Am i missing a policy on the shipper account roles?

ServerlessOpsIO · Oct 23, 2024 · e344e53 · e344e53
1 parent 3c5eabd
commit e344e53
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/stacksets/logging/template.yaml b/stacksets/logging/template.yaml
@@ -21,6 +21,17 @@ Resources:
             Principal:
               Service: !Sub "logs.${AWS::Region}.amazonaws.com"
             Action: sts:AssumeRole
+      Policies:
+        - PolicyName: !Sub "${AWS::StackName}-datadog-cloudwatch-logs-policy"
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - firehose:PutRecord
+                  - firehose:PutRecordBatch
+                  - kinesis:PutRecord
+                Resource: !Ref DestinationArn
 
   CloudWatchAccountPolicy:
     Type: AWS::Logs::AccountPolicy