I’m imagining that a policy definition in serverless config might look like this:
resources:
Resources:
loggingPermission:
Type: AWS::IAM::Policy
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:${self:provider.region}:${accountId}:log-group:/aws/lambda/*:*:*
Is that right?