|
|
AWS |
CloudOps |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CloudWatchOperations",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
For the managed policy granting full access to CloudWatch, see CloudWatchFullAccess.
|
|
|
AWS |
FinOps Administrator |
For billing and invoices: {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BillingAndInvoices",
"Action": [
"ce:GetCostAndUsage",
"ce:GetCostForecast",
"billing:GetBillingData",
"billing:GetBillingDetails",
"billing:GetBillingNotifications",
"account:GetAccountInformation",
"ce:DescribeReport",
"ce:GetDimensionValues",
"ce:GetTags",
"ce:ListCostAllocationTags",
"ce:UpdateCostAllocationTagsStatus"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
For read-only policies about billing that includes payments and invoices, see AWSBillingReadOnlyAccess.
|
|
|
AWS |
CloudOps
|
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EventBridgePermissions",
"Effect": "Allow",
"Action": [
"events:ListPartnerEventSources",
"events:ListEventSources",
"events:DescribeEventSource",
"events:CreateEventBus",
"events:DescribeEventBus",
"events:ListEventBuses",
"events:AssociateWithPartnerEventSource",
"events:ListRules",
"events:PutRule",
"events:DeleteRule",
"events:DescribeRule",
"events:EnableRule",
"events:DisableRule",
"events:ListTargetsByRule",
"events:PutTargets",
"events:RemoveTargets",
"events:TestEventPattern",
"events:PutPermission",
"events:TagResource",
"events:UntagResource",
"events:ListTagsForResource",
"events:CreateArchive",
"events:DescribeArchive",
"events:ListArchives",
"events:DeleteArchive",
"events:StartReplay",
"events:StopReplay",
"events:DescribeReplay",
"events:ListReplays"
],
"Resource": "*"
},
{
"Sid": "LogsPermissions",
"Effect": "Allow",
"Action": "logs:*",
"Resource": "*"
}
]
}
- For these permissions, AWS CloudWatch is used as target service in the event bus configuration.
- To learn about managed policy for full access to Amazon EventBridge, see AmazonEventBridgeFullAccess.
|
| View Metric |
OCI |
CloudOps |
allow group <group_name> to inspect metrics in compartment <compartment_name>
allow group <group_name> to read metrics in compartment <compartment_name>
|
| View OCI Logging |
OCI |
CloudOps |
allow group <group_name> to read log-groups in tenancy
allow group <group_name> to read log-content in tenancy
|
| View OCI Logging Analytics |
OCI |
CloudOps |
allow group <user_group> to USE loganalytics-entity-type in tenancy
|
| View OCI Logging Analytics - Logan AI |
OCI |
CloudOps |
allow group <group_name> to use generative-ai-chat in compartment id <Compartment_OCID>
allow group <group_name> to read generative-ai-model in compartment id <Compartment_OCID>
allow group <group_name> to read generative-ai-endpoint in compartment id <Compartment_OCID>
|
| View OCI Alarms |
OCI |
CloudOps |
allow group <group_name> to manage alarms in tenancy
allow group <group_name> to read metrics in tenancy
allow group <group_name> to manage ons-topics in tenancy
allow group <group_name> to use streams in tenancy
|
| View Dashboards |
OCI |
CloudOps |
Allow group <group_name> to manage dashboards-family in tenancy
|