Amazon CloudWatch Logs
API Reference (API Version 2014-03-28)


Creates or updates an access policy associated with an existing Destination. An access policy is an IAM policy document that is used to authorize claims to register a subscription filter against a given destination.

Request Syntax

   "accessPolicy": "string",
   "destinationName": "string"

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


An IAM policy document that authorizes cross-account users to deliver their log events to associated destination.

Type: String

Length Constraints: Minimum length of 1.

Required: Yes


A name for an existing destination.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: [^:*]*

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


Returned if a parameter of the request is incorrectly specified.

HTTP Status Code: 400


Returned if multiple requests to update the same resource were in conflict.

HTTP Status Code: 400


Returned if the service cannot complete the request.

HTTP Status Code: 500


Create or update an access policy of a destination

The following is an example of a PutDestinationPolicy request and response.

Sample Request

Host: logs.<region>.<domain>
X-Amz-Date: <DATE>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature>
User-Agent: <UserAgentString>
Accept: application/json
Content-Type: application/x-amz-json-1.1
Content-Length: <PayloadSizeBytes>
Connection: Keep-Alive
X-Amz-Target: Logs_20140328.PutDestinationPolicy
  "destinationName": "exampleDestinationName",
  "accessPolicy": "{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Sid\": \"\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"\"}, \"Action\": \"logs:PutSubscriptionFilter\",\"Resource\": \"arn:aws:logs:us-east-1:123456789:destination:exampleDestinationName\"}]}"

Sample Response

HTTP/1.1 200 OK
x-amzn-RequestId: <RequestId>
Content-Type: application/x-amz-json-1.1
Content-Length: <PayloadSizeBytes>
Date: <Date>