1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
The ARN for CloudWatch Log Groups follows this pattern:
arn:aws:logs:us-east-1:123456789012:log-group:/loggroupname:*
Note the last :*
That references each log stream. Please try modifying your policy as such:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents"
],
"Resource": "arn:aws:logs:<aws-region>:<accountId>:log-group:<full-log-group-name>:*"
}
]
}
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a 7 mois
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Could you please elaborate how that particular user wants to access the logs? Via the AWS Management Console? Via AWS CLI? AWS SDK for a programming language?