AWS Distro for OpenTelemetry

Create IAM Policy

Create IAM Policy

The AWS Distro for OpenTelemetry Collector requires permissions to publish app metrics and container metrics to AWS CloudWatch and sending app traces to AWS X-Ray. Metrics are sent to CloudWatch using EMF Logs, so CloudWatch Logs permissions are required to send metrics. In this section, we will create an IAM policy with proper permission.



  1. Go to AWS Management Console

Go to AWS Management Console and open the IAM Policy page.

  1. Create Policy

Click the Create Policy button on top-left corner.

Diagram
  1. Copy JSON Policy

Click the JSON tab on top of the page. Copy and paste the following policy text.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "logs:PutLogEvents",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:DescribeLogStreams",
                "logs:DescribeLogGroups",
                "logs:PutRetentionPolicy",
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords",
                "xray:GetSamplingRules",
                "xray:GetSamplingTargets",
                "xray:GetSamplingStatisticSummaries",
                "cloudwatch:PutMetricData",
                "ec2:DescribeVolumes",
                "ec2:DescribeTags",
                "ssm:GetParameters"
            ],
            "Resource": "*"
        }
    ]
}
  1. Click the Review Policy
Diagram
  1. Add Policy Name and Finish

On the Review policy page, type AWSDistroOpenTelemetryPolicy for the Name, and then click Create policy button and finish the process.

Diagram