Class: Aws::CloudWatchLogs::Types::PutResourcePolicyRequest

Inherits:

Struct

• Object
• Struct
• Aws::CloudWatchLogs::Types::PutResourcePolicyRequest

Includes:

Structure

Defined in:

lib/aws-sdk-cloudwatchlogs/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #expected_revision_id ⇒ String

  The expected revision ID of the resource policy.

• #policy_document ⇒ String

  Details of the new policy, including the identity of the principal that is enabled to put logs to this account.

• #policy_name ⇒ String

  Name of the new policy.

• #resource_arn ⇒ String

  The ARN of the CloudWatch Logs resource to which the resource policy needs to be added or attached.

Instance Attribute Details

#expected_revision_id ⇒ String

The expected revision ID of the resource policy. Required when ‘resourceArn` is provided to prevent concurrent modifications. Use `null` when creating a resource policy for the first time.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7315

class PutResourcePolicyRequest < Struct.new(
  :policy_name,
  :policy_document,
  :resource_arn,
  :expected_revision_id)
  SENSITIVE = []
  include Aws::Structure
end

#policy_document ⇒ String

Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.

The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace ‘“logArn”` with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

CloudWatch Logs also supports [aws:SourceArn] and

aws:SourceAccount][2

condition context keys.

In the example resource policy, you would replace the value of ‘SourceArn` with the resource making the call from Route 53 to CloudWatch Logs. You would also replace the value of `SourceAccount` with the Amazon Web Services account ID making that call.

‘{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “Route53LogsToCloudWatchLogs”, “Effect”: “Allow”, “Principal”: { “Service”: [ “route53.amazonaws.com” ] }, “Action”: “logs:PutLogEvents”, “Resource”: “logArn”, “Condition”: { “ArnLike”: { “aws:SourceArn”: “myRoute53ResourceArn” }, “StringEquals”: { “aws:SourceAccount”: “myAwsAccountId” } } } ] }`

[1]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourcearn [2]: docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceaccount

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7315

class PutResourcePolicyRequest < Struct.new(
  :policy_name,
  :policy_document,
  :resource_arn,
  :expected_revision_id)
  SENSITIVE = []
  include Aws::Structure
end

#policy_name ⇒ String

Name of the new policy. This parameter is required.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7315

class PutResourcePolicyRequest < Struct.new(
  :policy_name,
  :policy_document,
  :resource_arn,
  :expected_revision_id)
  SENSITIVE = []
  include Aws::Structure
end

#resource_arn ⇒ String

The ARN of the CloudWatch Logs resource to which the resource policy needs to be added or attached. Currently only supports LogGroup ARN.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7315

class PutResourcePolicyRequest < Struct.new(
  :policy_name,
  :policy_document,
  :resource_arn,
  :expected_revision_id)
  SENSITIVE = []
  include Aws::Structure
end