Functionbeat reached End of Support on October 18, 2023. You must consider
moving your deployments to the more versatile and efficient Elastic Serverless
Forwarder.
IAM permissions required to deploy Functionbeatedit
This section describes the minimum privileges or roles required to deploy functions to your cloud provider.
Permissions required by AWSedit
The list of required permissions depends on the type of events that you are collecting. Here are some example policies that grant the required privileges.
CloudWatch logsedit
The following policy grants the permissions required to deploy and run a Lambda function that collects events from CloudWatch logs.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:ValidateTemplate", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetRole", "iam:GetRolePolicy", "iam:PassRole", "iam:PutRolePolicy", "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:PutFunctionConcurrency", "lambda:RemovePermission", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:DeleteSubscriptionFilter", "logs:DescribeLogGroups", "logs:PutSubscriptionFilter", "s3:CreateBucket", "s3:DeleteObject", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Resource": "*" } ] }
SQS and Kinesisedit
The following policy grants the permissions required to deploy and run a Lambda function that reads from SQS queues or Kinesis data streams.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:ValidateTemplate", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:GetRole", "iam:GetRolePolicy", "iam:PassRole", "iam:PutRolePolicy", "lambda:AddPermission", "lambda:CreateFunction", "lambda:CreateEventSourceMapping", "lambda:DeleteFunction", "lambda:DeleteEventSourceMapping", "lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:PutFunctionConcurrency", "lambda:RemovePermission", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "logs:DescribeLogGroups", "logs:CreateLogGroup", "s3:CreateBucket", "s3:DeleteObject", "s3:ListBucket", "s3:PutObject", "s3:GetObject", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Resource": "*" } ] }