To access your logs, ensure that you have one of the required IAM roles and are in your AMS account. Then navigate to the directory shown.
Provides five default IAM roles, each of which allow access to all logs
within your account (all are prefaced with AWSManagedServices):
AdminRoleCaseRoleChangeManagementRoleReadOnlyRoleSecurityOpsRole
Access to these roles is configured via federation, with each role being mapped to a group within your Active Directory domain.
To learn more about these roles, see IAM user role in AMS .
