Skip to content

Commit aa00bb1

Browse files
ylynnjlhood
ylynn
authored and
jlhood
committed
Add FilterLogEventsPolicy to policy templates. (#729)
This commit adds a new policy to the policy templates that grants permission to call the filter-log-events API, given a Log Group name.
1 parent 9196f45 commit aa00bb1

File tree

6 files changed

+97
-0
lines changed

6 files changed

+97
-0
lines changed

examples/2016-10-31/policy_templates/all_policy_templates.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,3 +82,6 @@ Resources:
8282

8383
- SESBulkTemplatedCrudPolicy:
8484
IdentityName: name
85+
86+
- FilterLogEventsPolicy:
87+
LogGroupName: name

samtranslator/policy_templates_data/policy_templates.json

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1475,6 +1475,34 @@
14751475
}
14761476
]
14771477
}
1478+
},
1479+
"FilterLogEventsPolicy": {
1480+
"Description": "Gives permission to filter Log Events from a specified Log Group",
1481+
"Parameters": {
1482+
"LogGroupName": {
1483+
"Description": "Name of the Log Group"
1484+
}
1485+
},
1486+
"Definition": {
1487+
"Statement": [
1488+
{
1489+
"Effect": "Allow",
1490+
"Action": [
1491+
"logs:FilterLogEvents"
1492+
],
1493+
"Resource": {
1494+
"Fn::Sub": [
1495+
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
1496+
{
1497+
"logGroupName": {
1498+
"Ref": "LogGroupName"
1499+
}
1500+
}
1501+
]
1502+
}
1503+
}
1504+
]
1505+
}
14781506
}
14791507
}
14801508
}

tests/translator/input/all_policy_templates.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,3 +135,6 @@ Resources:
135135

136136
- SESBulkTemplatedCrudPolicy:
137137
IdentityName: name
138+
139+
- FilterLogEventsPolicy:
140+
LogGroupName: name

tests/translator/output/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1143,6 +1143,27 @@
11431143
}
11441144
]
11451145
}
1146+
},
1147+
{
1148+
"PolicyName": "KitchenSinkFunctionRolePolicy46",
1149+
"PolicyDocument": {
1150+
"Statement": [
1151+
{
1152+
"Action": [
1153+
"logs:FilterLogEvents"
1154+
],
1155+
"Resource": {
1156+
"Fn::Sub": [
1157+
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
1158+
{
1159+
"logGroupName": "name"
1160+
}
1161+
]
1162+
},
1163+
"Effect": "Allow"
1164+
}
1165+
]
1166+
}
11461167
}
11471168
],
11481169
"AssumeRolePolicyDocument": {

tests/translator/output/aws-cn/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1142,6 +1142,27 @@
11421142
}
11431143
]
11441144
}
1145+
},
1146+
{
1147+
"PolicyName": "KitchenSinkFunctionRolePolicy46",
1148+
"PolicyDocument": {
1149+
"Statement": [
1150+
{
1151+
"Action": [
1152+
"logs:FilterLogEvents"
1153+
],
1154+
"Resource": {
1155+
"Fn::Sub": [
1156+
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
1157+
{
1158+
"logGroupName": "name"
1159+
}
1160+
]
1161+
},
1162+
"Effect": "Allow"
1163+
}
1164+
]
1165+
}
11451166
}
11461167
],
11471168
"AssumeRolePolicyDocument": {

tests/translator/output/aws-us-gov/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1143,6 +1143,27 @@
11431143
}
11441144
]
11451145
}
1146+
},
1147+
{
1148+
"PolicyName": "KitchenSinkFunctionRolePolicy46",
1149+
"PolicyDocument": {
1150+
"Statement": [
1151+
{
1152+
"Action": [
1153+
"logs:FilterLogEvents"
1154+
],
1155+
"Resource": {
1156+
"Fn::Sub": [
1157+
"arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*",
1158+
{
1159+
"logGroupName": "name"
1160+
}
1161+
]
1162+
},
1163+
"Effect": "Allow"
1164+
}
1165+
]
1166+
}
11461167
}
11471168
],
11481169
"AssumeRolePolicyDocument": {

0 commit comments

Comments
 (0)