AWS::Logs::Destination - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Logs::Destination

The AWS::Logs::Destination resource specifies a CloudWatch Logs destination. A destination encapsulates a physical resource (such as an Amazon Kinesis data stream) and enables you to subscribe that resource to a stream of log events.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Logs::Destination",
  "Properties" : {
      "DestinationName" : String,
      "DestinationPolicy" : String,
      "RoleArn" : String,
      "TargetArn" : String
    }
}

YAML

Type: AWS::Logs::Destination
Properties: 
  DestinationName: String
  DestinationPolicy: String
  RoleArn: String
  TargetArn: String

Properties

DestinationName

The name of the destination.

Required: Yes

Type: String

Minimum: 1

Maximum: 512

Pattern: [^:*]*

Update requires: Replacement

DestinationPolicy

An IAM policy document that governs which Amazon accounts can create subscription filters against this destination.

Required: No

Type: String

Minimum: 1

Update requires: No interruption

RoleArn

The ARN of an IAM role that permits CloudWatch Logs to send data to the specified Amazon resource.

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

TargetArn

The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).

Required: Yes

Type: String

Minimum: 1

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the resource name, such as TestDestination.

For more information about using the Reffunction, see Ref.

Fn::GetAtt

The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.

Arn

The ARN of the CloudWatch Logs destination, such as arn:aws:logs:us-west-1:123456789012:destination:MyDestination.

Examples

Create a Destination

In the following example, the target stream (TestStream) can receive log events from CloudWatch Logs. CloudWatch Logs can use only the PutSubscriptionFilter action against the TestDestination destination.

JSON

"DestinationWithName" : {
  "Type" : "AWS::Logs::Destination",
  "Properties" : {
    "DestinationName": "TestDestination",
    "RoleArn": "arn:aws:iam::123456789012:role/LogKinesisRole",
    "TargetArn": "arn:aws:kinesis:us-east-1:123456789012:stream/TestStream",
    "DestinationPolicy": "{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"logs.amazonaws.com\"}, \"Action\": \"logs:PutSubscriptionFilter\",\"Resource\": \"arn:aws:logs:us-east-1:123456789012:destination:TestDestination\"}]}"
  }
}

YAML

DestinationWithName: 
  Type: AWS::Logs::Destination
  Properties: 
    DestinationName: "TestDestination"
    RoleArn: "arn:aws:iam::123456789012:role/LogKinesisRole"
    TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/TestStream"
    DestinationPolicy: >
      {"Version" : "2012-10-17","Statement" : [{"Effect" : "Allow", "Principal" : {"AWS" : "logs.amazonaws.com"}, "Action" : "logs:PutSubscriptionFilter", "Resource" : "arn:aws:logs:us-east-1:123456789012:destination:TestDestination"}]}