Using condition keys to limit access to CloudWatch

See the following topics to learn about the service-specific condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies.

Using condition keys to limit access to CloudWatch namespaces
Using condition keys to limit Contributor Insights users' access to log groups
Using condition keys to limit alarm actions
Condition keys for CloudWatch Observability Admin

To see the global condition keys that are available to all services, see Available global condition keys.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CloudWatch dashboard permissions update

Using service-linked roles