AWS X-Ray (IAM)

aws monitoring

AWS X-Ray helps developers analyze and debug distributed applications, such as those built using a microservices architecture, by providing end-to-end tracing and service maps.

Common permissions

xray:GetTraceSummariesxray:GetServiceGraphxray:GetTraceGraphxray:GetGroupxray:GetGroupsxray:PutTraceSegmentsxray:GetSamplingRulesxray:GetSamplingTargets

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "xray:GetTraceSummaries",
        "xray:GetServiceGraph",
        "xray:GetTraceGraph",
        "xray:GetGroup",
        "xray:GetGroups",
        "xray:PutTraceSegments",
        "xray:GetSamplingRules",
        "xray:GetSamplingTargets"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid xray:* — grants full control including delete/modify of groups, sampling rules, and encryption config
Avoid xray:PutEncryptionConfig — can change encryption settings, potentially breaking compliance

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/xray/xray.json ↗

API

full doc /v1/iam/xray