By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

The GameLift Fleet instance does not have permissions on logs

0

I want to view the logs for my GameLift fleet in the CloudWatch LogGroup. But the GameLift Instance does not have permissions to upload logs on CloudWatch LogGroup.

I set the Instance role of GameLift Fleet like this.

Enter image description here

This role has a AWS manged policy named CloudWatchAgentServerPolicy and the policy and trust relationship is written like this.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "gamelift.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }

When I tried to create a CloudWatch LogGroup on my GameLift Fleet instance, I got the following permission error.

Enter image description here

It seems like GameLift Fleet instance does not have permission to create CloudWatch LogGroup.

I don't know how to give that permission.

Topics
Management & GovernanceGame TechSecurity, Identity, & ComplianceCompute
Tags
Amazon CloudWatchAmazon GameLiftIAM PoliciesEC2 FleetAmazon CloudWatch Logs
Language
English
rePost-User-9834585
asked a year ago254 views
1 Answer
0

Looking at the error it looks like you are using a different IAM role with AssumeRole.
It is said that there is no CreateLogGroup in the IAM role "User: arn:aws:sts::783~~~", so please try adding permissions to this IAM role.

profile picture
EXPERT
Riku_Kobayashi
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content