Add missing logs:DescribeLogGroups permission to integration role

DataDog / cloudformation-template

Easily set up the Datadog AWS integration using CloudFormation

Apache License 2.0

34 stars 43 forks source link

Add missing logs:DescribeLogGroups permission to integration role #21

Closed plumdog closed 3 years ago

plumdog commented 3 years ago

What does this PR do?

Fixes #20 by adding the missing permission.

tianchu commented 3 years ago

@plumdog this permission is only used by a deprecated feature for submitting custom metrics from Lambda functions https://docs.datadoghq.com/serverless/custom_metrics#deprecated-using-cloudwatch-logs. This permission is not needed unless you are relying on this feature. If you don't rely on this feature, we can turn it off completely from our backend to get rid of the noise (error), because the crawler doesn't know if you are using this feature or not, it will always make the requests.

plumdog commented 3 years ago

@tianchu OK, that makes sense.

Yeah, I guess giving the message from the Lambda Integration within Datadog some more context would maybe be helpful, but at least in my case, we are not relying on that feature anyway.

Thanks for explaining!