Resource: awsCloudwatchLogResourcePolicy
Provides a resource to manage a CloudWatch log resource policy.
Example Usage
Elasticsearch Log Publishing
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentElasticsearchLogPublishingPolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"elasticsearch-log-publishing-policy",
{
statement: [
{
actions: [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
],
principals: [
{
identifiers: ["es.amazonaws.com"],
type: "Service",
},
],
resources: ["arn:aws:logs:*"],
},
],
}
);
const awsCloudwatchLogResourcePolicyElasticsearchLogPublishingPolicy =
new aws.cloudwatchLogResourcePolicy.CloudwatchLogResourcePolicy(
this,
"elasticsearch-log-publishing-policy_1",
{
policyDocument:
dataAwsIamPolicyDocumentElasticsearchLogPublishingPolicy.json,
policyName: "elasticsearch-log-publishing-policy",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCloudwatchLogResourcePolicyElasticsearchLogPublishingPolicy.overrideLogicalId(
"elasticsearch-log-publishing-policy"
);
Route53 Query Logging
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentRoute53QueryLoggingPolicy =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"route53-query-logging-policy",
{
statement: [
{
actions: ["logs:CreateLogStream", "logs:PutLogEvents"],
principals: [
{
identifiers: ["route53.amazonaws.com"],
type: "Service",
},
],
resources: ["arn:aws:logs:*:*:log-group:/aws/route53/*"],
},
],
}
);
const awsCloudwatchLogResourcePolicyRoute53QueryLoggingPolicy =
new aws.cloudwatchLogResourcePolicy.CloudwatchLogResourcePolicy(
this,
"route53-query-logging-policy_1",
{
policyDocument: dataAwsIamPolicyDocumentRoute53QueryLoggingPolicy.json,
policyName: "route53-query-logging-policy",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCloudwatchLogResourcePolicyRoute53QueryLoggingPolicy.overrideLogicalId(
"route53-query-logging-policy"
);
Argument Reference
The following arguments are supported:
policyDocument
- (Required) Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters.policyName
- (Required) Name of the resource policy.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The name of the CloudWatch log resource policy
Import
CloudWatch log resource policies can be imported using the policy name, e.g.,