{"slug":"iam-aws-cloudwatch","cloud":"aws","service":"cloudwatch","title":"AWS CloudWatch (IAM)","description":"Amazon CloudWatch monitors AWS resources and applications, providing metrics, logs, and alarms.","category":"monitoring","common_permissions":["cloudwatch:PutMetricData","cloudwatch:GetMetricData","cloudwatch:ListMetrics","cloudwatch:DescribeAlarms","cloudwatch:PutMetricAlarm","cloudwatch:DeleteAlarms","cloudwatch:GetDashboard","cloudwatch:PutDashboard"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"cloudwatch:PutMetricData\",\n        \"cloudwatch:GetMetricData\",\n        \"cloudwatch:ListMetrics\",\n        \"cloudwatch:DescribeAlarms\",\n        \"cloudwatch:PutMetricAlarm\",\n        \"cloudwatch:DeleteAlarms\",\n        \"cloudwatch:GetDashboard\",\n        \"cloudwatch:PutDashboard\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid cloudwatch:* — grants full control including deletion of alarms and dashboards.","Avoid cloudwatch:PutMetricData without conditions — can cause high costs from excessive data."],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/cloudwatch/cloudwatch.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:48:32.466Z","updated_at":"2026-06-14T04:48:32.466Z"}