How to craft a custom AWS CloudWatch Read-Only policy tailored for a specific log group, including permissions for Logs Insights?

0

I was use this code it's working in the log groups dashboard but the Logs insights dashboard i getting some error i was attached below code and screen shoot.

The code : { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "logs:DescribeLogGroups", "Resource": "" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:StartQuery", "logs:StopQuery", "logs:GetQueryResults", "logs:GetLogGroupFields" ], "Resource": "arn:aws:logs:ap-south-1:744096931876:log-group:/aws/lambda/Password-generate:" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" } ] }

Enter image description here

KARTHIK
gefragt vor einem Jahr349 Aufrufe
1 Antwort
1
Akzeptierte Antwort

Hello.

I modified the policy as follows.
I have included all the policies used by CloudWatch Logs Insights, so it will probably work.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [
                "logs:DescribeLogGroups",
                "logs:DescribeQueryDefinitions",
                "logs:DescribeQueries"
                "logs:GetLogEvents", 
                "logs:StopQuery", 
            ], 
            "Resource": "*" 
        }, 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "logs:DescribeLogStreams", 
                "logs:StartQuery", 
                "logs:GetQueryResults", 
                "logs:GetLogGroupFields" 
            ], 
            "Resource": "arn:aws:logs:ap-south-1:744096931876:log-group:/aws/lambda/Password-generate:*" 
        }, 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "cloudwatch:GetMetricData", 
                "cloudwatch:GetMetricStatistics", 
                "cloudwatch:ListMetrics" 
            ], 
            "Resource": "*" 
        } 
    ] 
}
profile picture
EXPERTE
beantwortet vor einem Jahr
profile pictureAWS
EXPERTE
überprüft vor einem Jahr
profile pictureAWS
EXPERTE
überprüft vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen