LoginSignup
0
0
@kudojp(Daiki Kudo)

[AWS IAM] CloudWatch Log への Logging の権限を忘れずに作ろう

Posted at

よく作り忘れて、Terraformで何度も作り直している気がする。

必要となる例

  • ECS task execution role ---> CW logs
  • Lambda role ---> CW logs

必要となる権限

以下の権限をrole内に含めてやる。

        {
          Action   = [
            "logs:CreateLogGroup"
          ]
          Effect   = "Allow"
          Resource = "arn:aws:logs:us-east-1:111111111111:*"
        },
        {
          Action = [
            "logs:CreateLogStream",
            "logs:PutLogEvents"
          ]
          Effect   = "Allow"
          Resource = "arn:aws:logs:us-east-1:111111111111:log-group:/aws/lambda/lambda_fn_name:*"
        },
0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0