Skip to content

aws.cloudwatchlogs-resource-policy resource

Description

ResourcePolicy manages a CloudWatch Logs resource policy. The resource has two identity modes: policy-name creates an account-scoped policy, while resource-arn creates a resource-scoped policy attached to that ARN. The identity fields force replacement; the policy document is updated in place by PutResourcePolicy. The document must be valid JSON and is compacted before it is sent so insignificant whitespace does not cause a cloud write.

Source: internal/service/cloudwatchlogs/resource_policy_rsrc.go:33

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.cloudwatchlogs-resource-policy {
    # Set input fields here.
  }
}

Inputs

policy-document

string

required

policy-name

optional(string)

resource-arn

optional(string)

Input Constraints

Field combinations

Exactly one of policy-name or resource-arn.

Outputs

policy-document

string

policy-name

optional(string)

policy-scope

string

resource-arn

optional(string)

revision-id

optional(string)