Log
data class LogResourcePolicyArgs(val policyDocument: Output<String>? = null, val policyName: Output<String>? = null) : ConvertibleToJava<LogResourcePolicyArgs>
Provides a resource to manage a CloudWatch log resource policy.
Example Usage
Elasticsearch Log Publishing
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogResourcePolicy;
import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var elasticsearch-log-publishing-policyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions(
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutLogEventsBatch")
.resources("arn:aws:logs:*")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("es.amazonaws.com")
.type("Service")
.build())
.build())
.build());
var elasticsearch_log_publishing_policyLogResourcePolicy = new LogResourcePolicy("elasticsearch-log-publishing-policyLogResourcePolicy", LogResourcePolicyArgs.builder()
.policyDocument(elasticsearch_log_publishing_policyPolicyDocument.json())
.policyName("elasticsearch-log-publishing-policy")
.build());
}
}Content copied to clipboard
Route53 Query Logging
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogResourcePolicy;
import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var route53-query-logging-policyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions(
"logs:CreateLogStream",
"logs:PutLogEvents")
.resources("arn:aws:logs:*:*:log-group:/aws/route53/*")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("route53.amazonaws.com")
.type("Service")
.build())
.build())
.build());
var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy("route53-query-logging-policyLogResourcePolicy", LogResourcePolicyArgs.builder()
.policyDocument(route53_query_logging_policyPolicyDocument.json())
.policyName("route53-query-logging-policy")
.build());
}
}Content copied to clipboard
Import
CloudWatch log resource policies can be imported using the policy name, e.g.,
$ pulumi import aws:cloudwatch/logResourcePolicy:LogResourcePolicy MyPolicy MyPolicyContent copied to clipboard