Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
49 lines (36 sloc) 4.67 KB

CloudWatch Events Permissions Reference

When you are setting up Access Control and writing permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The table lists each CloudWatch Events API operation and the corresponding actions for which you can grant permissions to perform the action. You specify the actions in the policy's Action field, and you specify a wildcard character (*) as the resource value in the policy's Resource field.

You can use AWS-wide condition keys in your CloudWatch Events policies to express conditions. For a complete list of AWS-wide keys, see Available Keys in the IAM User Guide.

To specify an action, use the events: prefix followed by the API operation name. For example: events:PutRule, events:EnableRule, or events:* (for all CloudWatch Events actions).

To specify multiple actions in a single statement, separate them with commas as follows:

"Action": ["events:action1", "events:action2"]

You can also specify multiple actions using wildcards. For example, you can specify all actions whose name begins with the word "Put" as follows:

"Action": "events:Put*"

To specify all CloudWatch Events API actions, use the * wildcard as follows:

"Action": "events:*"

The actions you can specify in an IAM policy for use with CloudWatch Events are listed below.

CloudWatch Events API Operations and Required Permissions for Actions

CloudWatch Events API Operations Required Permissions (API Actions)
DeleteRule events:DeleteRule Required to delete a rule.
DescribeEventBus events:DescribeEventBus Required to list AWS accounts that are allowed to write events to the current account's event bus.
DescribeRule events:DescribeRule Required to list the details about a rule.
DisableRule events:DisableRule Required to disable a rule.
EnableRule events:EnableRule Required to enable a rule.
ListRuleNamesByTarget events:ListRuleNamesByTarget Required to list rules associated with a target.
ListRules events:ListRules Required to list all rules in your account.
ListTargetsByRule events:ListTargetsByRule Required to list all targets associated with a rule.
PutEvents events:PutEvents Required to add custom events that can be matched to rules.
PutPermission events:PutPermission Required to give another account permission to write events to this account’s default event bus.
PutRule events:PutRule Required to create or update a rule.
PutTargets events:PutTargets Required to add targets to a rule.
RemovePermission events:RemovePermission Required to revoke another account’s permissions for writing events to this account’s default event bus.
RemoveTargets events:RemoveTargets Required to remove a target from a rule.
TestEventPattern events:TestEventPattern Required to test an event pattern against a given event.