2025/07/16 - Amazon CloudWatch Logs - 10 updated api methods
Changes CloudWatch Logs updates: Added X-Ray tracing for Amazon Bedrock Agent resources. Logs introduced Log Group level resource policies (managed through Put/Delete/Describe Resource Policy APIs). For more information, see CloudWatch Logs API documentation.
{'delivery': {'deliveryDestinationType': {'XRAY'}}}
Creates a delivery. A delivery is a connection between a logical delivery source and a logical delivery destination that you have already created.
Only some Amazon Web Services services support being configured as a delivery source using this operation. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.
A delivery destination can represent a log group in CloudWatch Logs, an Amazon S3 bucket, a delivery stream in Firehose, or X-Ray.
To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.
Create a delivery destination, which is a logical object that represents the actual delivery destination. For more information, see PutDeliveryDestination.
If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination.
You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
To update an existing delivery configuration, use UpdateDeliveryConfiguration.
See also: AWS API Documentation
Request Syntax
client.create_delivery(
deliverySourceName='string',
deliveryDestinationArn='string',
recordFields=[
'string',
],
fieldDelimiter='string',
s3DeliveryConfiguration={
'suffixPath': 'string',
'enableHiveCompatiblePath': True|False
},
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the delivery source to use for this delivery.
string
[REQUIRED]
The ARN of the delivery destination to use for this delivery.
list
The list of record fields to be delivered to the destination, in order. If the delivery's log source has mandatory fields, they must be included in this list.
(string) --
string
The field delimiter to use between record fields when the final output format of a delivery is in Plain, W3C, or Raw format.
dict
This structure contains parameters that are valid only when the delivery's delivery destination is an S3 bucket.
suffixPath (string) --
This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. To find the values supported for the suffix path for each log source, use the DescribeConfigurationTemplates operation and check the allowedSuffixPathFields field in the response.
enableHiveCompatiblePath (boolean) --
This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.
dict
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
(string) --
(string) --
dict
Response Syntax
{
'delivery': {
'id': 'string',
'arn': 'string',
'deliverySourceName': 'string',
'deliveryDestinationArn': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'recordFields': [
'string',
],
'fieldDelimiter': 'string',
's3DeliveryConfiguration': {
'suffixPath': 'string',
'enableHiveCompatiblePath': True|False
},
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
delivery (dict) --
A structure that contains information about the delivery that you just created.
id (string) --
The unique ID that identifies this delivery in your account.
arn (string) --
The Amazon Resource Name (ARN) that uniquely identifies this delivery.
deliverySourceName (string) --
The name of the delivery source that is associated with this delivery.
deliveryDestinationArn (string) --
The ARN of the delivery destination that is associated with this delivery.
deliveryDestinationType (string) --
Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.
recordFields (list) --
The record fields used in this delivery.
(string) --
fieldDelimiter (string) --
The field delimiter that is used between record fields when the final output format of a delivery is in Plain, W3C, or Raw format.
s3DeliveryConfiguration (dict) --
This structure contains delivery configurations that apply only when the delivery destination resource is an S3 bucket.
suffixPath (string) --
This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. To find the values supported for the suffix path for each log source, use the DescribeConfigurationTemplates operation and check the allowedSuffixPathFields field in the response.
enableHiveCompatiblePath (boolean) --
This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.
tags (dict) --
The tags that have been assigned to this delivery.
(string) --
(string) --
{'expectedRevisionId': 'string', 'resourceArn': 'string'}
Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account.
See also: AWS API Documentation
Request Syntax
client.delete_resource_policy(
policyName='string',
resourceArn='string',
expectedRevisionId='string'
)
string
The name of the policy to be revoked. This parameter is required.
string
The ARN of the CloudWatch Logs resource for which the resource policy needs to be deleted
string
The expected revision ID of the resource policy. Required when deleting a resource-scoped policy to prevent concurrent modifications.
None
{'deliveryDestinationTypes': {'XRAY'}}
Response {'configurationTemplates': {'deliveryDestinationType': {'XRAY'}}}
Use this operation to return the valid and default values that are used when creating delivery sources, delivery destinations, and deliveries. For more information about deliveries, see CreateDelivery.
See also: AWS API Documentation
Request Syntax
client.describe_configuration_templates(
service='string',
logTypes=[
'string',
],
resourceTypes=[
'string',
],
deliveryDestinationTypes=[
'S3'|'CWL'|'FH'|'XRAY',
],
nextToken='string',
limit=123
)
string
Use this parameter to filter the response to include only the configuration templates that apply to the Amazon Web Services service that you specify here.
list
Use this parameter to filter the response to include only the configuration templates that apply to the log types that you specify here.
(string) --
list
Use this parameter to filter the response to include only the configuration templates that apply to the resource types that you specify here.
(string) --
list
Use this parameter to filter the response to include only the configuration templates that apply to the delivery destination types that you specify here.
(string) --
string
The token for the next set of items to return. The token expires after 24 hours.
integer
Use this parameter to limit the number of configuration templates that are returned in the response.
dict
Response Syntax
{
'configurationTemplates': [
{
'service': 'string',
'logType': 'string',
'resourceType': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'defaultDeliveryConfigValues': {
'recordFields': [
'string',
],
'fieldDelimiter': 'string',
's3DeliveryConfiguration': {
'suffixPath': 'string',
'enableHiveCompatiblePath': True|False
}
},
'allowedFields': [
{
'name': 'string',
'mandatory': True|False
},
],
'allowedOutputFormats': [
'json'|'plain'|'w3c'|'raw'|'parquet',
],
'allowedActionForAllowVendedLogsDeliveryForResource': 'string',
'allowedFieldDelimiters': [
'string',
],
'allowedSuffixPathFields': [
'string',
]
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
configurationTemplates (list) --
An array of objects, where each object describes one configuration template that matches the filters that you specified in the request.
(dict) --
A structure containing information about the deafult settings and available settings that you can use to configure a delivery or a delivery destination.
service (string) --
A string specifying which service this configuration template applies to. For more information about supported services see Enable logging from Amazon Web Services services..
logType (string) --
A string specifying which log type this configuration template applies to.
resourceType (string) --
A string specifying which resource type this configuration template applies to.
deliveryDestinationType (string) --
A string specifying which destination type this configuration template applies to.
defaultDeliveryConfigValues (dict) --
A mapping that displays the default value of each property within a delivery's configuration, if it is not specified in the request.
recordFields (list) --
The default record fields that will be delivered when a list of record fields is not provided in a CreateDelivery operation.
(string) --
fieldDelimiter (string) --
The default field delimiter that is used in a CreateDelivery operation when the field delimiter is not specified in that operation. The field delimiter is used only when the final output delivery is in Plain, W3C, or Raw format.
s3DeliveryConfiguration (dict) --
The delivery parameters that are used when you create a delivery to a delivery destination that is an S3 Bucket.
suffixPath (string) --
This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. To find the values supported for the suffix path for each log source, use the DescribeConfigurationTemplates operation and check the allowedSuffixPathFields field in the response.
enableHiveCompatiblePath (boolean) --
This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.
allowedFields (list) --
The allowed fields that a caller can use in the recordFields parameter of a CreateDelivery or UpdateDeliveryConfiguration operation.
(dict) --
A structure that represents a valid record field header and whether it is mandatory.
name (string) --
The name to use when specifying this record field in a CreateDelivery or UpdateDeliveryConfiguration operation.
mandatory (boolean) --
If this is true, the record field must be present in the recordFields parameter provided to a CreateDelivery or UpdateDeliveryConfiguration operation.
allowedOutputFormats (list) --
The list of delivery destination output formats that are supported by this log source.
(string) --
allowedActionForAllowVendedLogsDeliveryForResource (string) --
The action permissions that a caller needs to have to be able to successfully create a delivery source on the desired resource type when calling PutDeliverySource.
allowedFieldDelimiters (list) --
The valid values that a caller can use as field delimiters when calling CreateDelivery or UpdateDeliveryConfiguration on a delivery that delivers in Plain, W3C, or Raw format.
(string) --
allowedSuffixPathFields (list) --
The list of variable fields that can be used in the suffix path of a delivery that delivers to an S3 bucket.
(string) --
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
{'deliveries': {'deliveryDestinationType': {'XRAY'}}}
Retrieves a list of the deliveries that have been created in the account.
A delivery is a connection between a delivery source and a delivery destination.
A delivery source represents an Amazon Web Services resource that sends logs to an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, Firehose or X-Ray. Only some Amazon Web Services services support being configured as a delivery source. These services are listed in Enable logging from Amazon Web Services services.
See also: AWS API Documentation
Request Syntax
client.describe_deliveries(
nextToken='string',
limit=123
)
string
The token for the next set of items to return. The token expires after 24 hours.
integer
Optionally specify the maximum number of deliveries to return in the response.
dict
Response Syntax
{
'deliveries': [
{
'id': 'string',
'arn': 'string',
'deliverySourceName': 'string',
'deliveryDestinationArn': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'recordFields': [
'string',
],
'fieldDelimiter': 'string',
's3DeliveryConfiguration': {
'suffixPath': 'string',
'enableHiveCompatiblePath': True|False
},
'tags': {
'string': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
deliveries (list) --
An array of structures. Each structure contains information about one delivery in the account.
(dict) --
This structure contains information about one delivery in your account.
A delivery is a connection between a logical delivery source and a logical delivery destination.
For more information, see CreateDelivery.
To update an existing delivery configuration, use UpdateDeliveryConfiguration.
id (string) --
The unique ID that identifies this delivery in your account.
arn (string) --
The Amazon Resource Name (ARN) that uniquely identifies this delivery.
deliverySourceName (string) --
The name of the delivery source that is associated with this delivery.
deliveryDestinationArn (string) --
The ARN of the delivery destination that is associated with this delivery.
deliveryDestinationType (string) --
Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.
recordFields (list) --
The record fields used in this delivery.
(string) --
fieldDelimiter (string) --
The field delimiter that is used between record fields when the final output format of a delivery is in Plain, W3C, or Raw format.
s3DeliveryConfiguration (dict) --
This structure contains delivery configurations that apply only when the delivery destination resource is an S3 bucket.
suffixPath (string) --
This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. To find the values supported for the suffix path for each log source, use the DescribeConfigurationTemplates operation and check the allowedSuffixPathFields field in the response.
enableHiveCompatiblePath (boolean) --
This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.
tags (dict) --
The tags that have been assigned to this delivery.
(string) --
(string) --
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
{'deliveryDestinations': {'deliveryDestinationType': {'XRAY'}}}
Retrieves a list of the delivery destinations that have been created in the account.
See also: AWS API Documentation
Request Syntax
client.describe_delivery_destinations(
nextToken='string',
limit=123
)
string
The token for the next set of items to return. The token expires after 24 hours.
integer
Optionally specify the maximum number of delivery destinations to return in the response.
dict
Response Syntax
{
'deliveryDestinations': [
{
'name': 'string',
'arn': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'outputFormat': 'json'|'plain'|'w3c'|'raw'|'parquet',
'deliveryDestinationConfiguration': {
'destinationResourceArn': 'string'
},
'tags': {
'string': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
deliveryDestinations (list) --
An array of structures. Each structure contains information about one delivery destination in the account.
(dict) --
This structure contains information about one delivery destination in your account. A delivery destination is an Amazon Web Services resource that represents an Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, Firehose, and X-Ray are supported as delivery destinations.
To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.
Create a delivery destination, which is a logical object that represents the actual delivery destination.
If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
Create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.
You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
name (string) --
The name of this delivery destination.
arn (string) --
The Amazon Resource Name (ARN) that uniquely identifies this delivery destination.
deliveryDestinationType (string) --
Displays whether this delivery destination is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.
outputFormat (string) --
The format of the logs that are sent to this delivery destination.
deliveryDestinationConfiguration (dict) --
A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
destinationResourceArn (string) --
The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose.
tags (dict) --
The tags that have been assigned to this delivery destination.
(string) --
(string) --
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
{'policyScope': 'ACCOUNT | RESOURCE', 'resourceArn': 'string'}
Response {'resourcePolicies': {'policyScope': 'ACCOUNT | RESOURCE',
'resourceArn': 'string',
'revisionId': 'string'}}
Lists the resource policies in this account.
See also: AWS API Documentation
Request Syntax
client.describe_resource_policies(
nextToken='string',
limit=123,
resourceArn='string',
policyScope='ACCOUNT'|'RESOURCE'
)
string
The token for the next set of items to return. The token expires after 24 hours.
integer
The maximum number of resource policies to be displayed with one call of this API.
string
The ARN of the CloudWatch Logs resource for which to query the resource policy.
string
Specifies the scope of the resource policy. Valid values are ACCOUNT or RESOURCE. When not specified, defaults to ACCOUNT.
dict
Response Syntax
{
'resourcePolicies': [
{
'policyName': 'string',
'policyDocument': 'string',
'lastUpdatedTime': 123,
'policyScope': 'ACCOUNT'|'RESOURCE',
'resourceArn': 'string',
'revisionId': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
resourcePolicies (list) --
The resource policies that exist in this account.
(dict) --
A policy enabling one or more entities to put logs to a log group in this account.
policyName (string) --
The name of the resource policy.
policyDocument (string) --
The details of the policy.
lastUpdatedTime (integer) --
Timestamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
policyScope (string) --
Specifies scope of the resource policy. Valid values are ACCOUNT or RESOURCE.
resourceArn (string) --
The ARN of the CloudWatch Logs resource to which the resource policy is attached. Only populated for resource-scoped policies.
revisionId (string) --
The revision ID of the resource policy. Only populated for resource-scoped policies.
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.
{'delivery': {'deliveryDestinationType': {'XRAY'}}}
Returns complete information about one logical delivery. A delivery is a connection between a delivery source and a delivery destination.
A delivery source represents an Amazon Web Services resource that sends logs to an logs delivery destination. The destination can be CloudWatch Logs, Amazon S3, or Firehose. Only some Amazon Web Services services support being configured as a delivery source. These services are listed in Enable logging from Amazon Web Services services.
You need to specify the delivery id in this operation. You can find the IDs of the deliveries in your account with the DescribeDeliveries operation.
See also: AWS API Documentation
Request Syntax
client.get_delivery(
id='string'
)
string
[REQUIRED]
The ID of the delivery that you want to retrieve.
dict
Response Syntax
{
'delivery': {
'id': 'string',
'arn': 'string',
'deliverySourceName': 'string',
'deliveryDestinationArn': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'recordFields': [
'string',
],
'fieldDelimiter': 'string',
's3DeliveryConfiguration': {
'suffixPath': 'string',
'enableHiveCompatiblePath': True|False
},
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
delivery (dict) --
A structure that contains information about the delivery.
id (string) --
The unique ID that identifies this delivery in your account.
arn (string) --
The Amazon Resource Name (ARN) that uniquely identifies this delivery.
deliverySourceName (string) --
The name of the delivery source that is associated with this delivery.
deliveryDestinationArn (string) --
The ARN of the delivery destination that is associated with this delivery.
deliveryDestinationType (string) --
Displays whether the delivery destination associated with this delivery is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.
recordFields (list) --
The record fields used in this delivery.
(string) --
fieldDelimiter (string) --
The field delimiter that is used between record fields when the final output format of a delivery is in Plain, W3C, or Raw format.
s3DeliveryConfiguration (dict) --
This structure contains delivery configurations that apply only when the delivery destination resource is an S3 bucket.
suffixPath (string) --
This string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. To find the values supported for the suffix path for each log source, use the DescribeConfigurationTemplates operation and check the allowedSuffixPathFields field in the response.
enableHiveCompatiblePath (boolean) --
This parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.
tags (dict) --
The tags that have been assigned to this delivery.
(string) --
(string) --
{'deliveryDestination': {'deliveryDestinationType': {'XRAY'}}}
Retrieves complete information about one delivery destination.
See also: AWS API Documentation
Request Syntax
client.get_delivery_destination(
name='string'
)
string
[REQUIRED]
The name of the delivery destination that you want to retrieve.
dict
Response Syntax
{
'deliveryDestination': {
'name': 'string',
'arn': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'outputFormat': 'json'|'plain'|'w3c'|'raw'|'parquet',
'deliveryDestinationConfiguration': {
'destinationResourceArn': 'string'
},
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
deliveryDestination (dict) --
A structure containing information about the delivery destination.
name (string) --
The name of this delivery destination.
arn (string) --
The Amazon Resource Name (ARN) that uniquely identifies this delivery destination.
deliveryDestinationType (string) --
Displays whether this delivery destination is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.
outputFormat (string) --
The format of the logs that are sent to this delivery destination.
deliveryDestinationConfiguration (dict) --
A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
destinationResourceArn (string) --
The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose.
tags (dict) --
The tags that have been assigned to this delivery destination.
(string) --
(string) --
{'deliveryDestinationType': 'S3 | CWL | FH | XRAY'}
Response {'deliveryDestination': {'deliveryDestinationType': {'XRAY'}}}
Creates or updates a logical delivery destination. A delivery destination is an Amazon Web Services resource that represents an Amazon Web Services service that logs can be sent to. CloudWatch Logs, Amazon S3, and Firehose are supported as logs delivery destinations and X-Ray as the trace delivery destination.
To configure logs delivery between a supported Amazon Web Services service and a destination, you must do the following:
Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource.
Use PutDeliveryDestination to create a delivery destination in the same account of the actual delivery destination. The delivery destination that you create is a logical object that represents the actual delivery destination.
If you are delivering logs cross-account, you must use PutDeliveryDestinationPolicy in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
Use CreateDelivery to create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery.
You can configure a single delivery source to send logs to multiple destinations by creating multiple deliveries. You can also create multiple deliveries to configure multiple delivery sources to send logs to the same delivery destination.
Only some Amazon Web Services services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.
If you use this operation to update an existing delivery destination, all the current delivery destination parameters are overwritten with the new parameter values that you specify.
See also: AWS API Documentation
Request Syntax
client.put_delivery_destination(
name='string',
outputFormat='json'|'plain'|'w3c'|'raw'|'parquet',
deliveryDestinationConfiguration={
'destinationResourceArn': 'string'
},
deliveryDestinationType='S3'|'CWL'|'FH'|'XRAY',
tags={
'string': 'string'
}
)
string
[REQUIRED]
A name for this delivery destination. This name must be unique for all delivery destinations in your account.
string
The format for the logs that this delivery destination will receive.
dict
A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
destinationResourceArn (string) -- [REQUIRED]
The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose.
string
The type of delivery destination. This parameter specifies the target service where log data will be delivered. Valid values include:
S3 - Amazon S3 for long-term storage and analytics
CWL - CloudWatch Logs for centralized log management
FH - Amazon Kinesis Data Firehose for real-time data streaming
XRAY - Amazon Web Services X-Ray for distributed tracing and application monitoring
The delivery destination type determines the format and configuration options available for log delivery.
dict
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
(string) --
(string) --
dict
Response Syntax
{
'deliveryDestination': {
'name': 'string',
'arn': 'string',
'deliveryDestinationType': 'S3'|'CWL'|'FH'|'XRAY',
'outputFormat': 'json'|'plain'|'w3c'|'raw'|'parquet',
'deliveryDestinationConfiguration': {
'destinationResourceArn': 'string'
},
'tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
deliveryDestination (dict) --
A structure containing information about the delivery destination that you just created or updated.
name (string) --
The name of this delivery destination.
arn (string) --
The Amazon Resource Name (ARN) that uniquely identifies this delivery destination.
deliveryDestinationType (string) --
Displays whether this delivery destination is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.
outputFormat (string) --
The format of the logs that are sent to this delivery destination.
deliveryDestinationConfiguration (dict) --
A structure that contains the ARN of the Amazon Web Services resource that will receive the logs.
destinationResourceArn (string) --
The ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose.
tags (dict) --
The tags that have been assigned to this delivery destination.
(string) --
(string) --
{'expectedRevisionId': 'string', 'resourceArn': 'string'}
Response {'resourcePolicy': {'policyScope': 'ACCOUNT | RESOURCE',
'resourceArn': 'string',
'revisionId': 'string'},
'revisionId': 'string'}
Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
client.put_resource_policy(
policyName='string',
policyDocument='string',
resourceArn='string',
expectedRevisionId='string'
)
string
Name of the new policy. This parameter is required.
string
Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. This parameter is required.
The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace "logArn" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.
CloudWatch Logs also supports aws:SourceArn and aws:SourceAccount condition context keys.
In the example resource policy, you would replace the value of SourceArn with the resource making the call from Route 53 to CloudWatch Logs. You would also replace the value of SourceAccount with the Amazon Web Services account ID making that call.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action": "logs:PutLogEvents", "Resource": "logArn", "Condition": { "ArnLike": { "aws:SourceArn": "myRoute53ResourceArn" }, "StringEquals": { "aws:SourceAccount": "myAwsAccountId" } } } ] }
string
The ARN of the CloudWatch Logs resource to which the resource policy needs to be added or attached. Currently only supports LogGroup ARN.
string
The expected revision ID of the resource policy. Required when resourceArn is provided to prevent concurrent modifications. Use null when creating a resource policy for the first time.
dict
Response Syntax
{
'resourcePolicy': {
'policyName': 'string',
'policyDocument': 'string',
'lastUpdatedTime': 123,
'policyScope': 'ACCOUNT'|'RESOURCE',
'resourceArn': 'string',
'revisionId': 'string'
},
'revisionId': 'string'
}
Response Structure
(dict) --
resourcePolicy (dict) --
The new policy.
policyName (string) --
The name of the resource policy.
policyDocument (string) --
The details of the policy.
lastUpdatedTime (integer) --
Timestamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
policyScope (string) --
Specifies scope of the resource policy. Valid values are ACCOUNT or RESOURCE.
resourceArn (string) --
The ARN of the CloudWatch Logs resource to which the resource policy is attached. Only populated for resource-scoped policies.
revisionId (string) --
The revision ID of the resource policy. Only populated for resource-scoped policies.
revisionId (string) --
The revision ID of the created or updated resource policy. Only returned for resource-scoped policies.