2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Hello.
Maybe you need to specify "LoggingRole"?
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html#cfn-transfer-server-loggingrole
The required IAM policies are described in the following documents.
https://docs.aws.amazon.com/transfer/latest/userguide/monitoring.html#monitoring-enabling
I think CloudFormation would be as follows.
Resources:
SFTPIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- transfer.amazonaws.com
Action:
- sts:AssumeRole
Description: IAM role
RoleName: Transfer-log-role
Policies:
- PolicyName: !Ref 'PolicyName'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogDelivery
- logs:GetLogDelivery
- logs:UpdateLogDelivery
- logs:DeleteLogDelivery
- logs:ListLogDeliveries
- logs:PutResourcePolicy
- logs:DescribeResourcePolicies
- logs:DescribeLogGroups
Resource:
- !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/transfer/*
MySFTPServer:
Type: AWS::Transfer::Server
Properties:
Domain: !Ref 'Domain'
EndpointType: !Ref 'EndpointType'
LoggingRole: !GetAtt SFTPIAMRole.Arn
IdentityProviderType: !Ref 'IdentityProviderType'
Protocols:
- !Ref 'Protocols'
Tags:
- Key: Name
Value: !Ref 'ServerName'
- Key: CustomeHostNameType
Value: !Ref 'CustomHostName'
0
I tried above CFN but still log group is not visible. I can only see the logging role, not sure how to attach the log group to it. Manually, we can select the option for creating new log but but for cloudformation that option does not seems to be available.
con risposta 6 mesi fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
I tried above CFN but still log group is not visible. I can only see the logging role, not sure how to attach the log group to it. Manually, we can select the option for creating new log but but for cloudformation that option does not seems to be available.