The GameLift Fleet instance does not have permissions on logs
I want to view the logs for my GameLift fleet in the CloudWatch LogGroup. But the GameLift Instance does not have permissions to upload logs on CloudWatch LogGroup.
I set the Instance role of GameLift Fleet like this.
This role has a AWS manged policy named CloudWatchAgentServerPolicy and the policy and trust relationship is written like this.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "gamelift.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
When I tried to create a CloudWatch LogGroup on my GameLift Fleet instance, I got the following permission error.
It seems like GameLift Fleet instance does not have permission to create CloudWatch LogGroup.
I don't know how to give that permission.
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Looking at the error it looks like you are using a different IAM role with AssumeRole.
It is said that there is no CreateLogGroup in the IAM role "User: arn:aws:sts::783~~~", so please try adding permissions to this IAM role.
Contenuto pertinente
AWS UFFICIALEAggiornata un anno fa- AWS UFFICIALEAggiornata 3 anni fa