AWS::Logs::ResourcePolicy - AWS CloudFormation

AWS::Logs::ResourcePolicy

Creates or updates a resource policy that allows other AWS services to put log events to this account. An account can have up to 10 resource policies per AWS Region.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Logs::ResourcePolicy", "Properties" : { "PolicyDocument" : String, "PolicyName" : String } }

YAML

Type: AWS::Logs::ResourcePolicy Properties: PolicyDocument: String PolicyName: String

Properties

PolicyDocument

The details of the policy. It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.

Required: Yes

Type: String

Minimum: 1

Maximum: 5120

Update requires: No interruption

PolicyName

The name of the resource policy.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the PolicyName of the resource policy.

For more information about using the Ref function, see Ref.

Examples

Resource policy example

The following example creates a resource policy that allows Route 53 to write log events to a log group that has this policy attached.

JSON

{ "Type": "AWS::Logs::ResourcePolicy", "Properties": { "PolicyName": "MyResourcePolicy", "PolicyDocument": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }" } }

YAML

Type: AWS::Logs::ResourcePolicy Properties: PolicyName: "MyResourcePolicy" PolicyDocument: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }"