Lumigo IAM Role

Overview

Lumigo uses CloudFormation template to create an Identity & Access Management (IAM) role in order to collect and push the data required for monitoring your AWS environment. An IAM role is an identity with specific permissions that you can create in your AWS environment. It's similar to a user, but instead of being associated with a singular person it can be used by anyone who needs it and is assigned it. It also uses temporary security credentials for a log-in session as opposed to long-term credentials such as passwords.

Lumigo IAM Role permissions

Lumigo CloudFormation template provides the latest functionality, policies, and permissions to monitor your AWS environment. To set up your permissions:

"sts:AssumeRole",
"lambda:UpdateFunctionConfiguration",
"ecs:RegisterTaskDefinition",
"ecs:UpdateService",
"ce:GetCostAndUsageWithResources",
"ce:GetCostAndUsage",
"events:PutEvents",
"iam:PassRole",
"logs:PutSubscriptionFilter",
"logs:DeleteSubscriptionFilter",
"logs:DescribeSubscriptionFilters",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:PutDashboard",
"cloudwatch:DeleteDashboards",
"cloudwatch:PutMetricData",
"cloudwatch:PutMetricStream",
"cloudwatch:DeleteMetricStream",
"cloudwatch:StartMetricStreams",
"cloudwatch:StopMetricStreams",
"events:PutRule",
"events:PutTargets"

Custom IAM Role

If need be, we can create a custom IAM role to fit your exact needs. Contact our support via Intercom or directly by email.