AWS::Logs::ResourcePolicy - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Logs::ResourcePolicy

Creates or updates a resource policy that allows other Amazon services to put log events to this account. An account can have up to 10 resource policies per Amazon Region.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Logs::ResourcePolicy", "Properties" : { "PolicyDocument" : String, "PolicyName" : String } }

YAML

Type: AWS::Logs::ResourcePolicy Properties: PolicyDocument: String PolicyName: String

Properties

PolicyDocument

The details of the policy. It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.

Required: Yes

Type: String

Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+

Minimum: 1

Maximum: 5120

Update requires: No interruption

PolicyName

The name of the resource policy.

Required: Yes

Type: String

Pattern: ^([^:*\/]+\/?)*[^:*\/]+$

Minimum: 1

Maximum: 255

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the PolicyName of the resource policy.

For more information about using the Ref function, see Ref.

Examples

Resource policy example

The following example creates a resource policy that allows Route 53 to write log events to a log group that has this policy attached.

JSON

{ "Type": "AWS::Logs::ResourcePolicy", "Properties": { "PolicyName": "MyResourcePolicy", "PolicyDocument": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }" } }

YAML

Type: AWS::Logs::ResourcePolicy Properties: PolicyName: "MyResourcePolicy" PolicyDocument: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"route53.amazonaws.com\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }"