기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
# CloudWatchFullAccessV2
**설명**: CloudWatch에 대한 전체 액세스 권한을 제공합니다.
`CloudWatchFullAccessV2`은(는) [AWS 관리형 정책](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies)입니다.
## 이 정책 사용
사용자, 그룹 및 역할에 `CloudWatchFullAccessV2`를 연결할 수 있습니다.
## 정책 세부 정보
+ **Type**: AWS managed 정책
+ **생성 시간**: 2023년 8월 1일, 11:32 UTC
+ **편집된 시간:** 2026년 2월 12일, 18:00 UTC
+ **ARN**: `arn:aws:iam::aws:policy/CloudWatchFullAccessV2`
## 정책 버전
**정책 버전:** v15(기본값)
정책의 기본 버전은 정책에 대한 권한을 정의하는 버전입니다. 정책이 있는 사용자 또는 역할이 AWS 리소스에 대한 액세스를 요청하면는 정책의 기본 버전을 AWS 확인하여 요청을 허용할지 여부를 결정합니다.
## JSON 정책 문서
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "CloudWatchFullAccessPermissions",
"Effect" : "Allow",
"Action" : [
"application-autoscaling:DescribeScalingPolicies",
"application-signals:*",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribePolicies",
"cloudwatch:*",
"logs:*",
"sns:CreateTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"oam:ListSinks",
"observabilityadmin:GetCentralizationRuleForOrganization",
"observabilityadmin:ListCentralizationRulesForOrganization",
"observabilityadmin:CreateCentralizationRuleForOrganization",
"observabilityadmin:UpdateCentralizationRuleForOrganization",
"observabilityadmin:DeleteCentralizationRuleForOrganization",
"observabilityadmin:StartTelemetryEvaluation",
"observabilityadmin:GetTelemetryEvaluationStatus",
"observabilityadmin:ListResourceTelemetry",
"observabilityadmin:StopTelemetryEvaluation",
"observabilityadmin:StartTelemetryEvaluationForOrganization",
"observabilityadmin:GetTelemetryEvaluationStatusForOrganization",
"observabilityadmin:ListResourceTelemetryForOrganization",
"observabilityadmin:StopTelemetryEvaluationForOrganization",
"observabilityadmin:CreateTelemetryRule",
"observabilityadmin:GetTelemetryRule",
"observabilityadmin:ListTelemetryRules",
"observabilityadmin:UpdateTelemetryRule",
"observabilityadmin:DeleteTelemetryRule",
"observabilityadmin:CreateTelemetryRuleForOrganization",
"observabilityadmin:GetTelemetryRuleForOrganization",
"observabilityadmin:ListTelemetryRulesForOrganization",
"observabilityadmin:UpdateTelemetryRuleForOrganization",
"observabilityadmin:DeleteTelemetryRuleForOrganization",
"observabilityadmin:GetTelemetryEnrichmentStatus",
"observabilityadmin:StartTelemetryEnrichment",
"observabilityadmin:StopTelemetryEnrichment",
"observabilityadmin:TagResource",
"observabilityadmin:UntagResource",
"observabilityadmin:ListTagsForResource",
"observabilityadmin:CreateTelemetryPipeline",
"observabilityadmin:GetTelemetryPipeline",
"observabilityadmin:UpdateTelemetryPipeline",
"observabilityadmin:DeleteTelemetryPipeline",
"observabilityadmin:ListTelemetryPipelines",
"observabilityadmin:TestTelemetryPipeline",
"observabilityadmin:ValidateTelemetryPipelineConfiguration",
"observabilityadmin:CreateS3TableIntegration",
"observabilityadmin:GetS3TableIntegration",
"observabilityadmin:ListS3TableIntegrations",
"observabilityadmin:DeleteS3TableIntegration",
"rum:*",
"synthetics:*",
"xray:*"
],
"Resource" : "*"
},
{
"Sid" : "CloudWatchApplicationSignalsServiceLinkedRolePermissions",
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals",
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "application-signals.cloudwatch.amazonaws.com"
}
}
},
{
"Sid" : "EventsServicePermissions",
"Effect" : "Allow",
"Action" : "iam:CreateServiceLinkedRole",
"Resource" : "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*",
"Condition" : {
"StringLike" : {
"iam:AWSServiceName" : "events.amazonaws.com"
}
}
},
{
"Sid" : "OAMReadPermissions",
"Effect" : "Allow",
"Action" : [
"oam:ListAttachedLinks"
],
"Resource" : "arn:aws:oam:*:*:sink/*"
},
{
"Sid" : "CloudWatchCloudTrailPermissions",
"Effect" : "Allow",
"Action" : [
"cloudtrail:CreateServiceLinkedChannel",
"cloudtrail:GetChannel"
],
"Resource" : "arn:aws:cloudtrail:*:*:channel/aws-service-channel/application-signals/*"
},
{
"Sid" : "CloudWatchApplicationSignalsCloudTrailListPermissions",
"Effect" : "Allow",
"Action" : [
"cloudtrail:ListChannels"
],
"Resource" : "*"
},
{
"Sid" : "CloudWatchServiceQuotaPermissions",
"Effect" : "Allow",
"Action" : [
"servicequotas:GetServiceQuota"
],
"Resource" : [
"arn:aws:servicequotas:*:*:s3/*",
"arn:aws:servicequotas:*:*:dynamodb/*",
"arn:aws:servicequotas:*:*:kinesis/*",
"arn:aws:servicequotas:*:*:sns/*",
"arn:aws:servicequotas:*:*:bedrock/*",
"arn:aws:servicequotas:*:*:lambda/*",
"arn:aws:servicequotas:*:*:fargate/*",
"arn:aws:servicequotas:*:*:elasticloadbalancing/*",
"arn:aws:servicequotas:*:*:ec2/*"
]
},
{
"Sid" : "CloudWatchResourceExplorerPermissions",
"Effect" : "Allow",
"Action" : [
"resource-explorer-2:ListIndexes",
"resource-explorer-2:Search"
],
"Resource" : [
"arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignals/service-view",
"arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignalsOrgScopeProd/service-view"
]
},
{
"Sid" : "CloudWatchResourceExplorerSLRPermissions",
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : "arn:aws:iam::*:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : [
"resource-explorer-2.amazonaws.com"
]
}
}
},
{
"Sid" : "CloudWatchResourceExplorerCreateIndexPermissions",
"Effect" : "Allow",
"Action" : [
"resource-explorer-2:CreateIndex"
],
"Resource" : "arn:aws:resource-explorer-2:*:*:index/*"
},
{
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : "logs.amazonaws.com"
},
"ArnLike" : {
"iam:AssociatedResourceArn" : "arn:aws:observabilityadmin:*:*:s3tableintegration/*"
}
}
},
{
"Effect" : "Allow",
"Action" : "iam:PassRole",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"iam:PassedToService" : [
"logs.amazonaws.com",
"telemetry-pipelines.observabilityadmin.amazonaws.com"
]
},
"ArnLike" : {
"iam:AssociatedResourceArn" : "arn:aws:observabilityadmin:*:*:telemetry-pipeline/*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"s3tables:CreateTableBucket",
"s3tables:PutTableBucketEncryption"
],
"Resource" : "arn:aws:s3tables:*:*:bucket/aws-cloudwatch",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "observabilityadmin.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"s3tables:PutTableBucketPolicy"
],
"Resource" : "arn:aws:s3tables:*:*:bucket/aws-cloudwatch"
}
]
}
```
## 자세히 알아보기
+ [IAM Identity Center에서 AWS 관리형 정책을 사용하여 권한 세트 생성](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html)
+ [IAM 자격 증명 권한 추가 및 제거](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html)
+ [IAM 정책의 버전 관리 이해](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [AWS 관리형 정책 시작하기 및 최소 권한으로 이동](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)