AWS::VpcLattice::AccessLogSubscription
Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose. The service network owner can use the access logs to audit the services in the network. The service network owner can only see access logs from clients and services that are associated with their service network. Access log entries represent traffic originated from VPCs associated with that network. For more information, see Access logs in the Amazon VPC Lattice User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::VpcLattice::AccessLogSubscription", "Properties" : { "DestinationArn" :
String
, "ResourceIdentifier" :String
, "ServiceNetworkLogType" :String
, "Tags" :[ Tag, ... ]
} }
YAML
Type: AWS::VpcLattice::AccessLogSubscription Properties: DestinationArn:
String
ResourceIdentifier:String
ServiceNetworkLogType:String
Tags:- Tag
Properties
DestinationArn
-
The Amazon Resource Name (ARN) of the destination. The supported destination types are CloudWatch Log groups, Kinesis Data Firehose delivery streams, and Amazon S3 buckets.
Required: Yes
Type: String
Pattern:
^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$
Minimum:
20
Maximum:
2048
Update requires: No interruption
ResourceIdentifier
-
The ID or Amazon Resource Name (ARN) of the service network or service.
Required: No
Type: String
Pattern:
^((((sn)|(svc)|(rcfg))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(resourceconfiguration/rcfg)|(service/svc))-[0-9a-z]{17}))$
Minimum:
17
Maximum:
2048
Update requires: Replacement
ServiceNetworkLogType
Property description not available.
Required: No
Type: String
Allowed values:
SERVICE | RESOURCE
Update requires: No interruption
-
The tags for the access log subscription.
Required: No
Type: Array of Tag
Minimum:
0
Maximum:
50
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the Amazon Resource Name (ARN) of the access log
subscription.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
Arn
-
The Amazon Resource Name (ARN) of the access log subscription.
Id
-
The ID of the access log subscription.
ResourceArn
-
The Amazon Resource Name (ARN) of the access log subscription.
ResourceId
-
The ID of the service network or service.