Showing posts with label instance. Show all posts
Showing posts with label instance. Show all posts

April 17, 2022

Top 20 AWS EC2 Interview Questions and Answers

  

Ques. 1): What exactly is EC2?

Answer:

Amazon EC2 (Elastic Compute Cloud) is a web service interface for resizable compute capacity in the Amazon Web Services (AWS) cloud. Developers can have comprehensive control over web-scaling and computing resources with this tool.

As needed, EC2 instances can be resized and the number of instances scaled up or down. These instances can be released in one or more geographical locations or regions, and Availability Zones can be used to control where they are launched (AZs). Each area is made up of a number of AZs in different places that are connected via low-latency networks within the same region.

AWS RedShift Interview Questions and Answers

Ques. 2):  Can you mention some advantages and disadvantages of utilising Amazon EC2?

Answer:

The following are some of the benefits and drawbacks of utilising Amazon EC2.

Pros:

        It is incredibly appealing because it has the flexibility to scale up resources for cloud deployment based on demand.

        Because cloud hosting provides exceptional backup capabilities, reverting to a previous version is a simple; additionally, the cloud infrastructure eliminates the need for us to maintain local hardware resources.

Cons:

        The entire configuration and spin-up process necessitates a high level of technical expertise.

        There is a slight deficiency in training documents and support. We attempted to employ Lambda expressions in programme flow execution but discovered few materials on the issue.

Mostly Asked AWS Cloud Practitioner Interview Questions and Answers

Ques. 3): What Are The Amazon Ec2 Service's Basic Structures?

Answer:

        Because Amazon EC2 is a cloud service, it has access to all of the cloud's functionalities. The following features are available using Amazon EC2:

        Virtual computing environment (popular as instances)

        Patterns pre-configured for your illustrations (also known as Amazon Machine Images – AMIs)

        AMIs (Amazon Machine Images) are a comprehensive set of images that you'll need for your server (counting the operating system and extra software)

        Amazon EC2 provides a variety of storage, CPU, memory, and networking configurations for your events (popular as instance type)

        Login data for your cases is password-protected using a key pair (AWS supplies the public vital and you can supply the inaccessible key in a safe place).

        Provisional data storage capacities are removed when you cease or dismiss your occurrence (popular as occurrence store volumes)

        Amazon EC2 (through Amazon Elastic Block Store – EBS) provides robust storage volumes.

        A firewall that allows you to specify the procedures, docks, and source IP ranges that can be used to distribute your occurrences via security groups.

        Static IP addresses for cloud computing activity (popular as Elastic IP address)

        Amazon EC2 is a service that provides metadata (popular as tags)

        Amazon EC2 provides virtual systems that are relatively isolated from the rest of the AWS cloud and that you may optionally attach to your own system (known as VPCs).

 AWS Lambda Interview Questions and Answers

Ques. 4): What are the different types of AWS Reserved Instances?

Answer:

In Reserved Instances, you can change the operating system types and the tenancy agreements. RI provides an optional capacity reservation for EC2 instances. AWS Billing applies discounted RI prices when the attributes of an EC2 instance's consumption match those of an active RI. EC2 reserves capacity that fits the attributes of RI if an Availability Zone (AZ) is defined.

Reserved Instances are divided into three groups.

1.       Standard RIs: These RIs are ready to use on a regular basis. On-Demand instances are available at a discount of up to 75%.

2.       Convertible RIs: These RIs allow you to change a RI's qualities in return for a RI of equal or greater value. Convertible RIs can be used in steady-state applications as well. On-Demand instances are available at a discount of up to 54%.

3.       Scheduled RIs: These RIs enable you to match your capacity reservation to a recurring, predictable schedule that can be completed in a fraction of a day, week, or month. Scheduled RIs can be started at any point throughout the user's designated time range.

 AWS Simple Storage Service (S3) Interview Questions and Answers

Ques. 5): What distinguishes Amazon EC2 from other cloud computing services?

Answer: 

        Amazon EC2 bare metal instances- Amazon EC2 bare metal instances give your applications direct access to the underlying server's processor and memory.

        The Nitro system, which consists of a combination of AWS-built hardware offload and hardware protection components that work together to safely offer high-performance networking and storage resources to EC2 instances, is used to build bare metal instances.

        Stop and Start Your Instances- While your instance is hibernated, you will not be charged for its consumption. The normal EBS rates apply to storage. For additional information on hibernation, including supported instance types and operating systems, see the following links.

        High I/O Instances- High I/O I3 and I3en instances are powered by NVMe-based SSDs and are perfect for users operating high-performance NoSQL databases, transactional systems, and Elastic Search workloads. In addition to sequential disc performance of up to 16 GB/s, high I/O instances are appropriate for analytics workloads.

        Flexible Storage Options- Amazon EBS provides Amazon EC2 instances with persistent, highly available, consistent, low-latency block storage volumes. To protect you against component failure, each Amazon EBS volume is automatically replicated inside its Availability Zone, ensuring high availability and durability. It's for application managers who need to optimise workload capacity, performance, and cost.

        Elastic IP Addresses- Elastic IP addresses are static IP addresses built for cloud computing in a dynamic environment. An Elastic IP address is linked to your account rather than a specific instance, and you have ownership over it until you want to release it.

        Enhanced Networking- Compared to typical implementations, this feature leverages a novel network virtualization stack that enables faster I/O performance and lower CPU consumption. To use Enhanced Networking, you must first create an HVM AMI in VPC and then install the required driver.

 AWS Cloudwatch interview Questions and Answers

Ques. 6): In the event that "yes," can S3 be cast-off with Ec2 instances? Please explain how you're going to do that.

Answer:

For instances with root approaches backed by native occurrence storage, it is possible to remove it. Developers can utilise Amazon S3 to use the same highly scalable, dependable, quick, and low-cost data storage foundation that Amazon uses to track its own global network of websites. Developers use the tools provided to load their Amazon Machine Images (AMIs) into Amazon S3 and move them between Amazon S3 and Amazon EC2 in order to run systems in the Amazon EC2 environment. Another use case may be for websites hosted on EC2 to use S3 to load their static content.

 AWS Cloud Support Engineer Interview Question and Answers

Ques. 7): What is the difference between stopping, starting, and terminating an Amazon Ec2 instance?

Answer:

Stopping and starting an instance is as follows: When an instance is stopped, it goes through a normal shutdown before entering the halted state. All of the instance's Amazon EBS volumes remain attached, and you can restart it at any time. While the instance is paused, you are not charged for extra instance hours.

Putting an end to an instance: When an instance is terminated, it shuts down normally, and the attached Amazon EBS volumes are erased unless the deleteOnTermination attribute on the volume is set to false. The instance is also erased, and you will not be able to restart it at a later time.

 AWS Solution Architect Interview Questions and Answers

Ques. 8): What exactly is an ec2 snapshot?

Answer:

A snapshot of an Amazon Elastic Block Store (EBS) volume is a point-in-time version of the Amazon EBS volume that is incrementally replicated to Amazon Simple Storage Service (Amazon S3). Individual blocks of EBS volume data that have evolved since the last EBS snapshot are stored in the next EBS snapshot, and this is how Amazon AWS EBS snapshot incremental pictures of data are created.

 AWS DevOps Cloud Interview Questions and Answers

Ques. 9): What's the difference between pausing and terminating an Amazon EC2 instance?

Answer:

        Terminate Instance- When you terminate an EC2 instance, the instance is shut down, the virtual machine that was provisioned for you is permanently removed, and you are no longer paid for instance usage. Any data on the instance that was saved locally will be lost. Any EBS volumes that are attached will be removed and destroyed. If you attach an EBS Snapshot to an instance at boot time, the Dashboard's default choice is to remove the attached EBS volume when the instance is terminated.

        Stop Instance- When you stop an EC2 instance, the instance is terminated, and the virtual machine that was provided for you is permanently removed, and you are no longer paid for instance usage. The associated bootable EBS drive will not be destroyed when an instance is stopped or terminated. After terminating, the data on your EBS volume will be preserved, but any data on the local (ephemeral) hard disc will be lost as usual. The volume will remain in its current availability zone. Standard EBS volume charges will apply.

 AWS(Amazon Web Services) Interview Questions and Answers

Ques. 10): Describe the steps involved in creating an EC2 instance.

Answer:

Creating an EC2 instance is incredibly straightforward, and virtually anyone can do it. In the AWS Management Console, first choose the EC2 service and then travel to the relevant AWS region where the instance will be created. Then, from the left-hand options pane, pick Instances, and then click the Launch Instances button to start the instance creation wizard. Select an appropriate AMI, then select the instance size that best fits your needs in the next step, and then click Configure Instance Details. Here you will find configuration choices such as the number of instances, network settings, placement group, domain join, and so on that you can customise to meet your needs. After that, click Add Storage to see the options for configuring storage according to your instance's needs. The instance's tags are configured in the next step. Finally, the Security Group gives you the ability to open ports for your apps. Review your settings before pressing the Launch button, where you'll be prompted to choose the Key you want to associate with your instance. Finally, confirm that you have the private key and click Launch Instance. You may need to wait a while depending on your AMI and other configuration parameters, but the instance should be created soon.

 AWS Database Interview Questions and Answers

Ques. 11): What is an Amazon Machine Image (ami) and how does it work?

Answer:

The information needed to launch an instance is included in an Amazon Machine Image (AMI). When launching an instance, you must specify an AMI. When you require numerous instances with the same configuration, you can launch them all from a single AMI. When you need instances with varied configurations, you can utilise different AMIs to start them.

 ActiveMQ Interview Questions and Answers

Ques. 12): How Do I Move An Instance From One Availability Zone To Another?

Answer:

Your EC2 instance can be moved from one Availability Zone to another.

The steps to migrate an instance to a different Availability Zone are as follows:

        Create an AMI from the running instance

        Launch an instance from the newly created AMI, specifying the new Availability Zone

        Use the same instance type as the original instance, or choose a different instance type

        If the original instance has an associated Elastic IP address, associate it with the new instance

        If the original instance is a Reserved Instance, change the Availability Zone for your reservation.

 

Ques. 13): Describe Amazon Ec2 Occurrence Storage

Answer:

For your instances, Amazon EC2 offers flexible, cost-effective, and simple data storage solutions. Each option offers a distinct mix of performance and longevity. These storage alternatives can be utilised separately or in combination, depending on your needs.

The following are some of the storage options:

        Amazon EBS- Amazon EBS allows you to attach durable, block-level storage volumes to a running instance. For data that requires frequent and granular updates, Amazon EBS can be used as a primary storage device. When running a database on an instance, for example, Amazon EBS is the preferred storage option.

        Amazon EC2 instance store- The term "instance store" refers to the disc storage used by Amazon EC2. For instances, the instance store provides temporary block-level storage. The data on an instance store volume is only retained for the duration of the associated instance; any data on instance store volumes is lost if the instance is stopped, hibernated, or terminated.

        Amazon EFS file system - Amazon EFS is a scalable file storage system that works with Amazon EC2. You can mount an EFS file system by creating an EFS file system and configuring your instances to use it.

        Amazon S3 provides access to a dependable and low-cost data storage infrastructure. It's intended to simplify web-scale computing by allowing you to store and retrieve any quantity of data, at any time, from within Amazon EC2 or from anywhere on the internet.

        Adding storage- The root storage device holds all of the data required to start the instance. When you construct an AMI or run an instance using block device mapping, you can specify storage volumes in addition to the root device volume.

 

Ques. 14): What is the difference between a public IP address and an EIP address?

Answer:

It's a standard public IP address that's connected with an EC2 instance. The instances can host resources on the internet using this address. When an instance is stopped, the Public Address associated with it is released, and when the instance is restarted, a new Public Address is issued, which updates the host record on DNS Server.

EIP stands for Elastic IP Address, which is a static Public Address associated with an EC2 instance. Even if a server is stopped and restarted, the EIP will not change. In a similar way to Public Address, this address allows an instance to host resources on the public internet.

 

Ques. 15): What Is The Best Way To Keep Root Device Volume In An Amazon Ec2 Instance?

Answer:

When an AMI supported by Amazon EBS terminates, the root device volume is erased by default. Set the DeleteOnTermination attribute to false using a block device mapping to override the default behaviour.

Using the console, modify the root device volume of an instance to persist at launch.

·         Go to the Amazon EC2 console and log in.

·         Select Launch Instance from the Amazon EC2 console panel.

·         On the Select an Amazon Machine Image (AMI) page, select the AMI you want to use.

·         Complete the Choose an Instance Type and Configure Instance Details pages using the wizard.

·         For the root volume, deselect the Delete On Termination check box on the Add Storage page.

·         Finish the remaining wizard pages before clicking Launch.

·         Allowing an Instance's Root Volume to Persist Using the AWS Command Line Interface (CLI)

·         Include a block device mapping with the DeleteOnTermination attribute set to false in the run-instances command to maintain the root volume.

 

Ques. 16): What is a Spot Instance, and how does it work?

Answer:

Organizations can use Amazon's EC2 Spot Instances to take advantage of unused compute in AWS EC2 at a very low and appealing cost. When compared to on-demand instances, organisations can save up to 90% by using spot instances. Spot instances can be used for web servers, containerized workloads, continuous integration/delivery (CI/CD), high-performance computing (HPC), testing, and development. The flexibility to combine reserved instances, on-demand instances, and saving plan instances is the best feature of a spot instance. Before reclaiming the capacity, AWS sends a two-minute notice, and users who own it can stop, terminate, or hibernate it in the meantime.

 

Ques. 17): Explain how AWS Elastic Load Balancer works.

Answer:

Amazon gives us with Elastic Load Balancer with EC2, which can automatically distribute traffic to our application among many destinations such as instances, lambda functions, virtual appliances, IP addresses, and containers to ensure continuous delivery of our services. The Elastic Load Balancer can send application traffic to destinations in a single availability zone or across many zones. Elastic Load Balancer is a virtual load balancer that comes in four different versions, each of which provides high availability across several availability zones, automatic scaling support, and dependability to enable fault tolerance in our applications.

 

Ques. 18): What is the definition of a security group?

Answer:

A security group can be thought of as a software firewall that is required to be joined to an EC2 instance's network interface. "Stateful" filtering is provided by Security Group. Multiple network interfaces of EC2 instances belonging to the same VPC can be joined to a Security Group. On the network interface, a user can create exceptions for traffic in both the inbound and outward directions. All traffic is denied by default; a user can only make exceptions for traffic that should be allowed.

 

Ques. 19): What is an Amazon EC2 instance?

Answer:

On Amazon's EC2, an instance is a virtual server that runs programmes. An instance is a miniature computer that has its own hard drive, network connection, operating system, and other features. You can have numerous mini computers, known to as Instances, on a single physical system.

Amazon EBS is in charge of this instance (meaning that the root volume is an EBS volume). You have the option of choosing your own Availability Zone or allowing Amazon EC2 to do so for you. You may secure your instance by defining a key pair and security group when you launch it. When you connect to your instance, you'll get the following screen, you should provide the private key of the key pair that you defined while launching your instance.

 

Ques. 20):  How Do You Add An EBS Volume To An Amazon Ec2 Instance?

Answer:

An EBS volume can be attached to one of our instances in the same Availability Zone as the volume.

The steps to attach an EBS volume to an instance via console are as follows:

·         Go to the Amazon EC2 console and log in.

·         Select Volumes from the left navigation pane.

·         Choose Attach Volume after selecting a volume.

·         Select the instance to which the volume will be attached.

·         Select Attach from the drop-down menu.

·         Connect to your instance now and enable the volume.

 

 


November 23, 2021

Top 20 Aws Cloudwatch interview Questions & Answers

  

Ques: 1). What Is Amazon Cloudwatch and How Does It Work?

Answer:

CloudWatch is an AWS monitoring service that keeps track of your cloud resources and the applications you run on them. CloudWatch may be used to gather and track metrics, monitor log files, and generate alarms. EC2 instances, DynamoDB tables, and RDS DB instances may all be monitored with CloudWatch.

Amazon CloudWatch is a management tool for system architects, administrators, and developers, and it is part of the Amazon Web Services family.

 

AWS RedShift Interview Questions and Answers


Ques: 2). What's the difference between CloudTrail and CloudWatch, and how do I use them?

Answer:

CloudWatch keeps track of the health and performance of AWS services and resources and generates reports on them. CloudTrail, on the other hand, keeps track of all of the activities that take place in your AWS environment.


AWS Lambda Interview Questions & Answers


Ques: 3). What platforms are compatible with CloudWatch Logs Agent?

Answer:

The CloudWatch logs agent is compatible with a wide range of operating systems and platforms. The following is a list of similar items:

  • CentOS
  • Amazon Linux
  • Ubuntu
  • Red Hat Enterprise Linux
  • Windows


AWS Cloud Support Engineer Interview Question & Answers


Ques: 4). What Are Amazon Cloudwatch Logs, and What Do They Mean?

Answer:

Using your existing system, application, and custom log files, Amazon CloudWatch Logs allows you to monitor and troubleshoot your systems and applications. You may monitor your logs in near real time with CloudWatch Logs for specific phrases, values, or patterns. You could, for example, set an alarm for the amount of failures in your system logs or look at graphs of web request latency from your application logs. The original log data can then be viewed to determine the source of the problem. You don't have to worry about filling up hard discs because log data may be saved and accessed endlessly in very durable, low-cost storage.


AWS Solution Architect Interview Questions & Answers


Ques: 5). What Cloudwatch Access Management Policies Can I Implement?

Answer:

You can select which CloudWatch actions a user in your AWS Account can execute using CloudWatch's integration with AWS IAM. IAM cannot be used to restrict access to CloudWatch data for individual resources. You can't grant a person access to CloudWatch data for just one group of instances or a single LoadBalancer, for example. Permissions provided by IAM apply to all cloud resources used by CloudWatch. Furthermore, the Amazon CloudWatch command line tools do not support IAM roles.


AWS DevOps Cloud Interview Questions & Answers


Ques: 6). What is a CloudWatch Alarm, and how does it work?

Answer:

CloudWatch Alarms is a new feature that allows you to monitor CloudWatch metrics and receive warnings when they go outside of the levels (high or low thresholds) you designate. There can be several Alarms for each statistic, each with its own set of actions.

A CloudWatch Alarm's state is always one of three things: OK, ALARM, or INSUFFICIENT DATA. When the metric is inside the permissible range that you've set, the Monitor is in the OK condition. It enters the ALARM state when it hits a particular threshold. When the data needed to make a judgement is absent or incomplete, the monitor enters the INSUFFICIENT DATA state.


AWS(Amazon Web Services) Interview Questions & Answers


Ques: 7). What Is The Average Metric Retention Period?

Answer:

The following is how CloudWatch stores metric data:

For 3 hours, data points with a period of less than 60 seconds are available. These data points are bespoke measurements with a high resolution.

Data points with a period of 60 seconds (1 minute) are available for 15 days, 300 seconds (5 minutes) are available for 63 days, and 4) data points with a metric of 3600 seconds (1 hour) are available for 455 days (15 months). Data points with a shorter duration of publication are aggregated together for long-term storage.


AWS Database Interview Questions & Answers


Ques: 8). When should I use a custom metric instead of sending a log to Cloudwatch Logs?

Answer:

Custom metrics, CloudWatch logs, or both can be used to keep track of your data. If your data, such as OS process or performance measurements, is not already produced in log format, you may want to utilise custom metrics. You may also create your own app or script, or use one offered by an AWS partner. CloudWatch Logs can be used to store and save specific measurements as well as supplementary information.


ActiveMQ Interview Questions & Answers


Ques: 9). Is There Anything I Can Do With My Cloudwatch Logs?

Answer:

CloudWatch Logs can monitor and store logs to help you understand and operate your systems and applications better. No code modifications are necessary when using CloudWatch Logs with your logs because your existing log data is used for monitoring.

 

Ques: 10). What is Amazon CloudWatch Synthetics, and how does it work?

Answer:

You may use Amazon CloudWatch Synthetics to create canaries, which are programmable scripts that run on a schedule, to monitor your endpoints and APIs. Canaries follow the same paths as customers and do the same actions, allowing you to validate your client experience even when there is no customer activity on your apps. Using canaries, you can notice problems before your customers do.

Synthetic monitoring is a technique for assessing a website or online service's availability, performance, and functionality by mimicking visitor queries.

 

Ques: 11). Is it possible to use regular expressions with log data?

Answer:

Regular expressions are not supported by CloudWatch Metric Filters. Consider using Amazon Kinesis and connecting the stream to a regular expression processing engine to handle your log data with regular expressions.

 

Ques: 12). Canaries in Amazon CloudWatch Synthetics are what they sound like.

Answer:

Canaries are scripts that are written in Node.js or Python. Users construct Lambda functions in your account using Node.js or Python as a framework. The HTTP and HTTPS protocols are both supported by Canaries.

 

Ques: 13). How Do I Get My Log Data Back?

Answer:

The CloudWatch Logs console or the CloudWatch Logs CLI can be used to retrieve any of your log data. The Log Group, Log Stream, and time with which the log events are related are used to obtain them.

 

Ques: 14). What Are the Different Thresholds I Can Use To Set A Cloudwatch Alarm?

Answer:

When you create an alarm, you must first select the CloudWatch statistic that it will track. The next step is to select an evaluation period and a statistical value to assess. Set a target value and choose whether the alarm will be triggered if the value is more, equal, or less than that value to create a threshold.

 

Ques: 15). What is Amazon CloudWatch ServiceLens, and how does it work?

Answer:

Amazon CloudWatch ServiceLens is a new tool that allows you to visualise and analyse the health, performance, and availability of your applications in a single location. All public AWS Regions that offer AWS-X-Ray support Amazon CloudWatch ServiceLens.

 

Ques: 16). What are CloudWatch Metric Streams, and how can I use them?

Answer:

CloudWatch Metric Streams is a feature that lets you broadcast CloudWatch metrics endlessly to a location of your choice with very little setup and administration. It's a completely managed solution that takes care of everything for you, including writing code and maintaining infrastructure. With a few clicks, users can setup a metric stream to destinations like Amazon Simple Storage Service (S3). Users might also submit the analytics to a variety of third-party service providers to keep their operational dashboards up to date.

 

Ques: 17). What Can Amazon Cloudwatch Metrics Tell Me?

Answer:

CloudWatch allows you to monitor AWS cloud resources as well as the AWS packages you use. EC2 times, EBS volumes, ELBs, Autoscaling agencies, EMR process flows, RDS DB times, DynamoDB tables, ElastiCache clusters, RedShift clusters, OpsWorks stacks, Route 53 fitness assessments, SNS topics, SQS queues, SWF workflows, and Storage Gateways are among the AWS services and products for which metrics are automatically provided. You can also view custom metrics generated by your own applications and services.

 

Ques: 18). How do I send Grafana from CloudWatch metrics?

Answer:

1. Install Grafana : Follow the steps to Install Grafana.

2. Go to AWS -> IAM -> Policies.

3. Add below JSON in policy -> Create Policy:

{

   "Version": "2021-10-23", -- current Date

   "Statement": [

       {

           "Sid": "AllowReadingMetricsFromCloudWatch",

           "Effect": "Allow",

           "Action": [

               "cloudwatch:ListMetrics",

               "cloudwatch:GetMetricStatistics",

               "cloudwatch:GetMetricData"

           ],

           "Resource": "*"

       },

       {

           "Sid": "AllowReadingTagsInstancesRegionsFromEC2",

           "Effect": "Allow",

           "Action": [

               "ec2:DescribeTags",

               "ec2:DescribeInstances",

               "ec2:DescribeRegions"

           ],

           "Resource": "*"

       }

   ]

}

4. IAM -> Roles -> Create Role -> Select AWS Service / EC2

5. Attach Permission policies

6. IAM -> Users and click Add User ->Attach existing policies -> copy Access Key ID, your Secret Key

7. EC2 -> Instances-> Select Grafana Server and click on Actions -> Instance Settings -> Attach/Replace IAM Role -> Attach your Grafana IAM Role to the instance.

8. Log in to your Grafana Server using Terminal as root user and provide Access Key ID, your Secret Key:

# vim /usr/share/grafana/.credentials

aws_access_key_id = 000000000000

aws_secret_access_key = 0000000000

region = us-west-2


# chmod 0644 .credentials

9. Grafana -> Navigate to Data Sources -> Select CloudWatch Type

10. Create Dashboard -> Select Graph -> Select Panel Title -> edit and provide namespace.


Ques: 19). Is it possible to use IAM roles with the CloudWatch logs agent?

Answer:

Yes, the CloudWatch logs agent has access to both keys and IAM roles and is capable of supporting and working with IAM.

Amazon Key Management Service (AWS KMS) is a managed service that integrates with a number of other AWS services. You can use it to create, store, and control encryption keys in your applications to encrypt your data. AWS KMS Key Management Service is a service that allows you to manage your keys on Amazon Web Services.

 

Ques: 20). How does AWS CloudWatch handle authentication and access control?

Answer:

Use IAM users or roles to control who has access.

To manage access control, use Dashboard Permissions, IAM identity-based policies, and service-linked roles.

Permissions policies define who gets access to what and when.

Policies based on an individual's identity

Policies based on resources

You can't utilise CloudWatch Amazon Resource Names (ARNs) in an IAM policy because there aren't any. When designing a policy to control access to CloudWatch actions, replace the resource with a * (asterisk).