AWS::Logs::ResourcePolicy - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates or updates a resource policy that allows other Amazon services to put log events to this account. An account can have up to 10 resource policies per Amazon Region.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::Logs::ResourcePolicy", "Properties" : { "PolicyDocument" : String, "PolicyName" : String } }


Type: AWS::Logs::ResourcePolicy Properties: PolicyDocument: String PolicyName: String



The details of the policy. It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.

Required: Yes

Type: String

Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+

Minimum: 1

Maximum: 5120

Update requires: No interruption


The name of the resource policy.

Required: Yes

Type: String

Pattern: ^([^:*\/]+\/?)*[^:*\/]+$

Minimum: 1

Maximum: 255

Update requires: Replacement

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the PolicyName of the resource policy.

For more information about using the Ref function, see Ref.


Resource policy example

The following example creates a resource policy that allows Route 53 to write log events to a log group that has this policy attached.


{ "Type": "AWS::Logs::ResourcePolicy", "Properties": { "PolicyName": "MyResourcePolicy", "PolicyDocument": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }" } }


Type: AWS::Logs::ResourcePolicy Properties: PolicyName: "MyResourcePolicy" PolicyDocument: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"Route53LogsToCloudWatchLogs\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": [ \"\" ] }, \"Action\":\"logs:PutLogEvents\", \"Resource\": \"logArn\" } ] }"