PutResourcePolicy - Amazon CloudWatch Logs
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

PutResourcePolicy

Creates or updates a resource policy allowing other Amazon services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per Amazon Region.

Request Syntax

{
   "policyDocument": "string",
   "policyName": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

policyDocument

Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.

The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace "logArn" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.

In the example resource policy, you would replace the value of SourceArn with the resource making the call from Route 53 to CloudWatch Logs. You would also replace the value of SourceAccount with the Amazon account ID making that call.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action": "logs:PutLogEvents", "Resource": "logArn", "Condition": { "ArnLike": { "aws:SourceArn": "myRoute53ResourceArn" }, "StringEquals": { "aws:SourceAccount": "myAwsAccountId" } } } ] }

Type: String

Length Constraints: Minimum length of 1. Maximum length of 5120.

Required: No

policyName

Name of the new policy. This parameter is required.

Type: String

Required: No

Response Syntax

{
   "resourcePolicy": { 
      "lastUpdatedTime": number,
      "policyDocument": "string",
      "policyName": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

resourcePolicy

The new policy.

Type: ResourcePolicy object

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidParameterException

A parameter is specified incorrectly.

HTTP Status Code: 400

LimitExceededException

You have reached the maximum number of resources that can be created.

HTTP Status Code: 400

ServiceUnavailableException

The service cannot complete the request.

HTTP Status Code: 500

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: