account_policy
Gets an individual account_policy resource
Overview
| Name | account_policy |
| Type | Resource |
| Description | account_policy |
| Id | awscc.logs.account_policy |
Fields
| Name | Datatype | Description |
|---|---|---|
account_id | string | User account id |
policy_name | string | The name of the account policy |
policy_document | string | The body of the policy document you want to use for this topic.<br/><br/>You can only add one policy per PolicyType.<br/><br/>The policy must be in JSON string format.<br/><br/>Length Constraints: Maximum length of 30720 |
policy_type | string | Type of the policy. |
scope | string | Scope for policy application |
selection_criteria | string | Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
account_id,
policy_name,
policy_document,
policy_type,
scope,
selection_criteria
FROM awscc.logs.account_policy
WHERE data__Identifier = '<AccountId>|<PolicyType>|<PolicyName>';
Permissions
To operate on the account_policy resource, the following permissions are required:
Read
logs:DescribeAccountPolicies
Update
logs:PutAccountPolicy,
logs:PutDataProtectionPolicy,
logs:DescribeAccountPolicies,
logs:DeleteAccountPolicy,
logs:DeleteDataProtectionPolicy,
logs:CreateLogDelivery,
logs:PutSubscriptionFilter,
logs:DeleteSubscriptionFilter,
s3:REST.PUT.OBJECT,
firehose:TagDeliveryStream,
iam:PassRole
Delete
logs:DeleteAccountPolicy,
logs:DeleteDataProtectionPolicy,
logs:DescribeAccountPolicies,
logs:DeleteSubscriptionFilter,
iam:PassRole