The GameLift Fleet instance does not have permissions on logs


I want to view the logs for my GameLift fleet in the CloudWatch LogGroup. But the GameLift Instance does not have permissions to upload logs on CloudWatch LogGroup.

I set the Instance role of GameLift Fleet like this.

Enter image description here

This role has a AWS manged policy named CloudWatchAgentServerPolicy and the policy and trust relationship is written like this.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "", "" ] }, "Action": "sts:AssumeRole" } ] }

When I tried to create a CloudWatch LogGroup on my GameLift Fleet instance, I got the following permission error.

Enter image description here

It seems like GameLift Fleet instance does not have permission to create CloudWatch LogGroup.

I don't know how to give that permission.

1 Answer

Looking at the error it looks like you are using a different IAM role with AssumeRole.
It is said that there is no CreateLogGroup in the IAM role "User: arn:aws:sts::783~~~", so please try adding permissions to this IAM role.

profile picture
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions