My Saved Presets
You must be logged in to view saved presets

Loading Library ...

CloudWatch Log Destination and Policy Setup

Creates a CloudWatch Logs destination and attaches an access policy to it, allowing specified AWS accounts to put subscription filters.

test_destination

aws_cloudwatch_log_destination




depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test_destination_policy

aws_cloudwatch_log_destination_policy



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



test_destination_policy

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_iam_policy_document" "test_destination_policy" {

  statement {
    actions = ["logs:PutSubscriptionFilter"]
    effect = "Allow"

    principals {
      identifiers = ["123456789012"]
      type = "AWS"
    }
    resources = [aws_cloudwatch_log_destination.test_destination.arn]
  }
}

resource "aws_cloudwatch_log_destination" "test_destination" {
  name = "test_destination"
  role_arn = "aws_iam_role.iam_for_cloudwatch.arn"
  target_arn = "aws_kinesis_stream.kinesis_for_cloudwatch.arn"
}

resource "aws_cloudwatch_log_destination_policy" "test_destination_policy" {
  access_policy = data.aws_iam_policy_document.test_destination_policy.json
  destination_name = aws_cloudwatch_log_destination.test_destination.name
}

© 2024 asecurecloud. All rights reserved.