Trying to create log group for the aws , but its giving insufficient permission
CFT for log group
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The template for API gateway stage.",
"Resources": {
"logGroup": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"LogGroupName": "name"
}
}
},
"Outputs": {
"arn": {
"Description": "The API Gateway stage name",
"Value": {
"Fn::GetAtt": [
"logGroup",
"Arn"
]
}
}
}
}
CFT for API stage
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "The template for API gateway stage.",
"Parameters": {
"logGroupArn": {
"Type": "String"
},
"apiId": {
"Type": "String"
}
},
"Resources": {
"apiStage": {
"Type": "AWS::ApiGatewayV2::Stage",
"Properties": {
"AccessLogSettings": {
"DestinationArn" : {"Ref" : "logGroupArn"},
"Format": "{\"requestId\":\"$context.requestId\", \"ip\":\"$context.identity.sourceIp\", \"caller\":\"$context.identity.caller\", \"user\":\"$context.identity.user\",\"requestTime\":\"$context.requestTime\", \"routeKey\":\"$context.routeKey\", \"status\":\"$context.status\"}"
},
"ApiId": {"Ref" : "apiId"},
"AutoDeploy": true,
"Description": "Default stage",
"StageName": "$default"
}
}
},
"Outputs": {
"stageName": {
"Description": "The API Gateway stage name",
"Value": {
"Ref": "apiStage"
}
}
}
}
I am using this CFTs to create the log group and passing as parmater in the API stage but I am receiving this error as
Insufficient permissions to enable logging
Help me out what all permissoins need to add
