Functionbeat reached End of Support on October 18, 2023. You must consider
moving your deployments to the more versatile and efficient Elastic Serverless
Forwarder.
IAM permissions required to deploy Functionbeat
editIAM permissions required to deploy Functionbeat
editThis section describes the minimum privileges or roles required to deploy functions to your cloud provider.
Permissions required by AWS
editThe list of required permissions depends on the type of events that you are collecting. Here are some example policies that grant the required privileges.
CloudWatch logs
editThe following policy grants the permissions required to deploy and run a Lambda function that collects events from CloudWatch logs.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:UpdateStack",
"cloudformation:ValidateTemplate",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:PassRole",
"iam:PutRolePolicy",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:PutFunctionConcurrency",
"lambda:RemovePermission",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:PutSubscriptionFilter",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Resource": "*"
}
]
}
SQS and Kinesis
editThe following policy grants the permissions required to deploy and run a Lambda function that reads from SQS queues or Kinesis data streams.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:UpdateStack",
"cloudformation:ValidateTemplate",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:PassRole",
"iam:PutRolePolicy",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:CreateEventSourceMapping",
"lambda:DeleteFunction",
"lambda:DeleteEventSourceMapping",
"lambda:GetEventSourceMapping",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:PutFunctionConcurrency",
"lambda:RemovePermission",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"logs:DescribeLogGroups",
"logs:CreateLogGroup",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Resource": "*"
}
]
}