-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(logs): add support for cloudwatch logs resource policy #17015
feat(logs): add support for cloudwatch logs resource policy #17015
Conversation
@rix0rrr Hey, Would you mind taking a look at this? |
Oops! Forgot to add documentation to README. Sorry @rix0rrr, could you please reapprove? |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…17403) ## Summary This PR modifies the aws-logs `index.ts` file to also forward the exports from `policy.ts` ([a newly created file](#17015) that implements the `ResourcePolicy` class). Fixes: #17402 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
CloudFormation now supports [Cloudwatch logs Resource policies](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html) This PR adds L2 support for it. And now its possible to grant access to service principals as follows. Previously this was throwing an error - see aws#5343 ```ts const eventsTargetLogs = new logs.LogGroup(this, 'EventsTargetLogGroup'); eventsTargetLogs.grantWrite(new iam.ServicePrincipal('events.amazonaws.com')).assertSuccess(); ``` In future, following custom resource implementation of `LogGroupResourcePolicy` could be replaced. https:/aws/aws-cdk/blob/83b8df8c390a27e10bf362f49babfb24ee425506/packages/@aws-cdk/aws-elasticsearch/lib/log-group-resource-policy.ts#L25 https:/aws/aws-cdk/blob/a872e672f8990fc3879413e5d797533d3916e1fd/packages/@aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts#L26 https:/aws/aws-cdk/blob/a872e672f8990fc3879413e5d797533d3916e1fd/packages/@aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts#L26 closes aws#5343 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ws#17403) ## Summary This PR modifies the aws-logs `index.ts` file to also forward the exports from `policy.ts` ([a newly created file](aws#17015) that implements the `ResourcePolicy` class). Fixes: aws#17402 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
CloudFormation now supports Cloudwatch logs Resource policies
This PR adds L2 support for it.
And now its possible to grant access to service principals as follows. Previously this was throwing an error - see #5343
In future, following custom resource implementation of
LogGroupResourcePolicy
could be replaced.aws-cdk/packages/@aws-cdk/aws-elasticsearch/lib/log-group-resource-policy.ts
Line 25 in 83b8df8
aws-cdk/packages/@aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts
Line 26 in a872e67
aws-cdk/packages/@aws-cdk/aws-events-targets/lib/log-group-resource-policy.ts
Line 26 in a872e67
closes #5343
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license