We have APMIA AWS extension running and trying to monitor apigateway AWS service. It is added to the schemalist. However, in the logs we see the below error.

Let us know what specific role we need in AWS to get this to work?

https://logs.us-east-1.amazonaws.com/?dummy=xxx-stack-sample-sw49test-dev-apigateway-someapilog1796FC1B0-8ujsjsDM6PFg
        {"__type":"AccessDeniedException","Message":"User: arn:aws:sts::823177619133:assumed-role/xxx_aws_broadcom_webmonitoring_tool_role/session1 is not authorized to perform: logs:DescribeSubscriptionFilters on resource: arn:aws:logs:us-east-1:823177619133:log-group:xxx-stack-sample-sw49test-dev-apigateway-someapilog1796FC1B0-8ujsjsDM6PFg:log-stream: because no identity-based policy allows the logs:DescribeSubscriptionFilters action"}, retry :0

Release : SAAS

Component : Integration with APM

1. Follow the doc to add permissions:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-apm-saas/SaaS/deploy-and-configure-dx-apm-agents/infrastructure-agent/Amazon-Web-Services-Monitoring/Configure-AWS-Monitoring/Role-Based-Approach.html

2. Please add "logs:DescribeSubscriptionFilters" to the list as well. We'll update the doc soon.