When you are setting up Access Control and writing permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each CloudWatch Events API operation and the corresponding actions for which you can grant permissions to perform the action. You specify the actions in the policy's
Action field, and you specify a wildcard character (*) as the resource value in the policy's
You can use AWS-wide condition keys in your CloudWatch Events policies to express conditions. For a complete list of AWS-wide keys, see Available Keys in the IAM User Guide.
To specify an action, use the
events: prefix followed by the API operation name. For example:
events:* (for all CloudWatch Events actions).
To specify multiple actions in a single statement, separate them with commas as follows:
"Action": ["events:action1", "events:action2"]
You can also specify multiple actions using wildcards. For example, you can specify all actions whose name begins with the word "Put" as follows:
To specify all CloudWatch Events API actions, use the * wildcard as follows:
The actions you can specify in an IAM policy for use with CloudWatch Events are listed below.
CloudWatch Events API Operations and Required Permissions for Actions
|CloudWatch Events API Operations||Required Permissions (API Actions)|