pulumi-aws-kotlin/com.pulumi.aws.cloudwatch.kotlin/LogDestinationPolicyArgs

LogDestinationPolicyArgs

data class LogDestinationPolicyArgs(val accessPolicy: Output<String>? = null, val destinationName: Output<String>? = null, val forceUpdate: Output<Boolean>? = null) : ConvertibleToJava<LogDestinationPolicyArgs>

Provides a CloudWatch Logs destination policy resource.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogDestination;
import com.pulumi.aws.cloudwatch.LogDestinationArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogDestinationPolicy;
import com.pulumi.aws.cloudwatch.LogDestinationPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var testDestination = new LogDestination("testDestination", LogDestinationArgs.builder()
            .roleArn(aws_iam_role.iam_for_cloudwatch().arn())
            .targetArn(aws_kinesis_stream.kinesis_for_cloudwatch().arn())
            .build());
        final var testDestinationPolicyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("AWS")
                    .identifiers("123456789012")
                    .build())
                .actions("logs:PutSubscriptionFilter")
                .resources(testDestination.arn())
                .build())
            .build());
        var testDestinationPolicyLogDestinationPolicy = new LogDestinationPolicy("testDestinationPolicyLogDestinationPolicy", LogDestinationPolicyArgs.builder()
            .destinationName(testDestination.name())
            .accessPolicy(testDestinationPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(testDestinationPolicyPolicyDocument -> testDestinationPolicyPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());
    }
}
Content copied to clipboard

Import

CloudWatch Logs destination policies can be imported using the destination_name, e.g.,

$ pulumi import aws:cloudwatch/logDestinationPolicy:LogDestinationPolicy test_destination_policy test_destination
Content copied to clipboard

Constructors

Link copied to clipboard
fun LogDestinationPolicyArgs(accessPolicy: Output<String>? = null, destinationName: Output<String>? = null, forceUpdate: Output<Boolean>? = null)

Functions

Link copied to clipboard
open override fun toJava(): LogDestinationPolicyArgs

Properties

Link copied to clipboard
val accessPolicy: Output<String>? = null

The policy document. This is a JSON formatted string.

Link copied to clipboard
val destinationName: Output<String>? = null

A name for the subscription filter

Link copied to clipboard
val forceUpdate: Output<Boolean>? = null

Specify true if you are updating an existing destination policy to grant permission to an organization ID instead of granting permission to individual AWS accounts.