Example 1: Allow user full access to CloudWatch Example 2: Allow read-only access to CloudWatch Example 3: Stop or terminate an Amazon EC2 instance

Customer managed policy examples

In this section, you can find example user policies that grant permissions for various CloudWatch actions. These policies work when you are using the CloudWatch API, AWS SDKs, or the AWS CLI.

Examples

Example 1: Allow user full access to CloudWatch
Example 2: Allow read-only access to CloudWatch
Example 3: Stop or terminate an Amazon EC2 instance

Example 1: Allow user full access to CloudWatch

To grant a user full access to CloudWatch, you can use grant them the CloudWatchFullAccess managed policy instead of creating a customer-managed policy. The contents of the CloudWatchFullAccess are listed in CloudWatchFullAccess.

Example 2: Allow read-only access to CloudWatch

The following policy allows a user read-only access to CloudWatch and view Amazon EC2 Auto Scaling actions, CloudWatch metrics, CloudWatch Logs data, and alarm-related Amazon SNS data.

Example 3: Stop or terminate an Amazon EC2 instance

The following policy allows an CloudWatch alarm action to stop or terminate an EC2 instance. In the sample below, the GetMetricData, ListMetrics, and DescribeAlarms actions are optional. It is recommended that you include these actions to ensure that you have correctly stopped or terminated the instance.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS managed (predefined) policies for CloudWatch

Using condition keys to limit access to CloudWatch