Amazon CloudWatch Logs

2017/09/08 - Amazon CloudWatch Logs - 3 new api methods

PutResourcePolicy (new) Link ¶

Creates or updates a resource policy allowing other AWS services to put log events to this account, such as Amazon Route 53. An account can have up to 50 resource policies per region.

See also: AWS API Documentation

Request Syntax

client.put_resource_policy(
    policyName='string',
    policyDocument='string'
)
type policyName

string

param policyName

Name of the new policy. This parameter is required.

type policyDocument

string

param policyDocument

Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string.

The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace "logArn" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

{ "Version": "2012-10-17" "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action":"logs:PutLogEvents", "Resource": logArn } ] }

rtype

dict

returns

Response Syntax

{
    'resourcePolicy': {
        'policyName': 'string',
        'policyDocument': 'string',
        'lastUpdatedTime': 123
    }
}

Response Structure

  • (dict) --

    • resourcePolicy (dict) --

      The new policy.

      • policyName (string) --

        The name of the resource policy.

      • policyDocument (string) --

        The details of the policy.

      • lastUpdatedTime (integer) --

        Time stamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

DeleteResourcePolicy (new) Link ¶

Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account.

See also: AWS API Documentation

Request Syntax

client.delete_resource_policy(
    policyName='string'
)
type policyName

string

param policyName

The name of the policy to be revoked. This parameter is required.

returns

None

DescribeResourcePolicies (new) Link ¶

Lists the resource policies in this account.

See also: AWS API Documentation

Request Syntax

client.describe_resource_policies(
    nextToken='string',
    limit=123
)
type nextToken

string

param nextToken

The token for the next set of items to return. The token expires after 24 hours.

type limit

integer

param limit

The maximum number of resource policies to be displayed with one call of this API.

rtype

dict

returns

Response Syntax

{
    'resourcePolicies': [
        {
            'policyName': 'string',
            'policyDocument': 'string',
            'lastUpdatedTime': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • resourcePolicies (list) --

      The resource policies that exist in this account.

      • (dict) --

        A policy enabling one or more entities to put logs to a log group in this account.

        • policyName (string) --

          The name of the resource policy.

        • policyDocument (string) --

          The details of the policy.

        • lastUpdatedTime (integer) --

          Time stamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

    • nextToken (string) --

      The token for the next set of items to return. The token expires after 24 hours.