What is the best way to access the ARN of the CloudWatch RUM monitor? I need to create an IAM policy in CDK to restrict permissions to just a single CloudWatch RUM monitor but the CfnAppMonitor construct has no accessible property for it

Nor is there any property for it in the CFN itself - so doing cfnAppMonitor.getAtt("Arn") doesn’t return any ARN

Sources: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rum.CfnAppMonitor.html#cfnproperties

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rum-appmonitor-appmonitorconfiguration.html

CodePudding user response：

I ended up just constructing the ARN myself. arn:aws:rum:${process.env.CDK_DEFAULT_REGION}:${process.env.CDK_DEFAULT_ACCOUNT}:appmonitor/${props.rumId}

In the docs I referenced there's a callout for resource.arn: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_rum.CfnAppMonitor.html#getwbrattattributename but I found the above approach works just as well. If someone else has ever had a need for getting the ARN in that manner and has an example deff send it my way!