CentralizationSourceRegions CentralizationDestinationRegion CentralizationBackupRegion

Condition keys for CloudWatch Observability Admin

You can use IAM policies to control access to Amazon CloudWatch Observability Admin resources and actions by using condition keys.

Observability Admin has the following condition keys:

Condition Key	Description	Type
CentralizationSourceRegions	ArrayOfString	Filters access by the source Regions that are passed in the request
CentralizationDestinationRegion	String	Filters access by the destination Region that is passed in the request
CentralizationBackupRegion	String	Filters access by the backup Region that is passed in the request

CentralizationSourceRegions

Filters access by the backup region specified for centralization rules.

Availability – This key is available for the following resource types: organization-centralization-rule
Value type – String

Example JSON policy with observabilityadmin:CentralizationBackupRegion


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "observabilityadmin:CreateOrganizationCentralizationRule",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "observabilityadmin:CentralizationBackupRegion": "us-west-2"
        }
      }
    }
  ]
}

CentralizationDestinationRegion

Filters access by the destination region specified for centralization rules.

Availability – This key is available for the following resource types: organization-centralization-rule
Value type – String

Example JSON policy with observabilityadmin:CentralizationDestinationRegion


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "observabilityadmin:CreateOrganizationCentralizationRule",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "observabilityadmin:CentralizationDestinationRegion": "us-east-1"
        }
      }
    }
  ]
}

CentralizationBackupRegion

Filters access by the source regions specified for centralization rules.

Availability – This key is available for the following resource types: organization-centralization-rule
Value type – List of strings

Example JSON policy with observabilityadmin:CentralizationSourceRegions


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "observabilityadmin:CreateOrganizationCentralizationRule",
      "Resource": "*",
      "Condition": {
        "ForAllValues:StringEquals": {
          "observabilityadmin:CentralizationSourceRegions": ["us-west-1", "us-west-2"]
        }
      }
    }
  ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions