Hi,
What kind of AWS policies/permissions are needed in order to set up communication with our CloudWatch driver through the access key/secret key method?
Thanks!
Ruben,
You can use the default IAM profiles that AWS provides for this purpose, i.e. CloudWatchFullAccess or CloudWatchReadOnlyAccess. Read only access should be sufficient for the purpose of our CloudWatch driver. Following is the documentation for these profiles.
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/CloudWatchReadOnlyAccess.html
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/CloudWatchFullAccess.html
However, if you are looking for a custom policy with minimal permissions to configure for this role, then you can limit it to the following methods only.
- cloudwatch:ListMetrics
- cloudwatch:GetMetricData
You can use the tool provided by AWS for generating the policy, i.e. http://awspolicygen.s3.amazonaws.com/policygen.html .
Hope it helps.
Thanks.