https://www.elastic.co/guide/en/beats/functionbeat/7.x/configuration-functionbeat-options.html#functionbeat-role says that I can add a parameter named
role to my functionbeat config.
Where to add it? I'm guessing it's meant as an attribute of an item in the
functionbeat.provider.aws.functions list. Is that correct? If not, where to put it?
The value of the
role attribute is said to be an aws role's arn. https://www.elastic.co/guide/en/beats/functionbeat/7.x/iam-permissions.html describes the actions that need to be in the role policy, but does not say anything about which resources these actions will be allowed on. It just cites '*' for the resource. My employer's policy doesn't allow me to say that. So, I have to be more specific. What resources should I cite as part of the policy?