Skip to content

Resource: awsOamSinkPolicy

Terraform resource for managing an AWS CloudWatch Observability Access Manager Sink Policy.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOamSinkExample = new aws.oamSink.OamSink(this, "example", {
  name: "ExampleSink",
});
const awsOamSinkPolicyExample = new aws.oamSinkPolicy.OamSinkPolicy(
  this,
  "example_1",
  {
    policy:
      '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action   = ["oam:CreateLink", "oam:UpdateLink"]\n        Effect   = "Allow"\n        Resource = "*"\n        Principal = {\n          "AWS" = ["1111111111111", "222222222222"]\n        }\n        Condition = {\n          "ForAllValues:StringEquals" = {\n            "oam:ResourceTypes" = ["AWS::CloudWatch::Metric", "AWS::Logs::LogGroup"]\n          }\n        }\n      }\n    ]\n  })}',
    sinkIdentifier: awsOamSinkExample.id,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOamSinkPolicyExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

  • sinkIdentifier - (Required) ARN of the sink to attach this policy to.
  • policy - (Required) JSON policy to use. If you are updating an existing policy, the entire existing policy is replaced by what you specify here.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - ARN of the Sink.
  • sinkId - ID string that AWS generated as part of the sink ARN.

Timeouts

Configuration options:

  • create - (Default 1M)
  • update - (Default 1M)

Import

CloudWatch Observability Access Manager Sink Policy can be imported using the sinkIdentifier, e.g.,

$ terraform import aws_oam_sink_policy.example arn:aws:oam:us-west-2:123456789012:sink/sink-id