CloudWatchLogs / Client / put_destination
put_destination#
- CloudWatchLogs.Client.put_destination(**kwargs)#
Creates or updates a destination. This operation is used only to create destinations for cross-account subscriptions.
A destination encapsulates a physical resource (such as an Amazon Kinesis stream). With a destination, you can subscribe to a real-time stream of log events for a different account, ingested using PutLogEvents.
Through an access policy, a destination controls what is written to it. By default,
PutDestination
does not set any access policy with the destination, which means a cross-account user cannot call PutSubscriptionFilter against this destination. To enable this, the destination owner must call PutDestinationPolicy afterPutDestination
.To perform a
PutDestination
operation, you must also have theiam:PassRole
permission.See also: AWS API Documentation
Request Syntax
response = client.put_destination( destinationName='string', targetArn='string', roleArn='string', tags={ 'string': 'string' } )
- Parameters:
destinationName (string) –
[REQUIRED]
A name for the destination.
targetArn (string) –
[REQUIRED]
The ARN of an Amazon Kinesis stream to which to deliver matching log events.
roleArn (string) –
[REQUIRED]
The ARN of an IAM role that grants CloudWatch Logs permissions to call the Amazon Kinesis
PutRecord
operation on the destination stream.tags (dict) –
An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'destination': { 'destinationName': 'string', 'targetArn': 'string', 'roleArn': 'string', 'accessPolicy': 'string', 'arn': 'string', 'creationTime': 123 } }
Response Structure
(dict) –
destination (dict) –
The destination.
destinationName (string) –
The name of the destination.
targetArn (string) –
The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).
roleArn (string) –
A role for impersonation, used when delivering log events to the target.
accessPolicy (string) –
An IAM policy document that governs which Amazon Web Services accounts can create subscription filters against this destination.
arn (string) –
The ARN of this destination.
creationTime (integer) –
The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
Exceptions
CloudWatchLogs.Client.exceptions.InvalidParameterException
CloudWatchLogs.Client.exceptions.OperationAbortedException
CloudWatchLogs.Client.exceptions.ServiceUnavailableException