1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
The ARN for CloudWatch Log Groups follows this pattern:
arn:aws:logs:us-east-1:123456789012:log-group:/loggroupname:*
Note the last :*
That references each log stream. Please try modifying your policy as such:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents"
],
"Resource": "arn:aws:logs:<aws-region>:<accountId>:log-group:<full-log-group-name>:*"
}
]
}
beantwortet vor einem Jahr
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
Could you please elaborate how that particular user wants to access the logs? Via the AWS Management Console? Via AWS CLI? AWS SDK for a programming language?