How to craft a custom AWS CloudWatch Read-Only policy tailored for a specific log group, including permissions for Logs Insights?

0

I was use this code it's working in the log groups dashboard but the Logs insights dashboard i getting some error i was attached below code and screen shoot.

The code : { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "logs:DescribeLogGroups", "Resource": "" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:StartQuery", "logs:StopQuery", "logs:GetQueryResults", "logs:GetLogGroupFields" ], "Resource": "arn:aws:logs:ap-south-1:744096931876:log-group:/aws/lambda/Password-generate:" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" } ] }

Enter image description here

KARTHIK
preguntada hace un año349 visualizaciones
1 Respuesta
1
Respuesta aceptada

Hello.

I modified the policy as follows.
I have included all the policies used by CloudWatch Logs Insights, so it will probably work.
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatchlogs.html

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [
                "logs:DescribeLogGroups",
                "logs:DescribeQueryDefinitions",
                "logs:DescribeQueries"
                "logs:GetLogEvents", 
                "logs:StopQuery", 
            ], 
            "Resource": "*" 
        }, 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "logs:DescribeLogStreams", 
                "logs:StartQuery", 
                "logs:GetQueryResults", 
                "logs:GetLogGroupFields" 
            ], 
            "Resource": "arn:aws:logs:ap-south-1:744096931876:log-group:/aws/lambda/Password-generate:*" 
        }, 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "cloudwatch:GetMetricData", 
                "cloudwatch:GetMetricStatistics", 
                "cloudwatch:ListMetrics" 
            ], 
            "Resource": "*" 
        } 
    ] 
}
profile picture
EXPERTO
respondido hace un año
profile pictureAWS
EXPERTO
revisado hace un año
profile pictureAWS
EXPERTO
revisado hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas