fix(ec2): add clooudwatch permissions required for metrics monitoring

2026-02-09 05:44:23 +00:00 · 2025-12-19 10:02:22 +01:00
parent e4b35e88c3
commit f816ee7e13
1 changed files with 19 additions and 0 deletions
--- a/computing/aws/ec2.md
+++ b/computing/aws/ec2.md
@@ -175,6 +175,25 @@ Refer [How can I send memory and disk metrics from my EC2 instances to CloudWatc

 > Make sure the instance the permissions it needs to publish extra metrics.<br/>
 > Consider assigning it the AWS-managed `CloudWatchAgentServerPolicy` IAM policy or similar permissions.
+>
+> <details style='padding: 0 0 1rem 1rem'>
+>
+> ```json
+> {
+>     Version: "2012-10-17",
+>     Statement: [{
+>         Effect: "Allow",
+>         Action: [
+>             "ec2:DescribeTags",
+>             "ec2:DescribeVolumes",
+>             "cloudwatch:PutMetricData"
+>         ],
+>         Resource: "*"
+>     }]
+> }
+> ```
+>
+> </details>

 CloudWatch agent's logs are saved by default to `/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log`.