本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
CloudWatchApplicationSignalsFullAccess
描述:提供对 App CloudWatch lication Signals 服务的完全访问权限,以及对使用和操作此服务所需的依赖项的限定访问权限。
CloudWatchApplicationSignalsFullAccess 是一项 AWS 托管式策略。
使用此策略
您可以将 CloudWatchApplicationSignalsFullAccess 附加到您的用户、组和角色。
策略详细信息
-
类型: AWS 托管策略
-
创建时间:2024 年 6 月 6 日 22:50 UTC
-
编辑时间:世界标准时间 2025 年 11 月 20 日 19:34
-
ARN:
arn:aws:iam::aws:policy/CloudWatchApplicationSignalsFullAccess
策略版本
策略版本:v3(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时, AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "CloudWatchApplicationSignalsFullAccessPermissions", "Effect" : "Allow", "Action" : "application-signals:*", "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsAlarmsPermissions", "Effect" : "Allow", "Action" : "cloudwatch:DescribeAlarms", "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsMetricsPermissions", "Effect" : "Allow", "Action" : [ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics" ], "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsLogsPermissions", "Effect" : "Allow", "Action" : [ "logs:StartQuery", "logs:StopQuery", "logs:GetQueryResults", "logs:DescribeLogGroups" ], "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsSyntheticsPermissions", "Effect" : "Allow", "Action" : [ "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:GetCanaryRuns" ], "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsRumPermissions", "Effect" : "Allow", "Action" : [ "rum:BatchCreateRumMetricDefinitions", "rum:BatchDeleteRumMetricDefinitions", "rum:BatchGetRumMetricDefinitions", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:PutRumMetricsDestination", "rum:UpdateRumMetricDefinition" ], "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsXrayTracePermissions", "Effect" : "Allow", "Action" : [ "xray:GetTraceSummaries" ], "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsXrayPermissions", "Effect" : "Allow", "Action" : [ "xray:StartTraceRetrieval", "xray:ListRetrievedTraces", "xray:BatchGetTraces", "xray:GetTraceSegmentDestination" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "application-signals.cloudwatch.amazonaws.com" ] } } }, { "Sid" : "CloudWatchApplicationSignalsPutMetricAlarmPermissions", "Effect" : "Allow", "Action" : "cloudwatch:PutMetricAlarm", "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:SLO-AttainmentGoalAlarm-*", "arn:aws:cloudwatch:*:*:alarm:SLO-WarningAlarm-*", "arn:aws:cloudwatch:*:*:alarm:SLI-HealthAlarm-*" ] }, { "Sid" : "CloudWatchApplicationSignalsCreateServiceLinkedRolePermissions", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "application-signals.cloudwatch.amazonaws.com" } } }, { "Sid" : "CloudWatchApplicationSignalsGetRolePermissions", "Effect" : "Allow", "Action" : "iam:GetRole", "Resource" : "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals" }, { "Sid" : "CloudWatchApplicationSignalsSnsWritePermissions", "Effect" : "Allow", "Action" : [ "sns:CreateTopic", "sns:Subscribe" ], "Resource" : "arn:aws:sns:*:*:cloudwatch-application-signals-*" }, { "Sid" : "CloudWatchApplicationSignalsSnsReadPermissions", "Effect" : "Allow", "Action" : "sns:ListTopics", "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsCloudTrailPermissions", "Effect" : "Allow", "Action" : [ "cloudtrail:CreateServiceLinkedChannel", "cloudtrail:GetChannel" ], "Resource" : "arn:aws:cloudtrail:*:*:channel/aws-service-channel/application-signals/*" }, { "Sid" : "CloudWatchApplicationSignalsCloudTrailListPermissions", "Effect" : "Allow", "Action" : [ "cloudtrail:ListChannels" ], "Resource" : "*" }, { "Sid" : "CloudWatchApplicationSignalsServiceQuotaPermissions", "Effect" : "Allow", "Action" : [ "servicequotas:GetServiceQuota" ], "Resource" : [ "arn:aws:servicequotas:*:*:s3/*", "arn:aws:servicequotas:*:*:dynamodb/*", "arn:aws:servicequotas:*:*:kinesis/*", "arn:aws:servicequotas:*:*:sns/*", "arn:aws:servicequotas:*:*:bedrock/*", "arn:aws:servicequotas:*:*:lambda/*", "arn:aws:servicequotas:*:*:fargate/*", "arn:aws:servicequotas:*:*:elasticloadbalancing/*", "arn:aws:servicequotas:*:*:ec2/*" ] }, { "Sid" : "CloudWatchApplicationSignalsResourceExplorerPermissions", "Effect" : "Allow", "Action" : [ "resource-explorer-2:ListIndexes", "resource-explorer-2:Search" ], "Resource" : [ "arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignals/service-view", "arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignalsOrgScopeProd/service-view" ] }, { "Sid" : "CloudWatchApplicationSignalsResourceExplorerSLRPermissions", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : "arn:aws:iam::*:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "resource-explorer-2.amazonaws.com" ] } } }, { "Sid" : "CloudWatchApplicationSignalsResourceExplorerCreateIndexPermissions", "Effect" : "Allow", "Action" : [ "resource-explorer-2:CreateIndex" ], "Resource" : "arn:aws:resource-explorer-2:*:*:index/*" }, { "Sid" : "CloudWatchApplicationSignalsOAMAttachedLinksPermissions", "Effect" : "Allow", "Action" : [ "oam:ListAttachedLinks" ], "Resource" : "arn:aws:oam:*:*:sink/*" }, { "Sid" : "CloudWatchApplicationSignalsOAMListSinksPermissions", "Effect" : "Allow", "Action" : [ "oam:ListSinks" ], "Resource" : "*" } ] }
了解更多
