# 客户管理型策略示例
本节的用户策略示例介绍如何授予对各 CloudWatch 操作的权限。当您使用 CloudWatch API、AWS SDK 或 AWS CLI 时,可以使用这些策略。
**Topics**
+ [示例 1:允许用户对 CloudWatch 进行完全访问](#full-access-example-cw)
+ [示例 2:允许对 CloudWatch 进行只读访问](#read-only-access-example-cw)
+ [示例 3:停止或终止 Amazon EC2 实例](#stop-terminate-example-cw)
## 示例 1:允许用户对 CloudWatch 进行完全访问
要授予用户对 CloudWatch 的完全访问权限,您可以使用授予用户 **CloudWatchFullAccess** 托管式策略,而不必创建客户托管式策略。**CloudWatchFullAccess** 策略的内容列在 [CloudWatchFullAccess](managed-policies-cloudwatch.md#managed-policies-cloudwatch-CloudWatchFullAccess) 中。
## 示例 2:允许对 CloudWatch 进行只读访问
以下策略允许用户对 CloudWatch 进行只读访问以及查看 Amazon EC2 Auto Scaling 操作、CloudWatch 指标、CloudWatch Logs 数据以及告警相关 Amazon SNS 数据。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:Describe*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"logs:StartLiveTail",
"logs:StopLiveTail",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
```
------
## 示例 3:停止或终止 Amazon EC2 实例
以下策略允许 CloudWatch 告警操作停止或终止 EC2 实例。在以下示例中,GetMetricData、ListMetrics 和 DescribeAlarms 操作是可选的。建议您选择这些操作以确保正确停止或终止了实例。
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:DescribeAlarms"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
```
------