Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Updating cloudwatch alarm blocked by permissions

0

I am trying to update thresholds in a cloud watch alarm -- I log in and use CAZ to get admin access. But when I try to edit alarm thresholds or data points and hit "update" I get error:

... is not authorized to perform: cloudwatch:PutMetricAlarm on resource: ... because no session policy allows the PutMetricAlarm action.

Additional details:

  • I can create an S3 bucket on the account but I cannot update or create an alarm.
  • The account doesn't have any cloudwatch specific roles.
  • A few weeks ago when we were still using MPA instead of CAZ we didn't experience these issues -- might be CAZ related.

Thanks!

Tópicos
Gestão e governançaSegurança, identidade e conformidade
Tags
Amazon CloudWatchPolíticas do IAM
Idioma
English
AWS-User-8097789
feita há 9 meses356 visualizações
2 Respostas
1

Hello.

Is it possible to see which IAM policies are currently attached?
The error is due to insufficient permissions to operate CloudWatch.
The permission "cloudwatch:PutMetricAlarm" must be set to edit CloudWatch Alarm.
The following documents may be helpful regarding CloudWatch permissions.
https://repost.aws/knowledge-center/cloudwatch-restrict-console-access
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html

profile picture
ESPECIALISTA
Riku_Kobayashi
respondido há 9 meses
profile pictureAWS
ESPECIALISTA
Didier_Durand
avaliado há 9 meses
0

Thanks, I've created the role, but now I can't assign the role, how do I get permissions to do that? I'm reviewing access denied troubleshooting.

AWS-User-8097789
respondido há 8 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante