1 個回答
- 最新
- 最多得票
- 最多評論
0
The ARN for CloudWatch Log Groups follows this pattern:
arn:aws:logs:us-east-1:123456789012:log-group:/loggroupname:*
Note the last :*
That references each log stream. Please try modifying your policy as such:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents"
],
"Resource": "arn:aws:logs:<aws-region>:<accountId>:log-group:<full-log-group-name>:*"
}
]
}
已回答 1 年前
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前
Could you please elaborate how that particular user wants to access the logs? Via the AWS Management Console? Via AWS CLI? AWS SDK for a programming language?