Provides a resource to manage a CloudWatch log resource policy.

Example Usage

Route53 Query Logging

data "aws_iam_policy_document" "route53-query-logging-policy" {
  statement {
    actions = [

    resources = ["arn:aws:logs:*:*:log-group:/aws/route53/*"]

    principals {
      identifiers = ["route53.amazonaws.com"]
      type        = "Service"

resource "aws_cloudwatch_log_resource_policy" "route53-query-logging-policy" {
  policy_document = "${data.aws_iam_policy_document.route53-query-logging-policy.json}"
  policy_name     = "route53-query-logging-policy"

Argument Reference

The following arguments are supported:

  • policy_document - (Required) Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters.
  • policy_name - (Required) Name of the resource policy.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The name of the CloudWatch log resource policy


CloudWatch log resource policies can be imported using the policy name, e.g.

$ terraform import aws_cloudwatch_log_resource_policy.MyPolicy MyPolicy

© 2018 HashiCorpLicensed under the MPL 2.0 License.