From b8f271720a3bd7f4088c732d3fbd535ef2d1483b Mon Sep 17 00:00:00 2001
From: Matthew <106278637+Matthew-Grayson@users.noreply.github.com>
Date: Thu, 12 Oct 2023 15:03:17 -0500
Subject: [PATCH] Cloudwatch to s3 lambda: Add log export/stream permissions to
 lambda role (#2303)

* Add cloudwatch permissions to lambda role; remove redundant logs:GetLogEvents.
---
 backend/serverless.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/backend/serverless.yml b/backend/serverless.yml
index 4f8a3f317..eca3425e4 100644
--- a/backend/serverless.yml
+++ b/backend/serverless.yml
@@ -44,7 +44,6 @@ provider:
             - ecs:RunTask
             - ecs:ListTasks
             - iam:PassRole
-            - logs:GetLogEvents
           Resource: '*'
         - Effect: Allow
           Action:
@@ -70,9 +69,12 @@ provider:
           Resource: '*'
         - Effect: Allow
           Action:
+            - logs:CreateExportTask
+            - logs:CreateLogStream
             - logs:Describe*
             - logs:Get*
             - logs:List*
+            - logs:PutLogEvents
             - logs:StartQuery
             - logs:StopQuery
             - logs:TestMetricFilter