How to stop AWS Lambda to log into CloudWatch

AWS Lambda registration at CloudWatch can be a huge hidden cost if you have a lot of them, because there is no way to tell AWS to stop logging on the CloudWatch platform. The only way I found is to manage the IAM user policy (associated with each lambda) and explicitly deny access to logs: ... actions :

{
        "Sid": "DisableAllLogs",
        "Resource": "*",
        "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
        ],
        "Effect": "Deny"
}

Now I'm trying to evaluate a policy to only allow lambda to write. To do this, I use the Policy condition settings :

{
        "Sid": "EnableLogsForWantedLambdaTriggers",
        "Resource": "*",
        "Condition": {
            "ArnEquals": {
                "aws:SourceArn": "arn:aws:lambda:REGION:ACCOUNT-ID:function:FUNCTION-NAME"
            }
        },
        "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
        ],
        "Effect": "Allow"
}

but this way no log is sent to CloudWatch. I think the source of ARN is wrong, but I can not find the right one.

Any clues?