Amazon CloudWatch integrates with AWS Identity and Access Management (IAM) so that you canspecify which CloudWatch actions a user in your AWS Account can perform. For example, you couldcreate an IAM policy that gives only certain users in your organization permission to useGetMetricStatistics. They could then use the action to retrieve data about your cloud resources. Youcan't use IAM to control access to CloudWatch data for specific resources. For example, you can'tgive a user access to CloudWatch data for only a specific set of instances or a specific LoadBalancer.Permissions granted using IAM cover all the cloud resources you use with CloudWatch. In addition,you can't use IAM roles with the Amazon CloudWatch command line tools. Using AmazonCloudWatch with IAM doesn't change how you use CloudWatch. There are no changes toCloudWatch actions, and no new CloudWatch actions related to users and access control. Reference: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/UsingIAM.html