access_log_subscriptions
Creates, updates, deletes or gets an access_log_subscription resource or lists access_log_subscriptions in a region
Overview
| Name | access_log_subscriptions |
| Type | Resource |
| Description | Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose. The service network owner can use the access logs to audit the services in the network. The service network owner will only see access logs from clients and services that are associated with their service network. Access log entries represent traffic originated from VPCs associated with that network. |
| Id | aws.vpclattice.access_log_subscriptions |
Fields
| Name | Datatype | Description |
|---|---|---|
arn | string | |
destination_arn | string | |
id | string | |
resource_arn | string | |
resource_id | string | |
resource_identifier | string | |
tags | array | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | DestinationArn, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all access_log_subscriptions in a region.
SELECT
region,
arn,
destination_arn,
id,
resource_arn,
resource_id,
resource_identifier,
tags
FROM aws.vpclattice.access_log_subscriptions
WHERE region = 'us-east-1';
Gets all properties from an individual access_log_subscription.
SELECT
region,
arn,
destination_arn,
id,
resource_arn,
resource_id,
resource_identifier,
tags
FROM aws.vpclattice.access_log_subscriptions
WHERE region = 'us-east-1' AND data__Identifier = '<Arn>';
INSERT example
Use the following StackQL query and manifest file to create a new access_log_subscription resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.vpclattice.access_log_subscriptions (
DestinationArn,
region
)
SELECT
'{{ DestinationArn }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.vpclattice.access_log_subscriptions (
DestinationArn,
ResourceIdentifier,
Tags,
region
)
SELECT
'{{ DestinationArn }}',
'{{ ResourceIdentifier }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: access_log_subscription
props:
- name: DestinationArn
value: '{{ DestinationArn }}'
- name: ResourceIdentifier
value: '{{ ResourceIdentifier }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.vpclattice.access_log_subscriptions
WHERE data__Identifier = '<Arn>'
AND region = 'us-east-1';
Permissions
To operate on the access_log_subscriptions resource, the following permissions are required:
Create
vpc-lattice:CreateAccessLogSubscription,
vpc-lattice:TagResource,
vpc-lattice:GetAccessLogSubscription,
vpc-lattice:ListTagsForResource,
logs:CreateLogDelivery,
logs:CreateLogStream,
logs:PutDestination,
logs:PutDestinationPolicy,
logs:PutResourcePolicy,
logs:DescribeResourcePolicies,
logs:DescribeLogGroups,
logs:GetLogDelivery,
s3:PutBucketLogging,
s3:GetBucketLogging,
s3:GetBucketPolicy,
s3:PutBucketPolicy,
firehose:TagDeliveryStream,
firehose:CreateDeliveryStream,
firehose:DescribeDeliveryStream,
iam:CreateServiceLinkedRole
Read
vpc-lattice:GetAccessLogSubscription,
vpc-lattice:ListTagsForResource,
logs:GetLogDelivery
Update
vpc-lattice:GetAccessLogSubscription,
vpc-lattice:UpdateAccessLogSubscription,
vpc-lattice:TagResource,
vpc-lattice:UntagResource,
logs:UpdateLogDelivery,
firehose:UpdateDestination,
logs:CreateLogDelivery,
logs:CreateLogStream,
logs:PutDestination,
logs:PutDestinationPolicy,
logs:PutResourcePolicy,
logs:DescribeResourcePolicies,
logs:DescribeLogGroups,
logs:GetLogDelivery,
s3:PutBucketLogging,
s3:GetBucketLogging,
s3:GetBucketPolicy,
s3:PutBucketPolicy,
firehose:TagDeliveryStream,
firehose:CreateDeliveryStream,
firehose:DescribeDeliveryStream
Delete
vpc-lattice:DeleteAccessLogSubscription,
vpc-lattice:UntagResource,
logs:DeleteLogDelivery,
logs:DeleteLogStream,
logs:GetLogDelivery,
logs:DeleteDestination,
s3:PutBucketLogging,
iam:GetServiceLinkedRoleDeletionStatus,
iam:DeleteServiceLinkedRole,
firehose:DeleteDeliveryStream,
firehose:UntagDeliveryStream
List
vpc-lattice:ListAccessLogSubscriptions