- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Cloudcraft uses a read-only IAM role to scan your AWS account and reverse-engineer the service relationships between components to autogenerate a diagram of your architecture.
The easiest way to set everything up is to follow the instructions inside the application, which creates the role and sets up the permissions for you in just a few clicks. The role is assigned the AWS-managed ReadOnlyAccess
IAM policy by default.
If you need to more precisely control the permissions, for example to exclude certain services or APIs, a custom Cloudcraft IAM policy will allow you to do that.
Start by opening the IAM Policies Console and clicking the Create Policy button.
Switch to the JSON tab and copy the content from one the linked policies below:
You can also customize the policy to suit your unique requirements.
ReadOnlyAccess
policy. The policy only includes the individual services and read-only permissions that Cloudcraft uses. The policy will typically need to be updated when Cloudcraft adds support for entirely new services.Click the Review policy button at the bottom of the screen, and then enter a name and description. Cloudcraft recommends using the following values to keep things organized and easier to audit.
Next, click Create policy to create the policy. The AWS console redirects you back to the policies page.
Finally, attach the newly created policy to the Cloudcraft IAM role. If you didn’t create the role yet, follow the instructions in the application.