-
Hello Alak,
Thank you for posting. You’re right to double-check the IAM action, but in this case, cloudwatch:PutMetricData is the correct permission to use, not logs:. The confusion likely comes from the fact that Amazon CloudWatch includes metrics and logs, which use different prefixes—cloudwatch: for metrics and logs: for logs. Since the EC2 instances publish custom metrics, the correct service is CloudWatch Metrics, and the appropriate permission is cloudwatch:PutMetricData. This action allows the application to send metric data to CloudWatch, which is required for that functionality to work.
Additionally, cloudwatch:PutMetricData is a valid IAM action and does appear in the IAM policy editor in the AWS Console. It can be added to a custom policy or included in some broader managed policies.
Let me know if you need more assistance.
Regards,
Nikee @ Tutorials Dojo
