PutResourcePolicy
Creates or updates a resource policy allowing other AWS services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per AWS Region.
Request Syntax
{
"policyDocument": "string
",
"policyName": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- policyDocument
-
Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.
The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace
"logArn"
with the ARN of your CloudWatch Logs resource, such as a log group or log stream.CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.
In the example resource policy, you would replace the value of
SourceArn
with the resource making the call from RouteĀ 53 to CloudWatch Logs. You would also replace the value ofSourceAccount
with the AWS account ID making that call.{ "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action": "logs:PutLogEvents", "Resource": "logArn", "Condition": { "ArnLike": { "aws:SourceArn": "myRoute53ResourceArn" }, "StringEquals": { "aws:SourceAccount": "myAwsAccountId" } } } ] }
Type: String
Length Constraints: Minimum length of 1. Maximum length of 5120.
Required: No
- policyName
-
Name of the new policy. This parameter is required.
Type: String
Required: No
Response Syntax
{
"resourcePolicy": {
"lastUpdatedTime": number,
"policyDocument": "string",
"policyName": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- resourcePolicy
-
The new policy.
Type: ResourcePolicy object
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidParameterException
-
A parameter is specified incorrectly.
HTTP Status Code: 400
- LimitExceededException
-
You have reached the maximum number of resources that can be created.
HTTP Status Code: 400
- ServiceUnavailableException
-
The service cannot complete the request.
HTTP Status Code: 500
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: