search

aws-cloudformation / aws-cloudformation-resource-providers-logs

The CloudFormation Resource Provider Package For Amazon CloudWatch Logs
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
Apache License 2.0
33 stars 35 forks source link

AWS::Logs::ResourcePolicy.PolicyDocument - YAML support #91

Open mbarneyjr opened 2 years ago

mbarneyjr commented 2 years ago

Name of the resource

AWS::Logs::ResourcePolicy

Description

As with most other resource policies and identity policies, you're able to define these in YAML within a CloudFormation template. However, with the AWS::Logs::ResourcePolicy resource, you have to define the JSON string within your CloudFormation, which is less ideal. For instance, this example resource will fail with an error message Properties validation failed for resource MyLogGroupPolicy with message: #/PolicyDocument: expected type: String, found: JSONObject:

MyLogGroupPolicy:
  Type: AWS::Logs::ResourcePolicy
  Properties:
    PolicyName: MyLogGroupPolicy
    PolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Effect: Allow
          Principal:
            Service: someservice.amazonaws.com
          Action: logs:PutLogEvents
          Resource: !GetAtt MyLogGroup.Arn

Other Details

Resource spec: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html

AWS::IAM::Policy spec showing the definition of a policy in YAML: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html

wasabideveloper commented 1 week ago

+1