aws: add IAM permissions for all plugins

PettitWesley · PettitWesley · commit 61f573c23517 · 2022-06-25T23:23:11.000-07:00
Signed-off-by: Wesley Pettit &lt;wppttt@amazon.com&gt;
diff --git a/pipeline/outputs/cloudwatch.md b/pipeline/outputs/cloudwatch.md
@@ -57,6 +57,25 @@ In your main configuration file append the following _Output_ section:
     auto_create_group On
 ```
 
+### Permissions
+
+The following AWS IAM permissions are required to use this plugin:
+
+```
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"logs:CreateLogStream",
+			"logs:CreateLogGroup",
+			"logs:PutLogEvents"
+		],
+		"Resource": "*"
+	}]
+}
+```
+
 ### Worker support
 
 Fluent Bit 1.7 adds a new feature called `workers` which enables outputs to have dedicated threads. This `cloudwatch_logs` plugin has partial support for workers. **The plugin can support a single worker; enabling multiple workers will lead to errors/indeterminate behavior.**
diff --git a/pipeline/outputs/firehose.md b/pipeline/outputs/firehose.md
@@ -51,6 +51,23 @@ In your main configuration file append the following _Output_ section:
     delivery_stream my-stream
 ```
 
+### Permissions
+
+The following AWS IAM permissions are required to use this plugin:
+
+```
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"firehose:PutRecordBatch"
+		],
+		"Resource": "*"
+	}]
+}
+```
+
 ### Worker support
 
 Fluent Bit 1.7 adds a new feature called `workers` which enables outputs to have dedicated threads. This `kinesis_firehose` plugin fully supports workers.
diff --git a/pipeline/outputs/kinesis.md b/pipeline/outputs/kinesis.md
@@ -50,6 +50,23 @@ In your main configuration file append the following _Output_ section:
     stream my-stream
 ```
 
+### Permissions
+
+The following AWS IAM permissions are required to use this plugin:
+
+```
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"kinesis:PutRecords"
+		],
+		"Resource": "*"
+	}]
+}
+```
+
 ### Worker support
 
 Fluent Bit 1.7 adds a new feature called `workers` which enables outputs to have dedicated threads. This `kinesis_streams` plugin fully supports workers.
diff --git a/pipeline/outputs/s3.md b/pipeline/outputs/s3.md
@@ -50,7 +50,20 @@ To skip TLS verification, set `tls.verify` as `false`. For more details about th
 
 ## Permissions
 
-The plugin requires `s3:PutObject` permission.
+The plugin requires the following AWS IAM permissions:
+
+```
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+		"Effect": "Allow",
+		"Action": [
+			"s3:PutObject"
+		],
+		"Resource": "*"
+	}]
+}
+```
 
 ## S3 Key Format and Tag Delimiters
 
