Skip to main content

subscription_filters

Creates, updates, deletes or gets a subscription_filter resource or lists subscription_filters in a region

Overview

Namesubscription_filters
TypeResource
DescriptionThe AWS::Logs::SubscriptionFilter resource specifies a subscription filter and associates it with the specified log group. Subscription filters allow you to subscribe to a real-time stream of log events and have them delivered to a specific destination. Currently, the supported destinations are:
+ An Amazon Kinesis data stream belonging to the same account as the subscription filter, for same-account delivery.
+ A logical destination that belongs to a different account, for cross-account delivery.
+ An Amazon Kinesis Firehose delivery stream that belongs to the same account as the subscription filter, for same-account delivery.
+ An LAMlong function that belongs to the same account as the subscription filter, for same-account delivery.

There can be as many as two subscription filters associated with a log group.
Idaws.logs.subscription_filters

Fields

NameDatatypeDescription
filter_namestringThe name of the subscription filter.
destination_arnstringThe Amazon Resource Name (ARN) of the destination.
filter_patternstringThe filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html).
log_group_namestringThe log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events.
role_arnstringThe ARN of an IAM role that grants CWL permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
distributionstringThe method used to distribute log data to the destination, which can be either random or grouped by log stream.
regionstringAWS region.

Methods

NameAccessible byRequired Params
create_resourceINSERTDestinationArn, FilterPattern, LogGroupName, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all subscription_filters in a region.

SELECT
region,
filter_name,
destination_arn,
filter_pattern,
log_group_name,
role_arn,
distribution
FROM aws.logs.subscription_filters
WHERE region = 'us-east-1';

Gets all properties from an individual subscription_filter.

SELECT
region,
filter_name,
destination_arn,
filter_pattern,
log_group_name,
role_arn,
distribution
FROM aws.logs.subscription_filters
WHERE region = 'us-east-1' AND data__Identifier = '<FilterName>|<LogGroupName>';

INSERT example

Use the following StackQL query and manifest file to create a new subscription_filter resource, using stack-deploy.

/*+ create */
INSERT INTO aws.logs.subscription_filters (
 DestinationArn,
 FilterPattern,
 LogGroupName,
 region
)
SELECT 
'{{ DestinationArn }}',
 '{{ FilterPattern }}',
 '{{ LogGroupName }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM aws.logs.subscription_filters
WHERE data__Identifier = '<FilterName|LogGroupName>'
AND region = 'us-east-1';

Permissions

To operate on the subscription_filters resource, the following permissions are required:

Create

iam:PassRole,
logs:PutSubscriptionFilter,
logs:DescribeSubscriptionFilters

Read

logs:DescribeSubscriptionFilters

Update

iam:PassRole,
logs:PutSubscriptionFilter,
logs:DescribeSubscriptionFilters

Delete

logs:DeleteSubscriptionFilter

List

logs:DescribeSubscriptionFilters