github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/cloudwatch_log_destination_policy.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_cloudwatch_log_destination_policy" 4 sidebar_current: "docs-aws-resource-cloudwatch-log-destination-policy" 5 description: |- 6 Provides a CloudWatch Logs destination policy. 7 --- 8 9 # aws\_cloudwatch\_log\_destination\_policy 10 11 Provides a CloudWatch Logs destination policy resource. 12 13 ## Example Usage 14 15 ```hcl 16 resource "aws_cloudwatch_log_destination" "test_destination" { 17 name = "test_destination" 18 role_arn = "${aws_iam_role.iam_for_cloudwatch.arn}" 19 target_arn = "${aws_kinesis_stream.kinesis_for_cloudwatch.arn}" 20 } 21 22 data "aws_iam_policy_document" "test_destination_policy" { 23 statement { 24 effect = "Allow" 25 26 principals = { 27 type = "AWS" 28 29 identifiers = [ 30 "123456789012", 31 ] 32 } 33 34 actions = [ 35 "logs:PutSubscriptionFilter", 36 ] 37 38 resources = [ 39 "${aws_cloudwatch_log_destination.test_destination.arn}", 40 ] 41 } 42 } 43 44 resource "aws_cloudwatch_log_destination_policy" "test_destination_policy" { 45 destination_name = "${aws_cloudwatch_log_destination.test_destination.name}" 46 access_policy = "${data.aws_iam_policy_document.test_destination_policy.json}" 47 } 48 ``` 49 50 ## Argument Reference 51 52 The following arguments are supported: 53 54 * `destination_name` - (Required) A name for the subscription filter 55 * `access_policy` - (Required) The policy document. This is a JSON formatted string. 56 57 ## Import 58 59 CloudWatch Logs destination policies can be imported using the `destination_name`, e.g. 60 61 ``` 62 $ terraform import aws_cloudwatch_log_destination_policy.test_destination_policy test_destination 63 ```