Provides a resource to manage a CloudWatch log resource policy.
data "aws_iam_policy_document" "route53-query-logging-policy" { statement { actions = [ "logs:CreateLogStream", "logs:PutLogEvents", ] resources = ["arn:aws:logs:*:*:log-group:/aws/route53/*"] principals { identifiers = ["route53.amazonaws.com"] type = "Service" } } } resource "aws_cloudwatch_log_resource_policy" "route53-query-logging-policy" { policy_document = "${data.aws_iam_policy_document.route53-query-logging-policy.json}" policy_name = "route53-query-logging-policy" }
The following arguments are supported:
policy_document
- (Required) Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters. policy_name
- (Required) Name of the resource policy. In addition to all arguments above, the following attributes are exported:
id
- The name of the CloudWatch log resource policy CloudWatch log resource policies can be imported using the policy name, e.g.
$ terraform import aws_cloudwatch_log_resource_policy.MyPolicy MyPolicy
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/cloudwatch_log_resource_policy.html