标签获取数据,并且也抛出了错误:红色的标签和属性对于所选的指标不可用。
i已经尝试使用我创建的客户托管策略,尝试了TageTor,资源组标记描述标签,Ec2,EC2,EC2 Autoscaling Group等的ListreSourcetag。我还为特定的EBS环境名称使用了条件。
帮助我编写客户托管政策。
CloudWatchReadonLyAccess
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:Describe*",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}```
I have created a user group and attached AWS Managed Policy: CloudWatchReadOnlyAccess to a group. I have created a custom dashboard to monitor my resources and added few explorer's to it. All the widgets are access but explorer's is throwing permission error: You don't have permission to access the tags and resources needed to generate the charts. To get the right access, contact your administrator. The explorer fetches the data using resource tag and that too is throwing error: Tags and properties in red are not available for the selected metrics.
I have tried TagEditor, Resource Group Tagging describeTags, listResourceTags of Elastic BeanStalk, EC2, EC2 autoscaling group, etc using a customer managed policy which I created. I have also used condition for a specific EBS environment name.
Help me in writing my customer managed policy.
CloudWatchReadOnlyAccess
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:Describe*",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}```
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要在政策中添加/允许以下“操作”:
“标签:getResources”
You need to add/allow the below "Action" in your policy :
"tag:GetResources"