diff --git a/src/content/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/compatibility-requirement-lambda-monitoring.mdx b/src/content/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/compatibility-requirement-lambda-monitoring.mdx index 62e3c135341..d5d65be3306 100644 --- a/src/content/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/compatibility-requirement-lambda-monitoring.mdx +++ b/src/content/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/compatibility-requirement-lambda-monitoring.mdx @@ -16,77 +16,6 @@ Before enabling serverless monitoring using our Lambda layer, you'll need: 3. An AWS account with permissions for creating IAM resources, managed secrets, and Lambdas. You also need permissions for creating CloudFormation stacks and S3 buckets. -{/* Then you'll need to complete the following: - - 1. Install [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) configure using `aws configure`. You will need an AWS Access Key ID and AWS Secret Access Key. - - 2. Install [Python](https://www.python.org/downloads/) version 3.3 or higher. - - 3. Install the [`newrelic-lambda` CLI](https://github.com/newrelic/newrelic-lambda-cli#installation). To install it, run this command: - - ```bash - pip3 install newrelic-lambda-cli - ``` - - 4. By default, we use the AWS Managed Policy `ReadOnlyAccess`. This allows the Infrastructure integration to see all the resources in your account, rather than just your Lambda functions and CloudWatch metrics. New Relic recommends this default, but we understand that some organizations prefer a strict security posture for third party integrations. If you'd like to limit New Relic's access, the IAM role can be granted with a minimum of these permissions: - - ```yaml - Resource: "*" - Action: - - "cloudwatch:GetMetricStatistics" - - "cloudwatch:ListMetrics" - - "cloudwatch:GetMetricData" - - "lambda:GetAccountSettings" - - "lambda:ListFunctions" - - "lambda:ListAliases" - - "lambda:ListTags" - - "lambda:ListEventSourceMappings" - ``` - 5. Before running the CLI, you will need to grant New Relic a minimum of these permissions in AWS: - - ```json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "CLIAccessPolicy", - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:CreateStack", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet", - "iam:AttachRolePolicy", - "iam:CreateRole", - "iam:GetRole", - "iam:PassRole", - "lambda:AddPermission", - "lambda:CreateFunction", - "lambda:GetFunction", - "logs:DeleteSubscriptionFilter", - "logs:DescribeSubscriptionFilters", - "logs:PutSubscriptionFilter", - "s3:GetObject", - "serverlessrepo:CreateCloudFormationChangeSet", - "secretsmanager:CreateSecret" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Sid": "NRLogAccessPolicy", - "Effect": "Allow", - "Action": [ - "serverlessrepo:CreateCloudFormationTemplate", - "serverlessrepo:GetCloudFormationTemplate" - ], - "Resource": "arn:aws:serverlessrepo:us-east-1:463657938898:applications/NewRelic-log-ingestion" - } - ] - } - ``` - - If you'd like to learn more about our CLI, see [our CLI repo](https://github.com/newrelic/newrelic-lambda-cli#installation). */} - ## Supported runtimes Based on the type of instrumentation, the following runtimes are supported.