Service: Amazon CloudWatch Logs
Short Name:
logs
ARN Format:
arn:aws:logs:${Region}:${Account}:.+ARN Regex:
^arn:aws:logs:.+ReadOnlyAccess
…
AWSGlueConsoleFullAccessAction | Access | Reference | Description |
|---|---|---|---|
| logs:DescribeAccountPolicies | Docs | Grants permission to retrieve a data protection policy attached to an account | |
| logs:DescribeDeliveries | Docs | Grants permission to retrieve a list of deliveries an account | |
| logs:DescribeDeliveryDestinations | Docs | Grants permission to retrieve a list of delivery destinations an account | |
| logs:DescribeDeliverySources | Docs | Grants permission to retrieve a list of delivery sources in an account | |
| logs:DescribeDestinations | Docs | Grants permission to return all the destinations that are associated with the AWS account making the request | |
| logs:DescribeExportTasks | Docs | Grants permission to return all the export tasks that are associated with the AWS account making the request | |
| logs:DescribeLogGroups | Docs | Grants permission to return all the log groups that are associated with the AWS account making the request | |
| logs:DescribeLogStreams | Docs | Grants permission to return all the log streams that are associated with the specified log group | |
| logs:DescribeMetricFilters | Docs | Grants permission to return all the metrics filters associated with the specified log group | |
| logs:DescribeQueries | Docs | Grants permission to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account | |
| logs:DescribeQueryDefinitions | Docs | Grants permission to return a paginated list of your saved CloudWatch Logs Insights query definitions | |
| logs:DescribeResourcePolicies | Docs | Grants permission to return all the resource policies in this account | |
| logs:DescribeSubscriptionFilters | Docs | Grants permission to return all the subscription filters associated with the specified log group | |
| logs:ListAnomalies | Docs | Grants permission to list all anomalies detected in the AWS account making the request | |
| logs:ListLogAnomalyDetectors | Docs | Grants permission to return all the anomaly detectors that are associated with the AWS account making the request | |
| logs:ListLogDeliveries | Docs | Grants permission to list all the log deliveries for specified account and/or log source | |
| logs:ListTagsForResource | Docs | Grants permission to list the tags for the specified resource | |
| logs:ListTagsLogGroup | Docs | Grants permission to list the tags for the specified log group | |
| logs:DeleteResourcePolicy | Docs | Grants permission to delete a resource policy from this account | |
| logs:PutResourcePolicy | Docs | Grants permission to create or update a resource policy allowing other AWS services to put log events to this account | |
| logs:FilterLogEvents | Docs | Grants permission to retrieve log events, optionally filtered by a filter pattern from the specified log group | |
| logs:GetDataProtectionPolicy | Docs | Grants permission to retrieve a data protection policy attached to a log group | |
| logs:GetDelivery | Docs | Grants permission to retrieve a single delivery | |
| logs:GetDeliveryDestination | Docs | Grants permission to retrieve a single delivery destination | |
| logs:GetDeliveryDestinationPolicy | Docs | Grants permission to retrieve a delivery destination policy attached to a delivery destination | |
| logs:GetDeliverySource | Docs | Grants permission to retrieve a single delivery source | |
| logs:GetLogAnomalyDetector | Docs | Grants permission to get a log anomaly detector | |
| logs:GetLogDelivery | Docs | Grants permission to get the log delivery information for specified log delivery | |
| logs:GetLogEvents | Docs | Grants permission to retrieve log events from the specified log stream | |
| logs:GetLogGroupFields | Docs | Grants permission to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field | |
| logs:GetLogRecord | Docs | Grants permission to retrieve all the fields and values of a single log event | |
| logs:GetQueryResults | Docs | Grants permission to return the results from the specified query | |
| logs:StartLiveTail | Docs | Grants permission to start a Live Tail session in CloudWatch Logs | |
| logs:StartQuery | Docs | Grants permission to schedule a query of a log group using CloudWatch Logs Insights | |
| logs:StopLiveTail | Docs | Grants permission to stop a Live Tail session that is in progress | |
| logs:StopQuery | Docs | Grants permission to stop a CloudWatch Logs Insights query that is in progress | |
| logs:TestMetricFilter | Docs | Grants permission to test the filter pattern of a metric filter against a sample of log event messages | |
| logs:Unmask | Docs | Grants permission to fetch unmasked log events that have been redacted with a data protection policy | |
| logs:TagLogGroup | Docs | Grants permission to add or update the specified tags for the specified log group | |
| logs:TagResource | Docs | Grants permission to add or update the specified tags for the specified resource | |
| logs:UntagLogGroup | Docs | Grants permission to remove the specified tags from the specified log group | |
| logs:UntagResource | Docs | Grants permission to remove the specified tags from the specified resource | |
| logs:AssociateKmsKey | Docs | Grants permission to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group | |
| logs:CancelExportTask | Docs | Grants permission to cancel an export task if it is in PENDING or RUNNING state | |
| logs:CreateDelivery | Docs | Grants permission to create a delivery connecting a delivery source to a delivery destination | |
| logs:CreateExportTask | Docs | Grants permission to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket | |
| logs:CreateLogAnomalyDetector | Docs | Grants permission to create a log anomaly detector | |
| logs:CreateLogDelivery | Docs | Grants permission to create the log delivery | |
| logs:CreateLogGroup | Docs | Grants permission to create a new log group with the specified name | |
| logs:CreateLogStream | Docs | Grants permission to create a new log stream with the specified name | |
| logs:DeleteAccountPolicy | Docs | Grants permission to delete a data protection policy attached to an account | |
| logs:DeleteDataProtectionPolicy | Docs | Grants permission to delete a data protection policy attached to a log group | |
| logs:DeleteDelivery | Docs | Grants permission to delete a delivery | |
| logs:DeleteDeliveryDestination | Docs | Grants permission to delete a delivery destination after all associated deliveries are deleted | |
| logs:DeleteDeliveryDestinationPolicy | Docs | Grants permission to delete a delivery destination policy associated with a delivery destination | |
| logs:DeleteDeliverySource | Docs | Grants permission to delete a delivery source after all associated deliveries are deleted | |
| logs:DeleteDestination | Docs | Grants permission to delete the destination with the specified name | |
| logs:DeleteLogAnomalyDetector | Docs | Grants permission to delete a log anomaly detector | |
| logs:DeleteLogDelivery | Docs | Grants permission to delete the log delivery information for specified log delivery | |
| logs:DeleteLogGroup | Docs | Grants permission to delete the log group with the specified name | |
| logs:DeleteLogStream | Docs | Grants permission to delete a log stream | |
| logs:DeleteMetricFilter | Docs | Grants permission to delete a metric filter associated with the specified log group | |
| logs:DeleteQueryDefinition | Docs | Grants permission to delete a saved CloudWatch Logs Insights query definition | |
| logs:DeleteRetentionPolicy | Docs | Grants permission to delete the retention policy of the specified log group | |
| logs:DeleteSubscriptionFilter | Docs | Grants permission to delete a subscription filter associated with the specified log group | |
| logs:DisassociateKmsKey | Docs | Grants permission to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group | |
| logs:Link | Docs | Grants permission to share CloudWatch resources with a monitoring account | |
| logs:PutAccountPolicy | Docs | Grants permission to attach a data protection policy at account level to detect and redact sensitive information from log events | |
| logs:PutDataProtectionPolicy | Docs | Grants permission to attach a data protection policy to detect and redact sensitive information from log events | |
| logs:PutDeliveryDestination | Docs | Grants permission to create/update a delivery destination | |
| logs:PutDeliveryDestinationPolicy | Docs | Grants permission to attach a delivery destination policy to a delivery destination | |
| logs:PutDeliverySource | Docs | Grants permission to create/update a delivery source | |
| logs:PutDestination | Docs | Grants permission to create or update a Destination | |
| logs:PutDestinationPolicy | Docs | Grants permission to create or update an access policy associated with an existing Destination | |
| logs:PutLogEvents | Docs | Grants permission to upload a batch of log events to the specified log stream | |
| logs:PutMetricFilter | Docs | Grants permission to create or update a metric filter and associates it with the specified log group | |
| logs:PutQueryDefinition | Docs | Grants permission to create or update a query definition | |
| logs:PutRetentionPolicy | Docs | Grants permission to set the retention of the specified log group | |
| logs:PutSubscriptionFilter | Docs | Grants permission to create or update a subscription filter and associates it with the specified log group | |
| logs:UpdateAnomaly | Docs | Grants permission to update an anomaly reported by a log anomaly detector | |
| logs:UpdateLogAnomalyDetector | Docs | Grants permission to update a log anomaly detector | |
| logs:UpdateLogDelivery | Docs | Grants permission to update the log delivery information for specified log delivery |
aws:RequestTag/${TagKey}aws:ResourceTag/${TagKey}aws:TagKeyslogs:DeliveryDestinationResourceArnlogs:LogGeneratingResourceArns