Permissions for monitoring Amazon Q Business with
Amazon CloudWatch Logs
To set up Amazon CloudWatch Logs for Amazon Q Business, use the following IAM policy to grant the necessary
permissions.
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:CreateDelivery",
"Resource": [
"arn:aws:logs:us-east-1
:your-account-id
:delivery-source:*",
"arn:aws:logs:us-east-1
:your-account-id
:delivery:*",
"arn:aws:logs:us-east-1
:your-account-id
:delivery-destination:*"
]
},
{
"Effect": "Allow",
"Action": "qbusiness:AllowVendedLogDeliveryForResource",
"Resource": [
"arn:aws:qbusiness:us-east-1:your-account-id:application/application-id"
]
}
]
}
For example IAM policies with all the required permissions for your specific logging
destination, see Enable logging from
AWS services in the Amazon CloudWatch Logs User Guide.