mirror of
https://github.com/serverless/serverless.git
synced 2026-01-25 15:07:39 +00:00
7410275f66
As announced by AWS in Dec 2022, there is a new API for tagging CloudWatch resources. New accounts/roles that need to tag CloudWatch LogGroups need the new `logs:TagResouce permission`.
38 lines
842 B
JSON
38 lines
842 B
JSON
{
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"AssumeRolePolicyDocument": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": ["lambda.amazonaws.com"]
|
|
},
|
|
"Action": ["sts:AssumeRole"]
|
|
}
|
|
]
|
|
},
|
|
"Policies": [
|
|
{
|
|
"PolicyName": "[TO BE REPLACED]",
|
|
"PolicyDocument": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": ["logs:CreateLogStream", "logs:CreateLogGroup", "logs:TagResource"],
|
|
"Resource": []
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": ["logs:PutLogEvents"],
|
|
"Resource": []
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|