For our EC2 instances to be able to send session logs to the S3 bucket, we will need to update the IAM Role assigned to the EC2 instance by adding a policy that allows access to S3.
Go to IAM service management console
Click Attach policies.
In the Search box enter S3.
In the production environment, we will grant stricter permissions to the specified S3 bucket. In the framework of this lab, we use the policy AmazonS3FullAccess for convenience.
Next, we will proceed to create an S3 bucket to store session logs.