기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
CloudwatchApplicationInsightsServiceLinkedRolePolicy
설명: Cloudwatch Application Insights 서비스 연결 역할 정책입니다.
CloudwatchApplicationInsightsServiceLinkedRolePolicy은(는) AWS 관리형 정책입니다.
이 정책 사용
이 정책은 서비스에서 사용자를 대신하여 작업을 수행할 수 있도록 서비스 연결 역할에 연결됩니다. 사용자, 그룹 또는 역할에 정책을 연결할 수 없습니다.
정책 세부 정보
-
유형: 서비스 연결 역할 정책
-
생성 시간: 2018년 12월 1일, 16:22 UTC
-
편집된 시간: 2024년 7월 25일, 16:24 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy
정책 버전
정책 버전: v25(기본값)
정책의 기본 버전은 정책에 대한 권한을 정의하는 버전입니다. 정책이 적용되는 사용자 또는 역할이 AWS 리소스에 대한 액세스를 요청하면 AWS는 정책의 기본 버전을 검사하여 요청을 허용할지 여부를 결정합니다.
JSON 정책 문서
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "CloudWatch",
"Effect" : "Allow",
"Action" : [
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:PutAnomalyDetector",
"cloudwatch:DeleteAnomalyDetector",
"cloudwatch:DescribeAnomalyDetectors"
],
"Resource" : [
"*"
]
},
{
"Sid" : "CloudWatchLogs",
"Effect" : "Allow",
"Action" : [
"logs:FilterLogEvents",
"logs:GetLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Resource" : [
"*"
]
},
{
"Sid" : "EventBridge",
"Effect" : "Allow",
"Action" : [
"events:DescribeRule"
],
"Resource" : [
"*"
]
},
{
"Sid" : "CloudFormation",
"Effect" : "Allow",
"Action" : [
"cloudFormation:CreateStack",
"cloudFormation:UpdateStack",
"cloudFormation:DeleteStack",
"cloudFormation:DescribeStackResources",
"cloudFormation:UpdateTerminationProtection"
],
"Resource" : [
"arn:aws:cloudformation:*:*:stack/ApplicationInsights-*"
]
},
{
"Sid" : "CloudFormationStacks",
"Effect" : "Allow",
"Action" : [
"cloudFormation:DescribeStacks",
"cloudFormation:ListStackResources",
"cloudFormation:ListStacks"
],
"Resource" : [
"*"
]
},
{
"Sid" : "Tag",
"Effect" : "Allow",
"Action" : [
"tag:GetResources"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ResourceGroups",
"Effect" : "Allow",
"Action" : [
"resource-groups:ListGroupResources",
"resource-groups:GetGroupQuery",
"resource-groups:GetGroup"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ApplicationInsightsResourceGroup",
"Effect" : "Allow",
"Action" : [
"resource-groups:CreateGroup",
"resource-groups:DeleteGroup"
],
"Resource" : [
"arn:aws:resource-groups:*:*:group/ApplicationInsights-*"
]
},
{
"Sid" : "ElasticLoadBalancing",
"Effect" : "Allow",
"Action" : [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Resource" : [
"*"
]
},
{
"Sid" : "AutoScaling",
"Effect" : "Allow",
"Action" : [
"autoscaling:DescribeAutoScalingGroups"
],
"Resource" : [
"*"
]
},
{
"Sid" : "SSMParameter",
"Effect" : "Allow",
"Action" : [
"ssm:PutParameter",
"ssm:DeleteParameter",
"ssm:AddTagsToResource",
"ssm:RemoveTagsFromResource",
"ssm:GetParameters"
],
"Resource" : "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*"
},
{
"Sid" : "SSMAssociation",
"Effect" : "Allow",
"Action" : [
"ssm:CreateAssociation",
"ssm:UpdateAssociation",
"ssm:DeleteAssociation",
"ssm:DescribeAssociation"
],
"Resource" : [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ssm:*:*:association/*",
"arn:aws:ssm:*:*:managed-instance/*",
"arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure",
"arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage",
"arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent"
]
},
{
"Sid" : "SSMOpsItem",
"Effect" : "Allow",
"Action" : [
"ssm:GetOpsItem",
"ssm:CreateOpsItem",
"ssm:DescribeOpsItems",
"ssm:UpdateOpsItem",
"ssm:DescribeInstanceInformation"
],
"Resource" : [
"*"
]
},
{
"Sid" : "SSMTags",
"Effect" : "Allow",
"Action" : [
"ssm:AddTagsToResource"
],
"Resource" : "arn:aws:ssm:*:*:opsitem/*"
},
{
"Sid" : "SSMGetCommandInvocation",
"Effect" : "Allow",
"Action" : [
"ssm:ListCommandInvocations",
"ssm:GetCommandInvocation"
],
"Resource" : [
"*"
]
},
{
"Sid" : "SSMSendCommand",
"Effect" : "Allow",
"Action" : "ssm:SendCommand",
"Resource" : [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets",
"arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage",
"arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload",
"arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent"
]
},
{
"Sid" : "EC2",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVpcs",
"ec2:DescribeVpcAttribute",
"ec2:DescribeNatGateways"
],
"Resource" : [
"*"
]
},
{
"Sid" : "RDS",
"Effect" : "Allow",
"Action" : [
"rds:DescribeDBInstances",
"rds:DescribeDBClusters"
],
"Resource" : [
"*"
]
},
{
"Sid" : "Lambda",
"Effect" : "Allow",
"Action" : [
"lambda:ListFunctions",
"lambda:GetFunctionConfiguration",
"lambda:ListEventSourceMappings"
],
"Resource" : [
"*"
]
},
{
"Sid" : "EventBridgeManagedRule",
"Effect" : "Allow",
"Action" : [
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:DeleteRule"
],
"Resource" : [
"arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*"
]
},
{
"Sid" : "XRay",
"Effect" : "Allow",
"Action" : [
"xray:GetServiceGraph",
"xray:GetTraceSummaries",
"xray:GetTimeSeriesServiceStatistics",
"xray:GetTraceGraph"
],
"Resource" : [
"*"
]
},
{
"Sid" : "DynamoDB",
"Effect" : "Allow",
"Action" : [
"dynamodb:ListTables",
"dynamodb:DescribeTable",
"dynamodb:DescribeContributorInsights",
"dynamodb:DescribeTimeToLive"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ApplicationAutoscaling",
"Effect" : "Allow",
"Action" : [
"application-autoscaling:DescribeScalableTargets"
],
"Resource" : [
"*"
]
},
{
"Sid" : "S3",
"Effect" : "Allow",
"Action" : [
"s3:ListAllMyBuckets",
"s3:GetMetricsConfiguration",
"s3:GetReplicationConfiguration"
],
"Resource" : [
"*"
]
},
{
"Sid" : "States",
"Effect" : "Allow",
"Action" : [
"states:ListStateMachines",
"states:DescribeExecution",
"states:DescribeStateMachine",
"states:GetExecutionHistory"
],
"Resource" : [
"*"
]
},
{
"Sid" : "APIGateway",
"Effect" : "Allow",
"Action" : [
"apigateway:GET"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ECS",
"Effect" : "Allow",
"Action" : [
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:DescribeTaskSets",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"ecs:ListTasks"
],
"Resource" : [
"*"
]
},
{
"Sid" : "ECSCluster",
"Effect" : "Allow",
"Action" : [
"ecs:UpdateClusterSettings"
],
"Resource" : [
"arn:aws:ecs:*:*:cluster/*"
]
},
{
"Sid" : "EKS",
"Effect" : "Allow",
"Action" : [
"eks:DescribeCluster",
"eks:DescribeFargateProfile",
"eks:DescribeNodegroup",
"eks:ListClusters",
"eks:ListFargateProfiles",
"eks:ListNodegroups",
"fsx:DescribeFileSystems",
"fsx:DescribeVolumes"
],
"Resource" : [
"*"
]
},
{
"Sid" : "SNS",
"Effect" : "Allow",
"Action" : [
"sns:GetSubscriptionAttributes",
"sns:GetTopicAttributes",
"sns:GetSMSAttributes",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics"
],
"Resource" : [
"*"
]
},
{
"Sid" : "SQS",
"Effect" : "Allow",
"Action" : [
"sqs:ListQueues"
],
"Resource" : "*"
},
{
"Sid" : "CloudWatchLogsDeleteSubscriptionFilter",
"Effect" : "Allow",
"Action" : [
"logs:DeleteSubscriptionFilter"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:*"
]
},
{
"Sid" : "CloudWatchLogsCreateSubscriptionFilter",
"Effect" : "Allow",
"Action" : [
"logs:PutSubscriptionFilter"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:*",
"arn:aws:logs:*:*:destination:AmazonCloudWatch-ApplicationInsights-LogIngestionDestination*"
]
},
{
"Sid" : "EFS",
"Effect" : "Allow",
"Action" : [
"elasticfilesystem:DescribeFileSystems"
],
"Resource" : [
"*"
]
},
{
"Sid" : "Route53",
"Effect" : "Allow",
"Action" : [
"route53:GetHostedZone",
"route53:GetHealthCheck",
"route53:ListHostedZones",
"route53:ListHealthChecks",
"route53:ListQueryLoggingConfigs"
],
"Resource" : [
"*"
]
},
{
"Sid" : "Route53Resolver",
"Effect" : "Allow",
"Action" : [
"route53resolver:ListFirewallRuleGroupAssociations",
"route53resolver:GetFirewallRuleGroup",
"route53resolver:ListFirewallRuleGroups",
"route53resolver:ListResolverEndpoints",
"route53resolver:GetResolverQueryLogConfig",
"route53resolver:ListResolverQueryLogConfigs",
"route53resolver:ListResolverQueryLogConfigAssociations",
"route53resolver:GetResolverEndpoint",
"route53resolver:GetFirewallRuleGroupAssociation"
],
"Resource" : [
"*"
]
}
]
}자세히 알아보기
