1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello.
It seems that Security Lake's IAM role requires the following IAM policy, but is it set?
https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html#prerequisites
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowWriteLambdaLogs",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:{{accountId}}:log-group:/aws/lambda/SecurityLake_Glue_Partition_Updater_Lambda*"
]
},
{
"Sid": "AllowCreateAwsCloudWatchLogGroup",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup"
],
"Resource": [
"arn:aws:logs:*:{{accountId}}:/aws/lambda/SecurityLake_Glue_Partition_Updater_Lambda*"
]
},
{
"Sid": "AllowGlueManage",
"Effect": "Allow",
"Action": [
"glue:CreatePartition",
"glue:BatchCreatePartition"
],
"Resource": [
"arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*",
"arn:aws:glue:*:*:database/amazon_security_lake_glue_db*",
"arn:aws:glue:*:*:catalog"
]
},
{
"Sid": "AllowToReadFromSqs",
"Effect": "Allow",
"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"arn:aws:sqs:*:{{accountId}}:SecurityLake*"
]
}
]
}
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전