'InvalidParameterException: Please ensure that the CreateExportTask caller has been granted s3:PutObject access to the bucket
I am trying to create a Scheduled Lambda which will call cloudwatch "createExportTask" function to export logs from Account A (which contains the logs i.e. source) to Account B (which contains the S3 Bucket i.e. destination)
However, I am getting the error as
InvalidParameterException: Please ensure that the CreateExportTask caller has been granted s3:PutObject access to the bucket.
I am not sure whether the issue is with the parameters in the "createExportTask" function to S3 access. Refer Error Section - https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateExportTask.html
- I tried to export task manually, It works correctly.
- I tried to export task via lambda in same account, It works correctly.
- I have created an IAM role in account B(destination account) with s3 write permission and trust relationship with account A(source account)
- I have given assume role permission for the IAM created in account B(destination account) to Lambda Execution Role IAM role in account A(source account)
Let me know, if you need IAM roles and trust relationship details.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|