Resource: awsCloudwatchLogDestinationPolicy
Provides a CloudWatch Logs destination policy resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCloudwatchLogDestinationTestDestination =
new aws.cloudwatchLogDestination.CloudwatchLogDestination(
this,
"test_destination",
{
name: "test_destination",
roleArn: "${aws_iam_role.iam_for_cloudwatch.arn}",
targetArn: "${aws_kinesis_stream.kinesis_for_cloudwatch.arn}",
}
);
const dataAwsIamPolicyDocumentTestDestinationPolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"test_destination_policy",
{
statement: [
{
actions: ["logs:PutSubscriptionFilter"],
effect: "Allow",
principals: [
{
identifiers: ["123456789012"],
type: "AWS",
},
],
resources: [awsCloudwatchLogDestinationTestDestination.arn],
},
],
}
);
const awsCloudwatchLogDestinationPolicyTestDestinationPolicy =
new aws.cloudwatchLogDestinationPolicy.CloudwatchLogDestinationPolicy(
this,
"test_destination_policy_2",
{
accessPolicy: dataAwsIamPolicyDocumentTestDestinationPolicy.json,
destinationName: awsCloudwatchLogDestinationTestDestination.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCloudwatchLogDestinationPolicyTestDestinationPolicy.overrideLogicalId(
"test_destination_policy"
);
Argument Reference
The following arguments are supported:
destinationName
- (Required) A name for the subscription filteraccessPolicy
- (Required) The policy document. This is a JSON formatted string.forceUpdate
- (Optional) Specify true if you are updating an existing destination policy to grant permission to an organization ID instead of granting permission to individual AWS accounts.
Attributes Reference
No additional attributes are exported.
Import
CloudWatch Logs destination policies can be imported using the destinationName
, e.g.,