Menu
AWS Health
User Guide

Controlling Access to AWS Personal Health Dashboard and AWS Health

You can use IAM to create identities (users, groups, or roles), and then give those identities permissions to access the Personal Health Dashboard and AWS Health API.

By default, IAM users do not have access to Personal Health Dashboard or AWS Health. You give users access to your account’s AWS Health information by attaching IAM policies to a single user, a group of users, or a role. For more information, see Identities (Users, Groups, and Roles) and Overview of IAM Policies.

After you create IAM users, you can give those users individual passwords. They can then sign in to your account and view AWS Health information by using an account-specific sign-in page. For more information, see How Users Sign In to Your Account.

Important

An IAM user with permissions to view Personal Health Dashboard has read-only access to health information across all AWS services on the account, which can include, but is not limited to, AWS resource tag information, AWS resource IDs such as EC2 instance IDs, EC2 instance IP addresses, and general security notifications. For example, if an IAM policy grants access only to Personal Health Dashboard and AWS Health APIs, the user or role that the policy applies to has access to all information posted about AWS services and related resources, even if other IAM policies do not allow that access.

To allow access to the Personal Health Dashboard and AWS Health, set the Action element of an IAM policy to health:Describe*. AWS Health does not provide resource-level access, so the Resource element is always set to *.

Note

Although the Personal Health Dashboard is available for all AWS accounts, the AWS Health API is available only to accounts that have a Business or Enterprise support plan. For more information, see AWS Support.

For example, this policy statement grants access to Personal Health Dashboard and AWS Health:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "health:Describe*" ], "Resource": "*" }] }

This policy statement denies access to Personal Health Dashboard and AWS Health:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "health:*" ], "Resource": "*" }] }

If the user or group that you want to give permissions to already has a policy, you can add the AWS Health-specific policy statement illustrated here to that policy.