Granting CloudWatch access to a lambda function deployed using the Serverless framework

Question

My problem

I am writing a Lambda function using the Serverless framework.

The function is invoked by an HTTP request. It parses the request parameters, fetches some logs from a CloudWatch group and stream according to the parameters and replies with a summary of the logs.

I would like to grant CloudWatch read access to the Lambda function using the serverless configuration file.

Code

The function definition (serverless.yml) is pretty basic:

service: adam-test-sls
provider:
  name: aws
  runtime: nodejs6.10
  region: eu-central-1
functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: hello
          method: get

What have I tried

• Searching the serverless framework forums
• Google-fu
• AWS CloudFormation documentation (The serverless framework creates CloudFormation files from its YAML configuration)

My question

How do I grant read (and/or write) permissions that will enable this Lambda function to access Specific CloudWatch logs?

Answer 1

Serverless allows you to define a default IAM role for all functions (which should have CloudWatch access by default)

Also by default, your Lambda functions have permission to create and write to CloudWatch logs.

You can also fine tune the IAM role for all functions, or even provide fine-grained permissions for each function using the role attribute.

The reference is here