Amazon CloudWatch Logs

2022/10/31 - Amazon CloudWatch Logs - 3 new1 updated api methods

Changes  SDK release to support tagging for destinations and log groups with TagResource. Also supports tag on create with PutDestination.

ListTagsForResource (new) Link ¶

Displays the tags associated with a CloudWatch Logs resource. Currently, log groups and destinations support tagging.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    resourceArn='string'
)
type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource that you want to view tags for.

The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name

The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name

For more information about ARN format, see CloudWatch Logs resources and operations.

rtype:

dict

returns:

Response Syntax

{
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • tags (dict) --

      The list of tags associated with the requested resource.>

      • (string) --

        • (string) --

UntagResource (new) Link ¶

Removes one or more tags from the specified resource.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    resourceArn='string',
    tagKeys=[
        'string',
    ]
)
type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the CloudWatch Logs resource that you're removing tags from.

The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name

The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name

For more information about ARN format, see CloudWatch Logs resources and operations.

type tagKeys:

list

param tagKeys:

[REQUIRED]

The list of tag keys to remove from the resource.

  • (string) --

returns:

None

TagResource (new) Link ¶

Assigns one or more tags (key-value pairs) to the specified CloudWatch Logs resource. Currently, the only CloudWatch Logs resources that can be tagged are log groups and destinations.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.

You can use the TagResource action with a resource that already has tags. If you specify a new tag key for the alarm, this tag is appended to the list of tags associated with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces the previous value for that tag.

You can associate as many as 50 tags with a CloudWatch Logs resource.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    resourceArn='string',
    tags={
        'string': 'string'
    }
)
type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource that you're adding tags to.

The ARN format of a log group is arn:aws:logs:Region:account-id:log-group:log-group-name

The ARN format of a destination is arn:aws:logs:Region:account-id:destination:destination-name

For more information about ARN format, see CloudWatch Logs resources and operations.

type tags:

dict

param tags:

[REQUIRED]

The list of key-value pairs to associate with the resource.

  • (string) --

    • (string) --

returns:

None

PutDestination (updated) Link ¶
Changes (request)
{'tags': {'string': 'string'}}

Creates or updates a destination. This operation is used only to create destinations for cross-account subscriptions.

A destination encapsulates a physical resource (such as an Amazon Kinesis stream) and enables you to subscribe to a real-time stream of log events for a different account, ingested using PutLogEvents.

Through an access policy, a destination controls what is written to it. By default, PutDestination does not set any access policy with the destination, which means a cross-account user cannot call PutSubscriptionFilter against this destination. To enable this, the destination owner must call PutDestinationPolicy after PutDestination.

To perform a PutDestination operation, you must also have the iam:PassRole permission.

See also: AWS API Documentation

Request Syntax

client.put_destination(
    destinationName='string',
    targetArn='string',
    roleArn='string',
    tags={
        'string': 'string'
    }
)
type destinationName:

string

param destinationName:

[REQUIRED]

A name for the destination.

type targetArn:

string

param targetArn:

[REQUIRED]

The ARN of an Amazon Kinesis stream to which to deliver matching log events.

type roleArn:

string

param roleArn:

[REQUIRED]

The ARN of an IAM role that grants CloudWatch Logs permissions to call the Amazon Kinesis PutRecord operation on the destination stream.

type tags:

dict

param tags:

An optional list of key-value pairs to associate with the resource.

For more information about tagging, see Tagging Amazon Web Services resources

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'destination': {
        'destinationName': 'string',
        'targetArn': 'string',
        'roleArn': 'string',
        'accessPolicy': 'string',
        'arn': 'string',
        'creationTime': 123
    }
}

Response Structure

  • (dict) --

    • destination (dict) --

      The destination.

      • destinationName (string) --

        The name of the destination.

      • targetArn (string) --

        The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).

      • roleArn (string) --

        A role for impersonation, used when delivering log events to the target.

      • accessPolicy (string) --

        An IAM policy document that governs which Amazon Web Services accounts can create subscription filters against this destination.

      • arn (string) --

        The ARN of this destination.

      • creationTime (integer) --

        The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.