Configure an IAM policy for execution monitoring

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Configuring IAM policy action permissions necessary for execution monitoring and integration user access on AWS to read Cloudwatch logs usage data.

    Vorbereitungen

    Role required: Admin

    Cloud watch logs:
    • StartQuery
    • GetQueryResults
    Hinweis:
    To exclude specific resources from AI Control Tower, you can restrict them from the resources region. Select 'all' to include all CloudWatch logs data in AI Control Tower.
    { 

    "Version": "2012-10-17", 

    "Statement": [ 

        { 

            "Sid": "VisualEditor0", 

            "Effect": "Allow", 

            "Action": [ 

                "logs:GetQueryResults", 

                "logs:StartQuery" 

            ], 

            "Resource": "*" 

        } 

    ] 

}

    For more information about creating an user in IAM and providing the required access, see Understanding and Getting Your Security Credentials page on the AWS Documentation site.

    Nächste Maßnahme

    Configure CloudTrail and CloudWatch in the AWS Console.