Update AWS IAM permissions for VPC connected Lambda function (#28789) (…

…#30346) (cherry picked from commit cfc69fd) Co-authored-by: Viacheslav Vasilyev <[email protected]>
elastic · Feb 11, 2022 · f6dcd5a · f6dcd5a
1 parent d20cdae
commit f6dcd5a
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/x-pack/functionbeat/docs/iam-permissions.asciidoc b/x-pack/functionbeat/docs/iam-permissions.asciidoc
@@ -66,7 +66,10 @@ function that collects events from CloudWatch logs.
                 "s3:DeleteObject",
                 "s3:ListBucket",
                 "s3:PutObject",
-                "s3:GetObject"
+                "s3:GetObject",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeVpcs"
             ],
             "Resource": "*"
         }
@@ -122,7 +125,10 @@ function that reads from SQS queues or Kinesis data streams.
                 "s3:DeleteObject",
                 "s3:ListBucket",
                 "s3:PutObject",
-                "s3:GetObject"
+                "s3:GetObject",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeVpcs"
             ],
             "Resource": "*"
         }