IAM Policy Code to Use

Best Practice: Create a Sysdig-specific IAM policy to be used for granting programmatic access to Sysdig. Copy/paste the code snippet below into this policy. It enables Sysdig to collect metadata and CloudWatch metrics from the following services, as applicable to your environment:

  • Dynamodb

  • EC2 hosts

  • ECS

  • Elasticache

  • RDS

  • SQS

If you want to use your own AWS S3 bucket to store Sysdig capture files, you can append those code snippets to this IAM Policy as well. See Storage: Configure AWS Capture File Storage (Optional) for details.

    "Version": "2012-10-17",
    "Statement": [
            "Action": [
            "Effect": "Allow",
            "Resource": "*"

See Changing the AWS Services that are Polled for more detail.

Last modified June 23, 2022