AWS::CloudTrail::ResourcePolicy - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::CloudTrail::ResourcePolicy

Attaches a resource-based permission policy to a CloudTrail event data store, dashboard, or channel. For more information about resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::CloudTrail::ResourcePolicy",
  "Properties" : {
      "ResourceArn" : String,
      "ResourcePolicy" : Json
    }
}

YAML

Type: AWS::CloudTrail::ResourcePolicy
Properties:
  ResourceArn: String
  ResourcePolicy: Json

Properties

ResourceArn

The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.

Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash

Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9._/\-:]+$

Minimum: 3

Maximum: 256

Update requires: Replacement

ResourcePolicy

A JSON-formatted string for an Amazon resource-based policy.

For example resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.

Required: Yes

Type: Json

Minimum: 1

Maximum: 8192

Update requires: No interruption

Return values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource. The resource is a combination of the resource-based policy document and the channel ARN.

Examples

Example

The following example creates a resource policy that allows Amazon account ID 111122223333 to call PutAuditEvents on the channel defined as the resource ARN in the policy. For information about creating a resource policy, see Amazon CloudTrail resource-based policy examples in the Amazon CloudTrail User Guide.

JSON

{
  "Type": "AWS:CloudTrail:ResourcePolicy",
  "Properties": {
    "ResourceArn": "arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE",
    "ResourcePolicy": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"DeliverEventsThroughChannel\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": [ \"arn:aws:iam::111122223333:root\" ] }, \"Action\":\"cloudtrail-data:PutAuditEvents\", \"Resource\": \"arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE\" } ] }"
  }
}

YAML

  Type: AWS:CloudTrail:ResourcePolicy
  Properties:
    ResourceArn: "arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE"
    ResourcePolicy: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"DeliverEventsThroughChannel\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": [ \"arn:aws:iam::111122223333:root\" ] }, \"Action\":\"cloudtrail-data:PutAuditEvents\", \"Resource\": \"arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE\" } ] }"