{"slug":"iam-aws-logs","cloud":"aws","service":"logs","title":"AWS CloudWatch Logs (IAM)","description":"Amazon CloudWatch Logs centralizes logs from AWS services and applications for monitoring and troubleshooting.","category":"monitoring","common_permissions":["logs:CreateLogGroup","logs:DeleteLogGroup","logs:CreateLogStream","logs:DeleteLogStream","logs:PutLogEvents","logs:GetLogEvents","logs:StartQuery","logs:StopQuery"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:DeleteLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:DeleteLogStream\",\n        \"logs:PutLogEvents\",\n        \"logs:GetLogEvents\",\n        \"logs:StartQuery\",\n        \"logs:StopQuery\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid logs:* — grants full control including deletion of log groups and streams.","Avoid logs:PutLogEvents without conditions — can lead to excessive log ingestion costs."],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/logs/logs.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:48:32.466Z","updated_at":"2026-06-14T04:48:32.466Z"}