기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
CloudwatchApplicationInsightsServiceLinkedRolePolicy
설명: Cloudwatch Application Insights 서비스 연결 역할 정책입니다.
CloudwatchApplicationInsightsServiceLinkedRolePolicy은(는) AWS 관리형 정책입니다.
이 정책 사용
이 정책은 서비스에서 사용자를 대신하여 작업을 수행할 수 있도록 서비스 연결 역할에 연결됩니다. 사용자, 그룹 또는 역할에 정책을 연결할 수 없습니다.
정책 세부 정보
-
유형: 서비스 연결 역할 정책
-
생성 시간: 2018년 12월 1일, 16:22 UTC
-
편집된 시간: 2024년 7월 25일, 16:24 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy
정책 버전
정책 버전: v25(기본값)
정책의 기본 버전은 정책에 대한 권한을 정의하는 버전입니다. 정책이 적용되는 사용자 또는 역할이 AWS 리소스에 대한 액세스를 요청하면 AWS는 정책의 기본 버전을 검사하여 요청을 허용할지 여부를 결정합니다.
JSON 정책 문서
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "CloudWatch", "Effect" : "Allow", "Action" : [ "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:PutAnomalyDetector", "cloudwatch:DeleteAnomalyDetector", "cloudwatch:DescribeAnomalyDetectors" ], "Resource" : [ "*" ] }, { "Sid" : "CloudWatchLogs", "Effect" : "Allow", "Action" : [ "logs:FilterLogEvents", "logs:GetLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Resource" : [ "*" ] }, { "Sid" : "EventBridge", "Effect" : "Allow", "Action" : [ "events:DescribeRule" ], "Resource" : [ "*" ] }, { "Sid" : "CloudFormation", "Effect" : "Allow", "Action" : [ "cloudFormation:CreateStack", "cloudFormation:UpdateStack", "cloudFormation:DeleteStack", "cloudFormation:DescribeStackResources", "cloudFormation:UpdateTerminationProtection" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/ApplicationInsights-*" ] }, { "Sid" : "CloudFormationStacks", "Effect" : "Allow", "Action" : [ "cloudFormation:DescribeStacks", "cloudFormation:ListStackResources", "cloudFormation:ListStacks" ], "Resource" : [ "*" ] }, { "Sid" : "Tag", "Effect" : "Allow", "Action" : [ "tag:GetResources" ], "Resource" : [ "*" ] }, { "Sid" : "ResourceGroups", "Effect" : "Allow", "Action" : [ "resource-groups:ListGroupResources", "resource-groups:GetGroupQuery", "resource-groups:GetGroup" ], "Resource" : [ "*" ] }, { "Sid" : "ApplicationInsightsResourceGroup", "Effect" : "Allow", "Action" : [ "resource-groups:CreateGroup", "resource-groups:DeleteGroup" ], "Resource" : [ "arn:aws:resource-groups:*:*:group/ApplicationInsights-*" ] }, { "Sid" : "ElasticLoadBalancing", "Effect" : "Allow", "Action" : [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Resource" : [ "*" ] }, { "Sid" : "AutoScaling", "Effect" : "Allow", "Action" : [ "autoscaling:DescribeAutoScalingGroups" ], "Resource" : [ "*" ] }, { "Sid" : "SSMParameter", "Effect" : "Allow", "Action" : [ "ssm:PutParameter", "ssm:DeleteParameter", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm:GetParameters" ], "Resource" : "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*" }, { "Sid" : "SSMAssociation", "Effect" : "Allow", "Action" : [ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:association/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure", "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" ] }, { "Sid" : "SSMOpsItem", "Effect" : "Allow", "Action" : [ "ssm:GetOpsItem", "ssm:CreateOpsItem", "ssm:DescribeOpsItems", "ssm:UpdateOpsItem", "ssm:DescribeInstanceInformation" ], "Resource" : [ "*" ] }, { "Sid" : "SSMTags", "Effect" : "Allow", "Action" : [ "ssm:AddTagsToResource" ], "Resource" : "arn:aws:ssm:*:*:opsitem/*" }, { "Sid" : "SSMGetCommandInvocation", "Effect" : "Allow", "Action" : [ "ssm:ListCommandInvocations", "ssm:GetCommandInvocation" ], "Resource" : [ "*" ] }, { "Sid" : "SSMSendCommand", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets", "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload", "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" ] }, { "Sid" : "EC2", "Effect" : "Allow", "Action" : [ "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeNatGateways" ], "Resource" : [ "*" ] }, { "Sid" : "RDS", "Effect" : "Allow", "Action" : [ "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Resource" : [ "*" ] }, { "Sid" : "Lambda", "Effect" : "Allow", "Action" : [ "lambda:ListFunctions", "lambda:GetFunctionConfiguration", "lambda:ListEventSourceMappings" ], "Resource" : [ "*" ] }, { "Sid" : "EventBridgeManagedRule", "Effect" : "Allow", "Action" : [ "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:DeleteRule" ], "Resource" : [ "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*" ] }, { "Sid" : "XRay", "Effect" : "Allow", "Action" : [ "xray:GetServiceGraph", "xray:GetTraceSummaries", "xray:GetTimeSeriesServiceStatistics", "xray:GetTraceGraph" ], "Resource" : [ "*" ] }, { "Sid" : "DynamoDB", "Effect" : "Allow", "Action" : [ "dynamodb:ListTables", "dynamodb:DescribeTable", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeTimeToLive" ], "Resource" : [ "*" ] }, { "Sid" : "ApplicationAutoscaling", "Effect" : "Allow", "Action" : [ "application-autoscaling:DescribeScalableTargets" ], "Resource" : [ "*" ] }, { "Sid" : "S3", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets", "s3:GetMetricsConfiguration", "s3:GetReplicationConfiguration" ], "Resource" : [ "*" ] }, { "Sid" : "States", "Effect" : "Allow", "Action" : [ "states:ListStateMachines", "states:DescribeExecution", "states:DescribeStateMachine", "states:GetExecutionHistory" ], "Resource" : [ "*" ] }, { "Sid" : "APIGateway", "Effect" : "Allow", "Action" : [ "apigateway:GET" ], "Resource" : [ "*" ] }, { "Sid" : "ECS", "Effect" : "Allow", "Action" : [ "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "ecs:ListTasks" ], "Resource" : [ "*" ] }, { "Sid" : "ECSCluster", "Effect" : "Allow", "Action" : [ "ecs:UpdateClusterSettings" ], "Resource" : [ "arn:aws:ecs:*:*:cluster/*" ] }, { "Sid" : "EKS", "Effect" : "Allow", "Action" : [ "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodegroups", "fsx:DescribeFileSystems", "fsx:DescribeVolumes" ], "Resource" : [ "*" ] }, { "Sid" : "SNS", "Effect" : "Allow", "Action" : [ "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:GetSMSAttributes", "sns:ListSubscriptionsByTopic", "sns:ListTopics" ], "Resource" : [ "*" ] }, { "Sid" : "SQS", "Effect" : "Allow", "Action" : [ "sqs:ListQueues" ], "Resource" : "*" }, { "Sid" : "CloudWatchLogsDeleteSubscriptionFilter", "Effect" : "Allow", "Action" : [ "logs:DeleteSubscriptionFilter" ], "Resource" : [ "arn:aws:logs:*:*:log-group:*" ] }, { "Sid" : "CloudWatchLogsCreateSubscriptionFilter", "Effect" : "Allow", "Action" : [ "logs:PutSubscriptionFilter" ], "Resource" : [ "arn:aws:logs:*:*:log-group:*", "arn:aws:logs:*:*:destination:AmazonCloudWatch-ApplicationInsights-LogIngestionDestination*" ] }, { "Sid" : "EFS", "Effect" : "Allow", "Action" : [ "elasticfilesystem:DescribeFileSystems" ], "Resource" : [ "*" ] }, { "Sid" : "Route53", "Effect" : "Allow", "Action" : [ "route53:GetHostedZone", "route53:GetHealthCheck", "route53:ListHostedZones", "route53:ListHealthChecks", "route53:ListQueryLoggingConfigs" ], "Resource" : [ "*" ] }, { "Sid" : "Route53Resolver", "Effect" : "Allow", "Action" : [ "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:GetFirewallRuleGroup", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListResolverEndpoints", "route53resolver:GetResolverQueryLogConfig", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverQueryLogConfigAssociations", "route53resolver:GetResolverEndpoint", "route53resolver:GetFirewallRuleGroupAssociation" ], "Resource" : [ "*" ] } ] }
자세히 알아보기
