IAM Permissions Required for Monitoring the AWS VPC

In order to enable VM Monitoring the user’s AWS login credentials tied to the AWS Access Key and Secret Access Key must have permissions for the attributes listed above. These privileges allow the firewall to initiate API calls for monitoring the virtual machines in the AWS VPC.
The IAM policy associated with the user must either have global read-only access such as AmazonEC2ReadOnlyAccess, or must include individual permissions for all of the monitored attributes. The following IAM policy example lists the permissions for initiating the API actions for monitoring the resources in the AWS VPC:
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "ec2:DescribeAvailabilityZones", 
                "ec2:DescribeImages", 
                "ec2:DescribeInstances", 
                "ec2:DescribeInstanceStatus", 
                "ec2:DescribeKeyPairs", 
                "ec2:DescribePlacementGroups", 
                "ec2:DescribeRegions", 
                "ec2:DescribeSubnets", 
                "ec2:DescribeTags", 
                "ec2:DescribeVpcs" 
            ], 
            "Resource": [ 
                "*" 
            ] 
} 
    ] 
} 
 
Code copied to clipboard
Unable to copy due to lack of browser support.

Related Documentation