This message was deleted.
# general
s
This message was deleted.
s
looked into my sg outbound rules and looks like all ports are enabled:
looks like creating log groups was failing
was missing this in the kms key:
Copy code
{
  "Effect": "Allow",
  "Principal": {
    "Service": "<http://logs.us-west-2.amazonaws.com|logs.us-west-2.amazonaws.com>"
  },
  "Action": [
    "kms:Encrypt*",
    "kms:Decrypt*",
    "kms:ReEncrypt*",
    "kms:GenerateDataKey*",
    "kms:Describe*"
  ],
  "Resource": "*",
  "Condition": {
    "ArnLike": {
      "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-west-2:*:*"
    }
  }
}