CloudWatchReadOnlyAccess
Description: Provides read only access to CloudWatch.
CloudWatchReadOnlyAccess is an AWS managed policy.
Using this policy
You can attach CloudWatchReadOnlyAccess to your users, groups, and roles.
Policy details
-
Type: AWS managed policy
-
Creation time: February 06, 2015, 18:40 UTC
-
Edited time: May 17, 2024, 22:17 UTC
-
ARN:
arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess
Policy version
Policy version: v9 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
JSON policy document
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "CloudWatchReadOnlyAccessPermissions", "Effect" : "Allow", "Action" : [ "application-autoscaling:DescribeScalingPolicies", "application-signals:BatchGet*", "application-signals:Get*", "application-signals:List*", "autoscaling:Describe*", "cloudwatch:BatchGet*", "cloudwatch:Describe*", "cloudwatch:GenerateQuery", "cloudwatch:Get*", "cloudwatch:List*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:Describe*", "logs:TestMetricFilter", "logs:FilterLogEvents", "logs:StartLiveTail", "logs:StopLiveTail", "oam:ListSinks", "sns:Get*", "sns:List*", "rum:BatchGet*", "rum:Get*", "rum:List*", "synthetics:Describe*", "synthetics:Get*", "synthetics:List*", "xray:BatchGet*", "xray:Get*" ], "Resource" : "*" }, { "Sid" : "OAMReadPermissions", "Effect" : "Allow", "Action" : [ "oam:ListAttachedLinks" ], "Resource" : "arn:aws:oam:*:*:sink/*" }, { "Sid" : "CloudWatchReadOnlyGetRolePermissions", "Effect" : "Allow", "Action" : "iam:GetRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals" } ] }
Learn more
