Hello, this is Agata.

It is convenient to manage users with single sign-on using IAM Identity Center, but it is still a hassle to manage permissions in detail as with IAM.

This time I’m talking about the Health Dashboard related permissions since ViewOnlyAccess didn’t have them.

Lack of permissions for predefined policies

I had attached the AWS Managed Policy ViewOnlyAccess in the IAM Identity Center permission set to a user who does not work directly and only views AWS status.

However, I was told that Health Dashboard could not be viewed with only this permission, so I checked and sure enough, no Health Dashboard-related permissions were granted.

It would be better if someone in charge of monitoring and such could see it…. Well, it was no use, so I decided to add my own authorization.

Policy Creation

Create a policy in IAM.

The policy should look something like the following, allowing all health:Describe~.
(Arrange this area as needed.)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "health:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

To create a policy, follow these steps

1. In the AWS console, go to IAM > Policies and click Create Policy.
2. Switch the policy editor to JSON and enter the following JSON.
3. Once entered, click Next.
4. Enter a policy name and description as appropriate, and click Create Policy.

If you are configuring settings for multiple AWS accounts, do this for all of the target AWS accounts. At this time, the policy name must be the same.

Policy Attachment

Attach the created policy.

1. Navigate to IAM Identity Center > Permission Sets and click on the target permission set.
2. Click “Attach Policy” under Customer Managed Policies.
3. Enter a policy name and click “Attach Policy”.

You should now be able to see the Haelth Dashboard.