Amazon CloudWatch Logs

2017/09/08 - Amazon CloudWatch Logs - 3 new api methods

Changes  Update logs client to latest version

DeleteResourcePolicy (new) Link ¶

Deletes a resource policy from this account. This revokes the access of the identities in that policy to put log events to this account.

See also: AWS API Documentation

Request Syntax

client.delete_resource_policy(
    policyName='string'
)
type policyName:

string

param policyName:

The name of the policy to be revoked. This parameter is required.

returns:

None

PutResourcePolicy (new) Link ¶

Creates or updates a resource policy allowing other AWS services to put log events to this account, such as Amazon Route 53. An account can have up to 50 resource policies per region.

See also: AWS API Documentation

Request Syntax

client.put_resource_policy(
    policyName='string',
    policyDocument='string'
)
type policyName:

string

param policyName:

Name of the new policy. This parameter is required.

type policyDocument:

string

param policyDocument:

Details of the new policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string.

The following example creates a resource policy enabling the Route 53 service to put DNS query logs in to the specified log group. Replace "logArn" with the ARN of your CloudWatch Logs resource, such as a log group or log stream.

{ "Version": "2012-10-17" "Statement": [ { "Sid": "Route53LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "route53.amazonaws.com" ] }, "Action":"logs:PutLogEvents", "Resource": logArn } ] }

rtype:

dict

returns:

Response Syntax

{
    'resourcePolicy': {
        'policyName': 'string',
        'policyDocument': 'string',
        'lastUpdatedTime': 123
    }
}

Response Structure

  • (dict) --

    • resourcePolicy (dict) --

      The new policy.

      • policyName (string) --

        The name of the resource policy.

      • policyDocument (string) --

        The details of the policy.

      • lastUpdatedTime (integer) --

        Time stamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

DescribeResourcePolicies (new) Link ¶

Lists the resource policies in this account.

See also: AWS API Documentation

Request Syntax

client.describe_resource_policies(
    nextToken='string',
    limit=123
)
type nextToken:

string

param nextToken:

The token for the next set of items to return. The token expires after 24 hours.

type limit:

integer

param limit:

The maximum number of resource policies to be displayed with one call of this API.

rtype:

dict

returns:

Response Syntax

{
    'resourcePolicies': [
        {
            'policyName': 'string',
            'policyDocument': 'string',
            'lastUpdatedTime': 123
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • resourcePolicies (list) --

      The resource policies that exist in this account.

      • (dict) --

        A policy enabling one or more entities to put logs to a log group in this account.

        • policyName (string) --

          The name of the resource policy.

        • policyDocument (string) --

          The details of the policy.

        • lastUpdatedTime (integer) --

          Time stamp showing when this policy was last updated, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.

    • nextToken (string) --

      The token for the next set of items to return. The token expires after 24 hours.