2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Hello.
Maybe you need to specify "LoggingRole"?
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html#cfn-transfer-server-loggingrole
The required IAM policies are described in the following documents.
https://docs.aws.amazon.com/transfer/latest/userguide/monitoring.html#monitoring-enabling
I think CloudFormation would be as follows.
Resources:
SFTPIAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- transfer.amazonaws.com
Action:
- sts:AssumeRole
Description: IAM role
RoleName: Transfer-log-role
Policies:
- PolicyName: !Ref 'PolicyName'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogDelivery
- logs:GetLogDelivery
- logs:UpdateLogDelivery
- logs:DeleteLogDelivery
- logs:ListLogDeliveries
- logs:PutResourcePolicy
- logs:DescribeResourcePolicies
- logs:DescribeLogGroups
Resource:
- !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/transfer/*
MySFTPServer:
Type: AWS::Transfer::Server
Properties:
Domain: !Ref 'Domain'
EndpointType: !Ref 'EndpointType'
LoggingRole: !GetAtt SFTPIAMRole.Arn
IdentityProviderType: !Ref 'IdentityProviderType'
Protocols:
- !Ref 'Protocols'
Tags:
- Key: Name
Value: !Ref 'ServerName'
- Key: CustomeHostNameType
Value: !Ref 'CustomHostName'
0
I tried above CFN but still log group is not visible. I can only see the logging role, not sure how to attach the log group to it. Manually, we can select the option for creating new log but but for cloudformation that option does not seems to be available.
回答済み 6ヶ月前
関連するコンテンツ
- AWS公式更新しました 3年前
I tried above CFN but still log group is not visible. I can only see the logging role, not sure how to attach the log group to it. Manually, we can select the option for creating new log but but for cloudformation that option does not seems to be available.