Welcome, Guest Login

Support Center

Minimal permissions needed for Stackdriver to monitor your AWS environment

Last Updated: Apr 21, 2015 01:37PM EDT

In order to grant Stackdriver the minimal level of access required to monitor your environment, please follow the steps below.  This policy set does not provide the Stackdriver system with the ability to read the contents of any AWS resource.  Note that S3 data will not be available in the Stackdriver system if you are using this policy.



  1. Login to the Roles section of the AWS IAM console
  2. Click the Create New Role button
  3. Enter Stackdriver as the Role Name and click continue
  4. Select the Roles for Cross-Account Access option
  5. Select the Provide access to a 3rd party AWS account option
  6. Enter 314658760392 as the Account ID
  7. Enter the code in your setup page ("SD-XX") as the External ID, click "Continue"
  8. Choose Custom Policy, click "Select"
  9. Enter a policy name (e.g. "Stackdriver Policy")
  10. Paste the text below into the Policy Document field.  
  11. Click Continue and Create Role


  "Statement": [
      "Action": [
      "Effect": "Allow",
      "Resource": "*"



seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found