You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* <p>CloudWatch Logs doesn’t support IAM policies that prevent users from assigning specified
227
-
* tags to log groups using the <code>aws:Resource/<i>key-name</i>
228
-
* </code> or
229
-
* <code>aws:TagKeys</code> condition keys. For more information about using tags to control
230
-
* access, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Controlling access to Amazon Web Services resources using tags</a>.</p>
226
+
* <p>You can grant users access to certain log groups while preventing them from accessing other log groups.
227
+
* To do so, tag your groups and use IAM policies that refer to those tags. To assign tags when
228
+
* you create a log group, you must have either the <code>logs:TagResource</code> or <code>logs:TagLogGroup</code>
229
+
* permission. For more information about tagging, see
230
+
* <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a>.
231
+
* For more information about using tags to control access, see
232
+
* <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Controlling access to Amazon Web Services resources using tags</a>.</p>
0 commit comments