1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
Do you have the IAM role used by Kendra index configured to allow the "logs:CreateLogGroup" policy?
Please try setting a sample IAM policy in the document below.
Please change "your-region" and "your-account-id" to match your AWS account.
https://docs.aws.amazon.com/kendra/latest/dg/iam-roles.html
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudwatch:PutMetricData",
"Resource": "*",
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/Kendra"
}
}
},
{
"Effect": "Allow",
"Action": "logs:DescribeLogGroups",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "logs:CreateLogGroup",
"Resource": "arn:aws:logs:your-region:your-account-id:log-group:/aws/kendra/*"
},
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:your-region:your-account-id:log-group:/aws/kendra/*:log-stream:*"
}
]
}
Relevant content
- asked 2 years ago
- asked 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a month ago
Thanks for replying, it worked.