0

I as an admin have created several Elastic Beanstalk applications in AWS.

Now I want to give some of my team members access to login into AWS and view EBS logs - I mean read-only access. I don't want them to be able to update or deploy or crate new Elastic Beanstalk application.

If I give them AWSElasticBeanstalkReadOnlyAccess the user is unable to see anything in Elastic Beanstalk.

PrasadK
  • 778
  • 6
  • 17

2 Answers2

1

Look at the section Enabling Read-Only Access to Elastic Beanstalk Logs on this page - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.managed-policies.html

PrasadK
  • 778
  • 6
  • 17
  • I already tried AWSElasticBeanstalkReadOnlyAccess but user is unable to see existing EBS applications after login. I don't want to give user "AWSElasticBeanstalkFullAccess" access. –  May 12 '18 at 01:31
  • Did you look at the bottom of the page. They have an example there. Did that help? – PrasadK May 12 '18 at 02:40
  • An alternate solution I found is: I configured Cloud Watch so that logs of EBS are available in Cloud Watch logs. I gave Cloud watch access to other person and that person can now login and view logs. Viewing logs in cloud watch seems better than viewing them in EBS logs. –  May 12 '18 at 23:58
0

The mistake I was doing is the region of two users were different. Admin user configured the cloud watch logs in region N. Virginia for support user. When support user was login the default region was Ohio and support user was unable to see logs. After selecting N. Virginia region for support the support user can see logs.