From 61f573c23517a6ba6c236b0478d721384cc6ee79 Mon Sep 17 00:00:00 2001 From: Wesley Pettit Date: Sat, 25 Jun 2022 23:22:45 -0700 Subject: [PATCH] aws: add IAM permissions for all plugins Signed-off-by: Wesley Pettit --- pipeline/outputs/cloudwatch.md | 19 +++++++++++++++++++ pipeline/outputs/firehose.md | 17 +++++++++++++++++ pipeline/outputs/kinesis.md | 17 +++++++++++++++++ pipeline/outputs/s3.md | 15 ++++++++++++++- 4 files changed, 67 insertions(+), 1 deletion(-) diff --git a/pipeline/outputs/cloudwatch.md b/pipeline/outputs/cloudwatch.md index c1ffcf1a3..4fa17b032 100644 --- a/pipeline/outputs/cloudwatch.md +++ b/pipeline/outputs/cloudwatch.md @@ -57,6 +57,25 @@ In your main configuration file append the following _Output_ section: auto_create_group On ``` +### Permissions + +The following AWS IAM permissions are required to use this plugin: + +``` +{ + "Version": "2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Action": [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Resource": "*" + }] +} +``` + ### Worker support Fluent Bit 1.7 adds a new feature called `workers` which enables outputs to have dedicated threads. This `cloudwatch_logs` plugin has partial support for workers. **The plugin can support a single worker; enabling multiple workers will lead to errors/indeterminate behavior.** diff --git a/pipeline/outputs/firehose.md b/pipeline/outputs/firehose.md index 08294cef5..617ff5ce1 100644 --- a/pipeline/outputs/firehose.md +++ b/pipeline/outputs/firehose.md @@ -51,6 +51,23 @@ In your main configuration file append the following _Output_ section: delivery_stream my-stream ``` +### Permissions + +The following AWS IAM permissions are required to use this plugin: + +``` +{ + "Version": "2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Action": [ + "firehose:PutRecordBatch" + ], + "Resource": "*" + }] +} +``` + ### Worker support Fluent Bit 1.7 adds a new feature called `workers` which enables outputs to have dedicated threads. This `kinesis_firehose` plugin fully supports workers. diff --git a/pipeline/outputs/kinesis.md b/pipeline/outputs/kinesis.md index fff4a07cf..5bcc97192 100644 --- a/pipeline/outputs/kinesis.md +++ b/pipeline/outputs/kinesis.md @@ -50,6 +50,23 @@ In your main configuration file append the following _Output_ section: stream my-stream ``` +### Permissions + +The following AWS IAM permissions are required to use this plugin: + +``` +{ + "Version": "2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Action": [ + "kinesis:PutRecords" + ], + "Resource": "*" + }] +} +``` + ### Worker support Fluent Bit 1.7 adds a new feature called `workers` which enables outputs to have dedicated threads. This `kinesis_streams` plugin fully supports workers. diff --git a/pipeline/outputs/s3.md b/pipeline/outputs/s3.md index ad56d568a..77004c623 100644 --- a/pipeline/outputs/s3.md +++ b/pipeline/outputs/s3.md @@ -50,7 +50,20 @@ To skip TLS verification, set `tls.verify` as `false`. For more details about th ## Permissions -The plugin requires `s3:PutObject` permission. +The plugin requires the following AWS IAM permissions: + +``` +{ + "Version": "2012-10-17", + "Statement": [{ + "Effect": "Allow", + "Action": [ + "s3:PutObject" + ], + "Resource": "*" + }] +} +``` ## S3 Key Format and Tag Delimiters