The following sections describe the minimum permissions that must be set before you can run discovery with the Amazon Web Services PowerPack:
Minimum Permissions Needed to Monitor Your AWS Accounts
The following table displays the minimum permissions required for Dynamic Applications in the Amazon Web Services PowerPack to collect data.
| Service | Actions | |
|---|---|---|
| Application Certificate Manager - Private Certificate Authority | List | ListCertificateAuthorities |
| Airflow | List | ListEnvironments |
| Amplify | List | ListApps |
| API Gateway | Read | GET |
| AppFlow | List | ListFlows |
| AppRunner | List | ListServices |
| AppStream | Read | DescribeFleets |
| AppSync | List | ListGraphqlApis |
| Athena | List |
ListDatabases ListDataCatalogs ListWorkGroups |
| Backup | List | ListBackupPlans |
| Cassandra | Read | Select |
| Chime | List |
ListAccounts ListVoiceConnectors |
| CloudFront | List |
ListDistributions ListInvalidations ListStreamingDistributions |
| Read |
GetDistribution GetStreamingDistribution |
|
| CloudHSM | Read | DescribeClusters |
| CloudSearch | List | DescribeDomains |
| CloudTrail | List | DescribeTrails |
| Read | GetTrailStatus | |
| CloudWatch | List |
ListMetrics ListMetricStreams |
| Read |
DescribeAlarmHistory DescribeAlarms GetMetricData GetMetricStatistics |
|
| CloudWatch Logs | List | DescribeLogGroups |
| CloudWatch RUM | List | ListAppMonitors |
| CloudWatch Synthetics | Read | DescribeCanaries |
| CodeBuild | List | ListProjects |
| CodeGuru Profiler | List |
ListProfilingGroups |
| CodeGuru Reviewer | List |
ListRepositoryAssociations |
| Cognito Identity | List | ListIdentityPools |
| Config | Read | GetDiscoveredResourceCounts |
| Connect | Read | ListInstances |
| Data Exchange | List | ListDataSets |
| Data Lifecycle Manager | List | GetLifecyclePolicies |
| Data Pipeline | List | ListPipelines |
| Database Migration Service | Read | DescribeReplicationInstances |
| DataSync | List | ListAgents |
| DAX | List | DescribeClusters |
| Direct Connect | Read |
DescribeConnections DescribeTags DescribeVirtualInterfaces |
| DMS | Read | DescribeReplicationInstances |
|
DynamoDB
|
List |
ListTables |
| Read |
DescribeTable |
|
|
EC2
|
List |
DescribeAvailabilityZones DescribeClientVpnEndpoints DescribeFleets DescribeElasticGpus DescribeInstances DescribeNatGateways DescribeRegions DescribeRouteTables DescribeSecurityGroups DescribeSnapshots DescribeSpotFleetRequests DescribeSubnets DescribeTransitGatewayAttachments DescribeVolumes DescribeVpcEndpointConnections DescribeVpcPeeringConnections DescribeVpcs DescribeVpnGateways |
| Read |
DescribeVpnConnections |
|
| EC2 Auto Scaling | List |
DescribeAutoScalingGroups DescribeAutoScalingInstances DescribeLaunchConfigurations |
|
EFS |
List |
DescribeFileSystems |
|
Elastic Beanstalk
|
List |
DescribeEnvironments |
| Read |
DescribeConfigurationSettings DescribeEnvironmentResources DescribeEnvironmentHealth DescribeInstancesHealth |
|
|
Elastic Container Services (ECS)
|
List |
ListClusters ListContainerInstances ListServices ListTagsForResource ListTasks |
| Read |
DescribeClusters DescribeContainerInstances DescribeServices DescribeTaskDefinition DescribeTasks |
|
|
ElasticCache |
List |
DescribeCacheClusters ListTagsForResource |
| Elastic Inference | List | DescribeAccelerators |
| Elastic Kubernetes Service (EKS) | List | ListClusters |
| Read | DescribeCluster | |
| Elastic Transcoder | List | ListPipelines |
|
ELB
|
List |
DescribeLoadBalancers |
| Read |
DescribeTags |
|
| ELB v2 | Read |
DescribeListeners DescribeLoadBalancers DescribeTags DescribeTargetGroups DescribeTargetHealth |
| EMR | List | ListClusters |
| Read | ListInstances | |
| ES | List | ListDomainNames |
| EventBridge | List | ListRules |
| FinSpace | List | ListEnvironments |
| Firehose | List | ListDeliveryStreams |
| Forecast | List | ListDatasetGroups |
| Fraud Detector | List | GetDetectors |
| FSx | Read | DescribeFileSystems |
| Gamelift | List | ListFleets |
|
Glacier
|
List |
ListTagsForVault ListVaults |
| Read |
GetVaultNotifications |
|
| Glue | List | ListJobs |
| Glue Databrew | List | ListProjects |
| Ground Station | List | ListSatellites |
| GuardDuty | List | ListDetectors |
| HealthLake | List | ListFHIRDatastores |
|
IAM |
Read |
GetUser |
| Inspector2 | List | ListCoverage |
| Interactive Video Service | List | ListChannels |
|
IoT |
List |
ListScheduledAudits ListSecurityProfiles ListThings ListTagsForResource |
|
Read |
DescribeThing | |
| IoT Analytics | List | ListDatastores |
| IoT Events | List | ListDetectorModels |
| IoT GreenGrass V2 | List | ListCoreDevices |
| IoT Sitewise | List | ListAssetModels |
| IoT Twinmaker | List | ListWorkspaces |
| Kafka | List | ListClusters |
| Kendra | List | ListIndices |
|
Key Management Service (KMS)
|
List |
ListKeys ListAliases |
| Read |
DescribeKey ListResourceTags |
|
| Kinesis | List | ListStreams |
| Kinesis Firehose | List | ListDeliveryStreams |
| Kinesis Video | List | ListStreams |
| Lambda | List |
ListFunctions ListAliases ListEventSourceMappings |
| Read |
GetAccountSettings GetPolicy ListTags |
|
| Lex V2 | ListBots | |
|
Lightsail
|
List |
GetBundles GetRegions |
| Read |
GetInstanceMetricData GetInstances |
|
| Location | List | ListMaps |
| Lookout for Equipment | List | ListDatasets |
| Lookout for Metrics | List | ListAnomalyDetectors |
| Lookout for Vision | List | ListProjects |
| MediaConnect | List | ListFlows |
| MediaConvert | List |
DescribeEndpoints ListQueues |
| MediaLive | List | ListChannels |
| MediaPackage - VOD | List |
ListPackagingConfigurations ListPackagingGroups |
| MediaPackage | Read | ListChannels |
| MediaTailor | List | ListPlaybackConfigurations |
| MQ | List | ListBrokers |
| Network Firewall | List | ListFirewalls |
| Network Manager | List | DescribeGlobalNetworks |
| Nimble Studio | Read | ListStudios |
|
OpsWorks |
List |
DescribeInstances DescribeStacks |
| Personalize | List | ListDatasets |
| Polly | List | ListLexicons |
| QLDB | List | ListLedgers |
| QuickSight | List | ListDashboards |
|
RDS
|
List |
DescribeDBClusters DescribeDBSubnetGroups |
| Read |
ListTagsForResource |
|
|
Redshift
|
List |
DescribeClusters |
| Read |
DescribeLoggingStatus |
|
| RoboMaker | List | ListSimulationJobs |
|
Route 53 |
List |
GetHostedZone ListHealthChecks ListHostedZones ListResourceRecordSets |
|
S3
|
List |
ListAllMyBuckets ListBucket |
| Read |
GetBucketLocation GetBucketLogging GetBucketTagging GetBucketWebsite GetObject (Restrict access to specific resources of Elastic Beanstalk. For instance, Bucket name: elasticbeanstalk-*, Any Object name.) |
|
| SageMaker | List | ListDomains |
| Secrets Manager | List | ListSecrets |
| Service Catalog | List | SearchProductsAsAdmin |
|
Shield
|
List |
ListAttacks ListProtections |
| Read |
DescribeEmergencyContactSettings GetSubscriptionState |
|
|
Simple Email Service (SES)
|
List | ListIdentities |
| Simple Notification Service (SNS) | List |
ListTopics ListSubscriptions |
|
SQS
|
List |
ListQueues |
| Read |
GetQueueAttributes |
|
| SSM | Read | GetParameters |
|
Storage Gateway |
List |
ListGateways ListVolumes |
| States | List | ListStateMachines |
|
STS |
Read | GetCallerIdentity |
| SWF | List | ListDomains |
| Tag Editor | Read |
GetResources GetTagKeys GetTagValues |
| TimeStream | List | ListDatabases |
| Transfer | List | ListServers |
|
WAF |
List |
ListWebACLs |
| Read |
GetRateBasedRule GetRule GetRuleGroup GetWebACL |
|
|
WAF Regional
|
List |
ListResourcesForWebACL ListWebACLs |
| Read |
GetRateBasedRule GetRule GetRuleGroup GetWebACL |
|
| WorkMail | List | ListOrganizations |
|
WorkSpaces |
List |
DescribeWorkspaces DescribeWorkspaceDirectories |
To create the Minimum Permission policy:
If you are monitoring a GovCloud account, see the section on creating the minimum permission policy for those accounts here.
- Go to the AWS console and select IAM > Policies > Create Policy. Select JSON and cut and paste the following JSON document:
If you receive an error message that the policy exceeds the character limit, split the following JSON into two policies.
{
"Statement": [
{
"Action": [
"acm-pca:ListCertificateAuthorities",
"airflow:ListEnvironments",
"amplify:ListApps",
"apigateway:GET",
"appflow:ListFlows",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlAPIs",
"athena:ListDatabases",
"athena:ListDataCatalogs",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"backup:ListBackupPlans",
"cassandra:Select",
"chime:ListAccounts",
"chime:ListVoiceConnectors",
"cloudfront:GetDistribution",
"cloudfront:GetStreamingDistribution",
"cloudfront:ListDistributions",
"cloudfront:ListInvalidations",
"cloudfront:ListStreamingDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:ListMetricStreams",
"codebuild:ListProjects",
"codeguru-profiler:ListProfilingGroups",
"codeguru-reviewer:ListRepositoryAssociations",
"cognito-identity:ListIdentityPools",
"config:GetDiscoveredResourceCounts",
"connect:ListInstances",
"databrew:ListProjects",
"dataexchange:ListDataSets",
"datasync:ListAgents",
"datapipeline:ListPipelines",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"directconnect:DescribeTags",
"directconnect:DescribeVirtualInterfaces",
"dlm:GetLifecyclePolicies",
"dms:DescribeReplicationInstances",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeClientVpnEndpoints",
"ec2:DescribeElasticGpus",
"ec2:DescribeFleets",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTasks",
"eks:DescribeCluster",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticache:ListTagsForResource",
"elasticbeanstalk:DescribeConfigurationSettings",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:DescribeEnvironmentHealth",
"elasticbeanstalk:DescribeInstancesHealth",
"elasticfilesystem:DescribeFileSystems",
"elastic-inference:DescribeAccelerators",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstances",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListRules",
"finspace:ListEnvironments",
"firehose:ListDeliveryStreams",
"forecast:ListDatasetGroups",
"frauddetector:GetDetectors",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"geo:ListMaps",
"glacier:GetVaultNotifications",
"glacier:ListTagsForVault",
"glacier:ListVaults",
"glue:ListJobs",
"greengrass:ListCoreDevices",
"groundstation:ListSatellites",
"guardduty:ListDetectors",
"healthlake:ListFHIRDatastores",
"iam:GetAccountAuthorizationDetails",
"iam:GetUser",
"inspector2:ListCoverage",
"iot:DescribeThing",
"iot:ListScheduledAudits",
"iot:ListSecurityProfiles",
"iot:ListTagsForResource",
"iot:ListThings",
"iotanalytics:ListDatastores",
"iotevents:ListDetectorModels",
"iotsitewise:ListAssetModels",
"iottwinmaker:ListWorkspaces",
"ivs:ListChannels",
"kafka:ListClusters",
"kendra:ListIndices",
"kinesis:ListStreams",
"kinesisvideo:ListStreams",
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys",
"kms:ListResourceTags",
"lambda:GetAccountSettings",
"lambda:GetPolicy",
"lambda:ListAliases",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:ListBots",
"lightsail:GetBundles",
"lightsail:GetInstanceMetricData",
"lightsail:GetInstances",
"lightsail:GetRegions",
"logs:DescribeLogGroups",
"lookoutequipment:ListDatasets",
"lookoutmetrics:ListAnomalyDetectors",
"lookoutvision:ListProjects",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediaconvert:ListQueues",
"medialive:ListChannels",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage-vod:ListPackagingGroups",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"mq:ListBrokers",
"network-firewall:ListFirewalls",
"networkmanager:DescribeGlobalNetworks",
"nimble:ListStudios",
"opsworks:DescribeInstances",
"opsworks:DescribeStacks",
"personalize:ListDatasets",
"polly:ListLexicons",
"qldb:ListLedgers",
"quicksight:ListDashboards",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeDBSubnetGroups",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"robomaker:ListSimulationJobs",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"rum:ListAppMonitors",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketTagging",
"s3:GetBucketWebsite",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:ListDomains",
"states:ListStateMachines",
"secretsmanager:ListSecrets",
"ses:ListIdentities",
"servicecatalog:SearchProductsAsAdmin",
"shield:DescribeEmergencyContactSettings",
"shield:GetSubscriptionState",
"shield:ListAttacks",
"shield:ListProtections",
"sns:ListSubscriptions",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:GetInventory",
"ssm:GetParameters",
"storagegateway:ListGateways",
"storagegateway:ListVolumes",
"sts:GetCallerIdentity",
"swf:ListDomains",
"synthetics:DescribeCanaries",
"tag:GetResources",
"tag:GetTagKeys",
"tag:GetTagValues",
"timestream:ListDatabases",
"transfer:ListServers",
"waf-regional:GetRateBasedRule",
"waf-regional:GetRule",
"waf-regional:GetRuleGroup",
"waf-regional:GetWebACL",
"waf-regional:ListResourcesForWebACL",
"waf-regional:ListWebACLs",
"waf:GetRateBasedRule",
"waf:GetRule",
"waf:GetRuleGroup",
"waf:GetWebACL",
"waf:ListWebACLs",
"workmail:ListOrganizations",
"workspaces-web:ListPortals",
"workspaces:DescribeWorkspaces",
"workspaces:DescribeWorkspaceDirectories"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor0"
}
],
"Version": "2012-10-17"
}
- Click . If applicable, enter your Tags.
- Click . Name the policy "SL1MinimumPermissions" and click .
This policy needs to be available in each account that is to be monitored and will be referenced in the following sections.
Creating a Minimum Permissions Policy for GovCloud Accounts
If you are on an AWS GovCloud account, perform the following steps to create the Minimum Permission policy:
- Go to the AWS console and select IAM > Policies > Create Policy. Select JSON and cut and paste the following JSON document:
If you receive an error message that the policy exceeds the character limit, split the following JSON into two policies.
{
"Statement": [
{
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"appstream:DescribeFleets",
"athena:ListDatabases",
"athena:ListDataCatalogs",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"backup:ListBackupPlans",
"cloudhsm:DescribeClusters",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:ListMetricStreams",
"codebuild:ListProjects",
"cognito-identity:ListIdentityPools",
"config:GetDiscoveredResourceCounts",
"connect:ListInstances",
"databrew:ListProjects",
"datasync:ListAgents",
"directconnect:DescribeConnections",
"directconnect:DescribeTags",
"directconnect:DescribeVirtualInterfaces",
"dlm:GetLifecyclePolicies",
"dms:DescribeReplicationInstances",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeElasticGpus",
"ec2:DescribeFleets",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTasks",
"eks:DescribeCluster",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticache:ListTagsForResource",
"elasticbeanstalk:DescribeConfigurationSettings",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:DescribeEnvironmentHealth",
"elasticbeanstalk:DescribeInstancesHealth",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstances",
"es:ListDomainNames",
"events:ListRules",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"glacier:GetVaultNotifications",
"glacier:ListTagsForVault",
"glacier:ListVaults",
"glue:ListJobs",
"greengrass:ListCoreDevices",
"guardduty:ListDetectors",
"iam:GetAccountAuthorizationDetails",
"iam:GetUser",
"inspector2:ListCoverage",
"iot:DescribeThing",
"iot:ListScheduledAudits",
"iot:ListSecurityProfiles",
"iot:ListTagsForResource",
"iot:ListThings",
"iotevents:ListDetectorModels",
"iotsitewise:ListAssetModels",
"iottwinmaker:ListWorkspaces",
"kafka:ListClusters",
"kendra:ListIndices",
"kinesis:ListStreams",
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys",
"kms:ListResourceTags",
"lambda:GetAccountSettings",
"lambda:GetPolicy",
"lambda:ListAliases",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"lambda:ListTags",
"logs:DescribeLogGroups",
"mediaconvert:DescribeEndpoints",
"mediaconvert:ListQueues",
"mq:ListBrokers",
"network-firewall:ListFirewalls",
"networkmanager:DescribeGlobalNetworks",
"polly:ListLexicons",
"quicksight:ListDashboards",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeDBSubnetGroups",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketTagging",
"s3:GetBucketWebsite",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:ListDomains",
"states:ListStateMachines",
"secretsmanager:ListSecrets",
"ses:ListIdentities",
"servicecatalog:SearchProductsAsAdmin",
"sns:ListSubscriptions",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:GetInventory",
"ssm:GetParameters",
"storagegateway:ListGateways",
"storagegateway:ListVolumes",
"sts:GetCallerIdentity",
"swf:ListDomains",
"synthetics:DescribeCanaries",
"tag:GetResources",
"tag:GetTagKeys",
"tag:GetTagValues",
"transfer:ListServers",
"workspaces:DescribeWorkspaces",
"workspaces:DescribeWorkspaceDirectories"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor0"
}
],
"Version": "2012-10-17"
}
- Click . If applicable, enter your Tags.
- Click . Name the policy "SL1MinimumPermissions" and click .
This policy needs to be available in each account that is to be monitored and will be referenced in the following sections.