subcategory | layout | page_title | description |
---|---|---|---|
CloudWatch Logs |
aws |
AWS: aws_cloudwatch_log_destination_policy |
Provides a CloudWatch Logs destination policy. |
Provides a CloudWatch Logs destination policy resource.
resource "aws_cloudwatch_log_destination" "test_destination" {
name = "test_destination"
role_arn = aws_iam_role.iam_for_cloudwatch.arn
target_arn = aws_kinesis_stream.kinesis_for_cloudwatch.arn
}
data "aws_iam_policy_document" "test_destination_policy" {
statement {
effect = "Allow"
principals {
type = "AWS"
identifiers = [
"123456789012",
]
}
actions = [
"logs:PutSubscriptionFilter",
]
resources = [
aws_cloudwatch_log_destination.test_destination.arn,
]
}
}
resource "aws_cloudwatch_log_destination_policy" "test_destination_policy" {
destination_name = aws_cloudwatch_log_destination.test_destination.name
access_policy = data.aws_iam_policy_document.test_destination_policy.json
}
This resource supports the following arguments:
destination_name
- (Required) A name for the subscription filteraccess_policy
- (Required) The policy document. This is a JSON formatted string.force_update
- (Optional) Specify true if you are updating an existing destination policy to grant permission to an organization ID instead of granting permission to individual AWS accounts.
This resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import CloudWatch Logs destination policies using the destination_name
. For example:
import {
to = aws_cloudwatch_log_destination_policy.test_destination_policy
id = "test_destination"
}
Using terraform import
, import CloudWatch Logs destination policies using the destination_name
. For example:
% terraform import aws_cloudwatch_log_destination_policy.test_destination_policy test_destination