AWS::CloudTrail::ResourcePolicy - AWS CloudFormation
SyntaxPropertiesReturn valuesExamples

AWS::CloudTrail::ResourcePolicy

Attaches a resource-based permission policy to a CloudTrail event data store, dashboard, or channel. For more information about resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::CloudTrail::ResourcePolicy",
  "Properties" : {
      "ResourceArn" : String,
      "ResourcePolicy" : Json
    }
}

YAML

Type: AWS::CloudTrail::ResourcePolicy
Properties:
  ResourceArn: String
  ResourcePolicy: Json

Properties

ResourceArn

The Amazon Resource Name (ARN) of the CloudTrail event data store, dashboard, or channel attached to the resource-based policy.

Example event data store ARN format: arn:aws:cloudtrail:us-east-2:123456789012:eventdatastore/EXAMPLE-f852-4e8f-8bd1-bcf6cEXAMPLE

Example dashboard ARN format: arn:aws:cloudtrail:us-east-1:123456789012:dashboard/exampleDash

Example channel ARN format: arn:aws:cloudtrail:us-east-2:123456789012:channel/01234567890

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9._/\-:]+$

Minimum: 3

Maximum: 256

Update requires: Replacement

ResourcePolicy

A JSON-formatted string for an AWS resource-based policy.

For example resource-based policies, see CloudTrail resource-based policy examples in the CloudTrail User Guide.

Required: Yes

Type: Json

Minimum: 1

Maximum: 8192

Update requires: No interruption

Return values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource. The resource is a combination of the resource-based policy document and the channel ARN.

Examples

Example

The following example creates a resource policy that allows AWS account ID 111122223333 to call PutAuditEvents on the channel defined as the resource ARN in the policy. For information about creating a resource policy, see AWS CloudTrail resource-based policy examples in the AWS CloudTrail User Guide.

JSON

{
  "Type": "AWS:CloudTrail:ResourcePolicy",
  "Properties": {
    "ResourceArn": "arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE",
    "ResourcePolicy": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"DeliverEventsThroughChannel\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": [ \"arn:aws:iam::111122223333:root\" ] }, \"Action\":\"cloudtrail-data:PutAuditEvents\", \"Resource\": \"arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE\" } ] }"
  }
}

YAML

  Type: AWS:CloudTrail:ResourcePolicy
  Properties:
    ResourceArn: "arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE"
    ResourcePolicy: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"DeliverEventsThroughChannel\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": [ \"arn:aws:iam::111122223333:root\" ] }, \"Action\":\"cloudtrail-data:PutAuditEvents\", \"Resource\": \"arn:aws:cloudtrail:us-east-1:01234567890:channel/EXAMPLE8-0558-4f7e-a06a-43969EXAMPLE\" } ] }"