Configure an IAM policy for execution monitoring

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Configuring IAM policy action permissions necessary for execution monitoring and integration user access on AWS to read Cloudwatch logs usage data.

    Avant de commencer

    Role required: Admin

    Cloud watch logs:
    • StartQuery
    • GetQueryResults
    Remarque :
    To exclude specific resources from AI Control Tower, you can restrict them from the resources region. Select 'all' to include all CloudWatch logs data in AI Control Tower.
    { 

    "Version": "2012-10-17", 

    "Statement": [ 

        { 

            "Sid": "VisualEditor0", 

            "Effect": "Allow", 

            "Action": [ 

                "logs:GetQueryResults", 

                "logs:StartQuery" 

            ], 

            "Resource": "*" 

        } 

    ] 

}

    For more information about creating an user in IAM and providing the required access, see Understanding and Getting Your Security Credentials page on the AWS Documentation site.

    Que faire ensuite

    Configure CloudTrail and CloudWatch in the AWS Console.