CloudWatchLogs / Client / describe_account_policies

describe_account_policies

CloudWatchLogs.Client.describe_account_policies(**kwargs)

Returns a list of all CloudWatch Logs account policies in the account.

To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are retrieving information for.

  • To see data protection policies, you must have the logs:GetDataProtectionPolicy and logs:DescribeAccountPolicies permissions.

  • To see subscription filter policies, you must have the logs:DescribeSubscriptionFilters and logs:DescribeAccountPolicies permissions.

  • To see transformer policies, you must have the logs:GetTransformer and logs:DescribeAccountPolicies permissions.

  • To see field index policies, you must have the logs:DescribeIndexPolicies and logs:DescribeAccountPolicies permissions.

See also: AWS API Documentation

Request Syntax

response = client.describe_account_policies(
    policyType='DATA_PROTECTION_POLICY'|'SUBSCRIPTION_FILTER_POLICY'|'FIELD_INDEX_POLICY'|'TRANSFORMER_POLICY'|'METRIC_EXTRACTION_POLICY',
    policyName='string',
    accountIdentifiers=[
        'string',
    ],
    nextToken='string'
)
Parameters:

  • policyType (string) –

    [REQUIRED]

    Use this parameter to limit the returned policies to only the policies that match the policy type that you specify.

  • policyName (string) – Use this parameter to limit the returned policies to only the policy with the name that you specify.

  • accountIdentifiers (list) –

    If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account observability, you can use this to specify the account ID of a source account. If you do, the operation returns the account policy for the specified account. Currently, you can specify only one account ID in this parameter.

    If you omit this parameter, only the policy in the current account is returned.

    • (string) –

  • nextToken (string) – The token for the next set of items to return. (You received this token from a previous call.)

Return type:

dict

Returns:

Response Syntax

{
    'accountPolicies': [
        {
            'policyName': 'string',
            'policyDocument': 'string',
            'lastUpdatedTime': 123,
            'policyType': 'DATA_PROTECTION_POLICY'|'SUBSCRIPTION_FILTER_POLICY'|'FIELD_INDEX_POLICY'|'TRANSFORMER_POLICY'|'METRIC_EXTRACTION_POLICY',
            'scope': 'ALL',
            'selectionCriteria': 'string',
            'accountId': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • accountPolicies (list) –

      An array of structures that contain information about the CloudWatch Logs account policies that match the specified filters.

      • (dict) –

        A structure that contains information about one CloudWatch Logs account policy.

        • policyName (string) –

          The name of the account policy.

        • policyDocument (string) –

          The policy document for this account policy.

          The JSON specified in policyDocument can be up to 30,720 characters.

        • lastUpdatedTime (integer) –

          The date and time that this policy was most recently updated.

        • policyType (string) –

          The type of policy for this account policy.

        • scope (string) –

          The scope of the account policy.

        • selectionCriteria (string) –

          The log group selection criteria that is used for this policy.

        • accountId (string) –

          The Amazon Web Services account ID that the policy applies to.

    • nextToken (string) –

      The token to use when requesting the next set of items. The token expires after 24 hours.

Exceptions

  • CloudWatchLogs.Client.exceptions.InvalidParameterException

  • CloudWatchLogs.Client.exceptions.OperationAbortedException

  • CloudWatchLogs.Client.exceptions.ResourceNotFoundException

  • CloudWatchLogs.Client.exceptions.ServiceUnavailableException