Knowledge Base Home

AWS Integrations – Setting up Cloudwatch Logging Permissions

A quick walkthrough demonstrating the configuration of a Cloudwatch Logs policy and the creation of a Cloudwatch Logging Group.


  1. Check your IAM Users and ensure you have an identity to provision Cloudwatch Logging Permissions against. If you do not have a user or wish to create a new one for logging purposes, do so now.
  2. Click Policies in the lefthand navigation panel and click the “Create policy” button at the top of the screen.
  3. Click “Choose a service” and search for “Cloudwatch Logs”
  4. Expand the List Access level and apply DescribeLogGroups & DescribeLogStreams
  5. Expand the Write Access level and apply CreateLogGroup, CreateLogStream & PutLogEvents
  6. In the Resources section choose to apply this policy to specific resources or All resources. Click “Review policy” to proceed.
  7. Enter a name for the policy and optionally input a description. Click “Create policy”
  8. Click Users in the lefthand navigation panel and select a user to apply this policy against.
  9. Click the “Add Permissions” button and select the “Attach existing policies directly” option at the top of the screen. Search for the newly created Cloudwatch Logs policy. Select the policy and click “Review”
  10. Click “Add Permissions” at the bottom of the screen to apply this policy to the selected user
  11. Expand the AWS Services dropdown and search for Cloudwatch
  12. Select the action to create a new log group. Enter a name for the group and click “Create log group” to provision the resource.
  13. Now you can use the appropriate API Access Key and Secret for the user with the Cloudwatch Logs Permissions to configure log streaming from your node to the Cloudwatch Logging Group.

Prev AWS Integrations – Generating an Encryption Key Next AWS Integrations – Generating a PrivateLink Endpoint