Resource: awsOamSinkPolicy
Terraform resource for managing an AWS CloudWatch Observability Access Manager Sink Policy.
Example Usage
Basic Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsOamSinkExample = new aws.oamSink.OamSink(this, "example", {
name: "ExampleSink",
});
const awsOamSinkPolicyExample = new aws.oamSinkPolicy.OamSinkPolicy(
this,
"example_1",
{
policy:
'${jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Action = ["oam:CreateLink", "oam:UpdateLink"]\n Effect = "Allow"\n Resource = "*"\n Principal = {\n "AWS" = ["1111111111111", "222222222222"]\n }\n Condition = {\n "ForAllValues:StringEquals" = {\n "oam:ResourceTypes" = ["AWS::CloudWatch::Metric", "AWS::Logs::LogGroup"]\n }\n }\n }\n ]\n })}',
sinkIdentifier: awsOamSinkExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsOamSinkPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are required:
sinkIdentifier
- (Required) ARN of the sink to attach this policy to.policy
- (Required) JSON policy to use. If you are updating an existing policy, the entire existing policy is replaced by what you specify here.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- ARN of the Sink.sinkId
- ID string that AWS generated as part of the sink ARN.
Timeouts
create
- (Default1M
)update
- (Default1M
)
Import
CloudWatch Observability Access Manager Sink Policy can be imported using the sinkIdentifier
, e.g.,