The IAM policy associated with the user must either have global
read-only access such as AmazonEC2ReadOnlyAccess, or must include
individual permissions for all of the monitored attributes. The
following IAM policy example lists the permissions for initiating
the API actions for monitoring the resources in the AWS VPC:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeKeyPairs",
"ec2:DescribePlacementGroups",
"ec2:DescribeRegions",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcs"
],
"Resource": [
"*"
]
}
]
}