Here’s a detailed article about the Amazon Managed Service for Prometheus resource policies announcement, written in a polite and informative tone:
Enhancing Control and Collaboration: Amazon Managed Service for Prometheus Introduces Resource Policies
Amazon Web Services (AWS) is pleased to announce a significant enhancement to Amazon Managed Service for Prometheus (AMP), a fully managed service that makes it easier for developers and engineers to monitor their containerized applications and microservices using Prometheus. As of August 15, 2025, AMP now supports resource policies, a feature that promises to bring a new level of control, security, and collaboration to how customers manage access to their AMP workspaces.
This latest update empowers organizations to define granular access permissions for their AMP workspaces, allowing them to dictate precisely who can access and interact with their monitoring data and configurations. This is a particularly welcome development for companies operating at scale or those working in complex, multi-team environments.
What are Resource Policies and Why Are They Important for AMP?
Resource policies in AWS are a mechanism for attaching permissions-based access control policies directly to AWS resources. In the context of Amazon Managed Service for Prometheus, a resource policy attached to an AMP workspace allows you to grant cross-account or cross-project access to that workspace, or to restrict access to specific IAM principals within your own account.
The introduction of resource policies to AMP is a strategic move to align with the broader AWS philosophy of providing fine-grained control over resources. For customers using AMP, this translates into several key benefits:
- Enhanced Security: By defining explicit policies, organizations can ensure that only authorized users and services have access to their sensitive monitoring data. This helps to mitigate the risk of unauthorized access and potential data breaches.
- Improved Collaboration: For organizations with multiple teams or business units, resource policies enable secure sharing of AMP workspaces. This means teams can collaborate more effectively on monitoring and troubleshooting without compromising security. For instance, a central DevOps team could grant read-only access to specific dashboards and metrics for development teams in different accounts, while retaining administrative control.
- Centralized Access Management: Resource policies provide a centralized way to manage access to AMP data, simplifying the overall security posture and reducing the administrative overhead associated with managing individual IAM permissions.
- Cross-Account Access Made Easier: Previously, enabling cross-account access to AMP workspaces might have involved more complex configurations. Resource policies streamline this process, making it more straightforward and secure to share monitoring insights across different AWS accounts within an organization.
- Granular Control: Customers can now define policies that specify actions (like
amp:ListWorkspaces,amp:DescribeWorkspace,amp:QueryAPI), the resources that these actions can be performed on (specific AMP workspaces), and the principals (users, roles, or services) that are allowed to perform these actions.
How Resource Policies Work with AMP
The implementation of resource policies for AMP allows customers to create and manage policies directly within the AWS console or using the AWS SDKs and Command Line Interface (CLI). When you create an AMP workspace, you can associate a resource policy with it. This policy will then govern how other AWS accounts or IAM principals within your account can interact with that specific workspace.
For example, a policy could be written to:
- Allow a specific IAM role in another AWS account to query data from a particular AMP workspace.
- Grant read-only access to all IAM users within a specific organizational unit to a shared AMP workspace used for central monitoring.
- Deny access to a sensitive AMP workspace from any principal that does not meet certain criteria.
The integration of resource policies into Amazon Managed Service for Prometheus is a testament to AWS’s commitment to listening to customer feedback and continuously improving its services. This feature empowers organizations with the robust security and flexibility needed to effectively monitor their applications in today’s dynamic cloud environments.
Customers can explore the new resource policy capabilities for Amazon Managed Service for Prometheus by visiting the AWS Management Console and reviewing the updated documentation. This enhancement is expected to be a valuable addition for anyone leveraging AMP for their observability needs.
Amazon Managed Service for Prometheus adds support resource policies
AI has delivered the news.
The answer to the following question is obtained from Google Gemini.
Amazon published ‘Amazon Managed Service for Prometheus adds support resource policies’ at 2025-08-15 13:30. Please write a detailed article about this news in a polite tone with relevant information. Please reply in English with the article only.