From f816ee7e13d7e3583a3ddaa1eadabdf09564eeb6 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Fri, 19 Dec 2025 10:02:22 +0100
Subject: [PATCH] fix(ec2): add clooudwatch permissions required for metrics
 monitoring

---
 knowledge base/cloud computing/aws/ec2.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/knowledge base/cloud computing/aws/ec2.md b/knowledge base/cloud computing/aws/ec2.md
index 1f2289b..f2d38f4 100644
--- a/knowledge base/cloud computing/aws/ec2.md	
+++ b/knowledge base/cloud computing/aws/ec2.md	
@@ -175,6 +175,25 @@ Refer [How can I send memory and disk metrics from my EC2 instances to CloudWatc
 
 > Make sure the instance the permissions it needs to publish extra metrics.<br/>
 > Consider assigning it the AWS-managed `CloudWatchAgentServerPolicy` IAM policy or similar permissions.
+>
+> <details style='padding: 0 0 1rem 1rem'>
+>
+> ```json
+> {
+>     Version: "2012-10-17",
+>     Statement: [{
+>         Effect: "Allow",
+>         Action: [
+>             "ec2:DescribeTags",
+>             "ec2:DescribeVolumes",
+>             "cloudwatch:PutMetricData"
+>         ],
+>         Resource: "*"
+>     }]
+> }
+> ```
+>
+> </details>
 
 CloudWatch agent's logs are saved by default to `/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log`.