Versions Compared

Version Old Version 2 New Version 3
Changes made by

KS

KS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note:  Logging resources we support are S3 Bucket, SQS, and CloudWatch log

 

Use case 1: Log Collection within same AWS account (Where LCP and logging resource are in the same AWS account)

  1. Sign in to the AWS Management Console.

  2. Open the AWS Identity and Access Management (IAM) console.

  3. In the navigation pane, choose Roles.

  4. Select Create role

  5. For Select type of trusted entity, choose AWS service and EC2 from Choose a use case

...

6. Click Next: Permissions at the bottom

7. Choose Create policy

8. Choose the JSON tab

9. Type or paste below JSON policy. Make sure you are replacing the resource name.

 

Expand
titleIncase of S3 Bucket
Code Block
{
"Effect": "Allow",
"Action": ["s3:ListBucket","s3:GetObject"],
"Resource": ["arn:aws:s3:::bucketname", "arn:aws:s3:::bucketname/*"],
"Condition": {}
}

  1. Click Next: Tags at the bottom.

  2. Add a tag to the policy (Optional)

  3. Click Next: Review

  4. Give appropriate name to policy, review it, and Click Create policy.

  5. Search the same policy name into the Search text box under Attach permissions policies and select it and Click Next: Tags

  6.  Add tag to the role (Optional)

  7. Give appropriate name to the Role, review it, and Click Create role.

  8. Go back to AWS Management Console.

  9. Open the EC2 Dashboard.

  10. Go to Instances (running) if the LCP machine is running or else go to Instances, search for LCP instance and start it.

  11. Select an LCP instance, go to Actions → Security →  Modify IAM role

  12. Search for the IAM role that you have created earlier and click Save

...