Answer-first summary for fast verification
Answer: Move the logs:CreateLogGroup action to the second Allow statement.
The execution role of the Lambda function requires permissions to create log groups, create log streams, and put log events in CloudWatch Logs. The error message 'error loading Log Streams' indicates that the necessary permissions for creating log streams are missing. By moving the logs:CreateLogGroup action to the second Allow statement, the security engineer ensures that the execution role has the required permissions to create log groups, allowing log streams to be loaded and viewed in CloudWatch. Therefore, Option A is the correct answer.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A security engineer with administrator permissions logs into the AWS Lambda console and attempts to view logs in Amazon CloudWatch for a specific Lambda function named 'myFunction'. Upon selecting the option to view logs in CloudWatch, the engineer encounters an 'error loading Log Streams' message. The IAM policy associated with the Lambda function's execution role is relevant to this issue. What corrective action should the security engineer implement to successfully view the logs?
A
Move the logs:CreateLogGroup action to the second Allow statement.
B
Add the logs:PutDestination action to the second Allow statement.
C
Add the logs:GetLogEvents action to the second Allow statement.
D
Add the logs:CreateLogStream action to the second Allow statement.