Output Cloudwatch: IAM permissions

[2autunni]

On this file
pipeline/outputs/cloudwatch.md
for version 1.9.7 the IAM policy

{
	"Version": "2012-10-17",
	"Statement": [{
		"Effect": "Allow",
		"Action": [
			"logs:CreateLogStream",
			"logs:CreateLogGroup",
			"logs:PutLogEvents"
		],
		"Resource": "*"
	}]
}

doesn't works

generating an error similar to
User: arn:aws:sts::ACCOUNTID:assumed-role/TASKROLE/f8fe25c51f804adaaaa3822a47476353 is not authorized to perform: logs:DescribeLogStreams on resource: arn:aws:logs:eu-south-1:ACCOUNTID:log-group:LOGGROUP:log-stream: because no identity-based policy allows the logs:DescribeLogStreams action\n\tstatus code: 400, request id: 2436cba2-f56a-44f7-b94e-113d217328b6\n" func="github.com/aws/amazon-cloudwatch-logs-for-fluent-bit/cloudwatch.(*OutputPlugin).AddEvent()" file="cloudwatch.go:389"

{
	"Version": "2012-10-17",
	"Statement": [{
		"Effect": "Allow",
		"Action": [
			"logs:CreateLogStream",
			"logs:CreateLogGroup",
			"logs:PutLogEvents",
                        "logs:DescribeLogStreams"
		],
		"Resource": "*"
	}]
}

[github-actions]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days. Maintainers can add the exempt-stale label.

[github-actions]

This issue was closed because it has been stalled for 5 days with no activity.

[eschabell]

@2autunni I've taken the liberty of opening this issue as the docs PR #954 just needs to resolve conflicts to get merged. I've pinged you there.

[2autunni]

Hi @eschabell
Thank you, but I think that my commit is too old and maybe to many things are changed in the docs and in the plugin...
So I prefer do not merge my PR; if I'll have time I'll retest the new IAM policy that is now in the docs, and in case I'll open another PR.

[eschabell]

Thanks @2autunni, I've commented on the code PR #954 that I'm going to close this out per your request.