- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
PutDeliveryDestinationPolicyCommand
Creates and assigns an IAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account. To configure the delivery of logs from an Amazon Web Services service in another account to a logs delivery destination in the current account, you must do the following:
-
Create a delivery source, which is a logical object that represents the resource that is actually sending the logs. For more information, see PutDeliverySource .
-
Create a delivery destination, which is a logical object that represents the actual delivery destination. For more information, see PutDeliveryDestination .
-
Use this operation in the destination account to assign an IAM policy to the destination. This policy allows delivery to that destination.
-
Create a delivery by pairing exactly one delivery source and one delivery destination. For more information, see CreateDelivery .
Only some Amazon Web Services services support being configured as a delivery source. These services are listed as Supported [V2 Permissions] in the table at Enabling logging from Amazon Web Services services.
The contents of the policy must include two statements. One statement enables general logs delivery, and the other allows delivery to the chosen destination. See the examples for the needed policies.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { CloudWatchLogsClient, PutDeliveryDestinationPolicyCommand } from "@aws-sdk/client-cloudwatch-logs"; // ES Modules import
// const { CloudWatchLogsClient, PutDeliveryDestinationPolicyCommand } = require("@aws-sdk/client-cloudwatch-logs"); // CommonJS import
const client = new CloudWatchLogsClient(config);
const input = { // PutDeliveryDestinationPolicyRequest
deliveryDestinationName: "STRING_VALUE", // required
deliveryDestinationPolicy: "STRING_VALUE", // required
};
const command = new PutDeliveryDestinationPolicyCommand(input);
const response = await client.send(command);
// { // PutDeliveryDestinationPolicyResponse
// policy: { // Policy
// deliveryDestinationPolicy: "STRING_VALUE",
// },
// };
PutDeliveryDestinationPolicyCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
deliveryDestinationNameRequired | string | undefined | The name of the delivery destination to assign this policy to. |
deliveryDestinationPolicyRequired | string | undefined | The contents of the policy. |
PutDeliveryDestinationPolicyCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
policy | Policy | undefined | The contents of the policy that you just created. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| ConflictException | client | This operation attempted to create a resource that already exists. |
| ResourceNotFoundException | client | The specified resource does not exist. |
| ServiceUnavailableException | server | The service cannot complete the request. |
| ValidationException | client | One of the parameters for the request is not valid. |
| CloudWatchLogsServiceException | Base exception class for all service exceptions from CloudWatchLogs service. |