Lambda Execution Role for CloudWatch Logs
Question
Which of the following actions is required by Lambda execution role to write the logs into AWS CloudWatch? (choose 3 options)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: A, C, E.
https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html?shortFooter=true#lambda-intro-execution-role.
To write the logs into AWS CloudWatch, a Lambda function requires certain permissions to be set in its execution role. These permissions determine what the function can do when interacting with CloudWatch Logs.
Out of the given options, the three required actions that must be added to the Lambda execution role are:
logs:CreateLogGroup: This permission allows the Lambda function to create a new log group in CloudWatch Logs. A log group is a container for log streams that share the same retention, monitoring, and access control settings.
logs:CreateLogStream: This permission allows the Lambda function to create a new log stream within a log group. A log stream is a sequence of log events that share the same source.
logs:PutLogEvents: This permission allows the Lambda function to write log events to a log stream. A log event represents a single occurrence of an event in a log stream.
The remaining options are not required for writing logs into AWS CloudWatch:
logs:GetLogEvents: This permission is used to retrieve log events from a log stream, but it is not required for writing logs.
logs:DescribeLogStreams: This permission allows the Lambda function to list the available log streams in a log group, but it is not required for writing logs.
Therefore, options A, C, and E are the correct answers as they contain the required actions that are needed by the Lambda execution role to write the logs into AWS CloudWatch.