In order to connect to Amazon CloudWatch, you will need credentials with the correct permissions to access AWS resources. Here is what those roles are and how to connect them up in Grow.
To manage permissions to Amazon CloudWatch, an administrator or a user with rights to create IAM users and policies can create an IAM user. This is an identity within your AWS account. An IAM user has specific custom permissions within your account---for example, to view CloudWatch metrics. IAM is an acronym for AWS Identity and Access Management.
It's an Amazon best practice not to use your AWS root account for day-to-day tasks.
If you want to read more detailed information about the roles in AWS, you can read their documentation here.
To manage access to your CloudWatch information, you can create different users or identities within your AWS account and manage the permissions for each one. Their help article on managing resources says, “When granting permissions, you decide who is getting the permissions, the resources they get permissions for, and the specific actions that you want to allow on those resources.” CloudWatch itself does not have any resources that you can control access to.
The snippet below shows the code for read-only access. If you want, you can create a custom policy, beginning with changing the "Version" field. Alternatively, you can attach a managed policy to the user. The following is a Read-Only Access policy. Amazon has documentation about attaching managed policies to users which you can read here.
If you have more questions about managing permissions, we recommend you check out their help docs on the topic. They are detailed and fairly easy to understand.
If you run into issues, please chat in on the site and let us know, and we’ll be happy to help.