Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
AWS Site to Site VPN log is not generating in Cloudwatch log group
0
Help Post:
I am having a problem with the Site-to-site VPN tunnel not generating log to Cloud Watch Group. I have enabled the VPN tunnel log for both tunnels. First I got the log but after updating the tunnel option it is not generating any more
This is the error in the Cloudwatch log
1 Answer
- Newest
- Most votes
- Most comments
1
Hello,
For the logging feature to function correctly, the IAM policy attached to the IAM principal used to configure the feature must include the following permissions as a minimum requirement: https://docs.aws.amazon.com/vpn/latest/s2svpn/monitoring-logs.html
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "S2SVPNLogging"
},
{
"Sid": "S2SVPNLoggingCWL",
"Action": [
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
Relevant content
- asked 2 years ago
- asked 3 years ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
Thank you for your valuable guidance.
I have added this policy to my IAM user. but still problem exists, no log generating for Cloudwatch log group