AWS::Logs::ResourcePolicy
Creates or updates a resource policy that allows other AWS services to put log events to this account. An account can have up to 10 resource policies per AWS Region.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Logs::ResourcePolicy", "Properties" : { "PolicyDocument" :String, "PolicyName" :String} }
YAML
Type: AWS::Logs::ResourcePolicy Properties: PolicyDocument:StringPolicyName:String
Properties
PolicyDocument-
The details of the policy. It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.
Required: Yes
Type: String
Pattern:
[\u0009\u000A\u000D\u0020-\u00FF]+Minimum:
1Maximum:
5120Update requires: No interruption
PolicyName-
The name of the resource policy.
Required: Yes
Type: String
Pattern:
^([^:*\/]+\/?)*[^:*\/]+$Minimum:
1Maximum:
255Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the PolicyName of the resource policy.
For more information about using the Ref function, see Ref.
Examples
Resource policy example
The following example creates a resource policy that allows RouteĀ 53 to write log events to a log group that has this policy attached.
JSON
{ "Type": "AWS::Logs::ResourcePolicy", "Properties": { "PolicyName": "MyResourcePolicy", "PolicyDocument": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }" } }
YAML
Type: AWS::Logs::ResourcePolicy Properties: PolicyName: "MyResourcePolicy" PolicyDocument: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }"
