Configure an IAM policy for execution monitoring

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Configuring IAM policy action permissions necessary for execution monitoring and integration user access on AWS to read Cloudwatch logs usage data.

    Antes de Iniciar

    Role required: Admin

    Cloud watch logs:
    • StartQuery
    • GetQueryResults
    Nota:
    To exclude specific resources from AI Control Tower, you can restrict them from the resources region. Select 'all' to include all CloudWatch logs data in AI Control Tower.
    { 

    "Version": "2012-10-17", 

    "Statement": [ 

        { 

            "Sid": "VisualEditor0", 

            "Effect": "Allow", 

            "Action": [ 

                "logs:GetQueryResults", 

                "logs:StartQuery" 

            ], 

            "Resource": "*" 

        } 

    ] 

}

    For more information about creating an user in IAM and providing the required access, see Understanding and Getting Your Security Credentials page on the AWS Documentation site.

    O que Fazer Depois

    Configure CloudTrail and CloudWatch in the AWS Console.