Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
The GameLift Fleet instance does not have permissions on logs
I want to view the logs for my GameLift fleet in the CloudWatch LogGroup. But the GameLift Instance does not have permissions to upload logs on CloudWatch LogGroup.
I set the Instance role of GameLift Fleet like this.
This role has a AWS manged policy named CloudWatchAgentServerPolicy and the policy and trust relationship is written like this.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "gamelift.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
When I tried to create a CloudWatch LogGroup on my GameLift Fleet instance, I got the following permission error.
It seems like GameLift Fleet instance does not have permission to create CloudWatch LogGroup.
I don't know how to give that permission.
- Newest
- Most votes
- Most comments
Looking at the error it looks like you are using a different IAM role with AssumeRole.
It is said that there is no CreateLogGroup in the IAM role "User: arn:aws:sts::783~~~", so please try adding permissions to this IAM role.
Relevant content
- asked 4 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 5 months ago
