AWS::VpcLattice::AccessLogSubscription - AWS CloudFormation

AWS::VpcLattice::AccessLogSubscription

Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose. The service network owner can use the access logs to audit the services in the network. The service network owner can only see access logs from clients and services that are associated with their service network. Access log entries represent traffic originated from VPCs associated with that network. For more information, see Access logs in the Amazon VPC Lattice User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::VpcLattice::AccessLogSubscription", "Properties" : { "DestinationArn" : String, "ResourceIdentifier" : String, "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::VpcLattice::AccessLogSubscription Properties: DestinationArn: String ResourceIdentifier: String Tags: - Tag

Properties

DestinationArn

The Amazon Resource Name (ARN) of the destination. The supported destination types are CloudWatch Log groups, Kinesis Data Firehose delivery streams, and Amazon S3 buckets.

Required: Yes

Type: String

Pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)?$

Minimum: 20

Maximum: 2048

Update requires: No interruption

ResourceIdentifier

The ID or Amazon Resource Name (ARN) of the service network or service.

Required: No

Type: String

Pattern: ^((((sn)|(svc))-[0-9a-z]{17})|(arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:((servicenetwork/sn)|(service/svc))-[0-9a-z]{17}))$

Minimum: 20

Maximum: 2048

Update requires: Replacement

Tags

The tags for the access log subscription.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 50

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the access log subscription.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the access log subscription.

Id

The ID of the access log subscription.

ResourceArn

The Amazon Resource Name (ARN) of the access log subscription.

ResourceId

The ID of the service network or service.