Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::Logs::SubscriptionFilter

The AWS::Logs::SubscriptionFilter resource creates an Amazon CloudWatch Logs (CloudWatch Logs) subscription filter that defines which log events are delivered to your Amazon Kinesis stream or AWS Lambda (Lambda) function and where to send them.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::Logs::SubscriptionFilter", "Properties" : { "DestinationArn" : String, "FilterPattern" : String, "LogGroupName" : String, "RoleArn" : String } }

YAML

Copy
Type: "AWS::Logs::SubscriptionFilter" Properties: DestinationArn: String FilterPattern: String LogGroupName: String RoleArn: String

Properties

DestinationArn

The Amazon Resource Name (ARN) of the Amazon Kinesis stream or Lambda function that you want to use as the subscription feed destination.

Required: Yes

Type: String

Update requires: Replacement

FilterPattern

The filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see Filter and Pattern Syntax in the Amazon CloudWatch User Guide.

Required: Yes

Type: String

Update requires: Replacement

LogGroupName

The log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events.

Required: Yes

Type: String

Update requires: Replacement

RoleArn

An IAM role that grants CloudWatch Logs permission to put data into the specified Amazon Kinesis stream. For Lambda and CloudWatch Logs destinations, don't specify this property because CloudWatch Logs gets the necessary permissions from the destination resource.

Required: No

Type: String

Update requires: Replacement

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource name.

For more information about using the Ref function, see Ref.

Example

The following example sends log events that are associated with the Root user to an Amazon Kinesis stream.

JSON

Copy
"SubscriptionFilter" : { "Type" : "AWS::Logs::SubscriptionFilter", "Properties" : { "RoleArn" : { "Fn::GetAtt" : [ "CloudWatchIAMRole", "Arn" ] }, "LogGroupName" : { "Ref" : "LogGroup" }, "FilterPattern" : "{$.userIdentity.type = Root}", "DestinationArn" : { "Fn::GetAtt" : [ "KinesisStream", "Arn" ] } } }

YAML

Copy
SubscriptionFilter: Type: "AWS::Logs::SubscriptionFilter" Properties: RoleArn: Fn::GetAtt: - "CloudWatchIAMRole" - "Arn" LogGroupName: Ref: "LogGroup" FilterPattern: "{$.userIdentity.type = Root}" DestinationArn: Fn::GetAtt: - "KinesisStream" - "Arn"