Reputation: 35
Restricting AWS Cloudwatch Dashboard exclusive to some role
I have a use case to create a separate cloudwatch dashboard(or views) for admins and developers, can I restrict a user to view cloudwatch dashboard based on the user's assumed role ? Is it something that AWS allows to configure a IAM access policy for each dashboard ?
Thanks
Upvotes: 0
Views: 1204
Answers (1)
Reputation: 15237
You can not share/restrict access to a specific dashboard using roles/IAM.
When working with policies using CloudWatch we have the following:
- The AdministratorAccess policy that is able to see all dashboards
- The CloudWatchFullAccess policy that is also able to see all dashboards
- A custom policy that includes one or more of these specific permissions:
cloudwatch:GetDashboardandcloudwatch:ListDashboardsto be able to view all dashboardscloudwatch:PutDashboardto be able to create or modify dashboardscloudwatch:DeleteDashboardsto be able to delete dashboards
With these options we do not have the option to specify the access to a specific dashboard.
If you want to share the dashboard with specific users, we can do this sharing with their emails. To understand how to do this, check here: Share a single dashboard with specific users
Also, take a look on these pages:
Upvotes: 2
Related Questions
- Restrict the predefined CloudWatch metric namespace access
- policy to see cloudwatch metric of EC2 and EBS only from UI
- AWS CloudWatch and EC2 Role + Policy
- Can I restrict CloudWatch Actions based on Resource or Condition?
- AWS Cloudwatch Dashboards: How to add dashboard from one account to another
- CloudWatch Custom Dashboard - Period Setting
- aws cloudwatch metric overwrite/override
- Cloudwatch permissions to running instance with no IAM role
- CloudWatch log role ARN
- Aws IAM user permission to specific region for cloudwatch