AWS CloudWatch Setup Guide
-
Enter Log Group Name
-
Enter Role ARN
Follow the steps to create an IAM role for Fivetran,
- Steps to create an IAM policy
- Steps to create an IAM role
-
Select Region
-
Copy External ID
It is an external identifier used at the time of creating IAM role. It uniquely identifies Fivetran to assume the role.
-
Click on Save & Test
NOTE : Log group name should follow ^[.\-_/#A-Za-z0-9]+$ pattern.
Create an IAM Policy
Steps to create an IAM policy for Fivetran, to access your CloudWatch Logs:
-
Click on Policies
-
Click on Create policy
-
Click on the JSON tab
-
Copy the following section inside the space provided in the Json tab:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] } -
Click on Review policy
-
On the Review policy page, name the policy Fivetran-CloudWatch-Logs-Access and provide a description if you'd like.
-
Click on Create policy
Create an IAM role
-
Click on Roles from the sidebar menu, then click Create role
-
Select type of trusted entity as Another AWS account and enter Fivetran's account ID
834469178297
-
Select option Require external ID and provide the Fivetran External ID as displayed in the setup form.
-
Click on Next: Permissions
-
Find and select the Fivetran-CloudWatch-Logs-Access policy, then click Next: Review
-
Name the role Fivetran-CloudWatch-Logs and click Create role. The role creation may take a few seconds.
-
On the
Rolesscreen, click on the role you just created that will take you to the Summary screen of the role. Get the Role ARN and enter it into the Setup Form.