CloudWatch log role ARN and Policy

Question

A question was asked on this thread about CloudWatch log role ARN and an answer was provided that the following Trust Relationship policy would allow for enabling CloudWatch logs. My question is, where do I place this policy? Trying to add it by going to IAM --> Policies --> Crate Policy --> Creating your own policy, produces an error that reads "This policy contains the following error: Has prohibited field Principal." Where do I create this policy to make Cloud Watch logs to work? Below is the solution given in the page I mentioned.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

score 2 · Answer 1 · answered Aug 21 '16 at 00:09

2

You are trying to create an IAM user. Create an IAM role instead and attach the AmazonAPIGatewayPushToCloudWatchLogs policy.

Then under the role, you can change the Trust Relationships and add this.

answered Aug 21 '16 at 00:09

or9ob

2,313
4
25
45

CloudWatch log role ARN and Policy

1 Answers1