[AWS IAM] CloudWatch Log への Logging の権限を忘れずに作ろう

Posted at 2024-05-17

よく作り忘れて、Terraformで何度も作り直している気がする。

必要となる例

ECS task execution role ---> CW logs
Lambda role ---> CW logs

必要となる権限

以下の権限をrole内に含めてやる。

        {
          Action   = [
            "logs:CreateLogGroup"
          ]
          Effect   = "Allow"
          Resource = "arn:aws:logs:us-east-1:111111111111:*"
        },
        {
          Action = [
            "logs:CreateLogStream",
            "logs:PutLogEvents"
          ]
          Effect   = "Allow"
          Resource = "arn:aws:logs:us-east-1:111111111111:log-group:/aws/lambda/lambda_fn_name:*"
        },

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up