Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Updating cloudwatch alarm blocked by permissions

0

I am trying to update thresholds in a cloud watch alarm -- I log in and use CAZ to get admin access. But when I try to edit alarm thresholds or data points and hit "update" I get error:

... is not authorized to perform: cloudwatch:PutMetricAlarm on resource: ... because no session policy allows the PutMetricAlarm action.

Additional details:

  • I can create an S3 bucket on the account but I cannot update or create an alarm.
  • The account doesn't have any cloudwatch specific roles.
  • A few weeks ago when we were still using MPA instead of CAZ we didn't experience these issues -- might be CAZ related.

Thanks!

Themen
Management & UnternehmensführungSicherheit, Identität & Konformität
Tags
Amazon CloudWatchIAM-Richtlinien
Sprache
English
AWS-User-8097789
gefragt vor 9 Monaten358 Aufrufe
2 Antworten
1

Hello.

Is it possible to see which IAM policies are currently attached?
The error is due to insufficient permissions to operate CloudWatch.
The permission "cloudwatch:PutMetricAlarm" must be set to edit CloudWatch Alarm.
The following documents may be helpful regarding CloudWatch permissions.
https://repost.aws/knowledge-center/cloudwatch-restrict-console-access
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 9 Monaten
profile pictureAWS
EXPERTE
Didier_Durand
überprüft vor 9 Monaten
0

Thanks, I've created the role, but now I can't assign the role, how do I get permissions to do that? I'm reviewing access denied troubleshooting.

AWS-User-8097789
beantwortet vor 8 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt