Amazon CloudWatch Logs (logs)

2021-07-22

1 new condition | 48 updated actions, 1 updated resource

Additions

    Conditions
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access based on the tags associated with the resource
    • Type:  String

Updates

    Actions
  • AssociateKmsKey
      Description
    • Old: Associates the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group.
      New: Grants permissions to associate the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group
  • CancelExportTask
      Description
    • Old: Cancels an export task if it is in PENDING or RUNNING state
      New: Grants permissions to cancel an export task if it is in PENDING or RUNNING state
  • CreateExportTask
      Description
    • Old: Creates an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket
      New: Grants permissions to create an ExportTask which allows you to efficiently export data from a Log Group to your Amazon S3 bucket
  • CreateLogGroup
      Description
    • Old: Creates a new log group with the specified name
      New: Grants permissions to create a new log group with the specified name
  • CreateLogStream
      Description
    • Old: Creates a new log stream with the specified name
      New: Grants permissions to create a new log stream with the specified name
  • DeleteDestination
      Description
    • Old: Deletes the destination with the specified name and eventually disables all the subscription filters that publish to it
      New: Grants permissions to delete the destination with the specified name
  • DeleteLogGroup
      Description
    • Old: Deletes the log group with the specified name and permanently deletes all the archived log events associated with it
      New: Grants permissions to delete the log group with the specified name
  • DeleteLogStream
      Description
    • Old: Deletes a log stream and permanently deletes all the archived log events associated with it
      New: Grants permissions to delete a log stream
  • DeleteMetricFilter
      Description
    • Old: Deletes a metric filter associated with the specified log group
      New: Grants permissions to delete a metric filter associated with the specified log group
  • DeleteQueryDefinition
      Description
    • Old: Deletes a saved CloudWatch Logs Insights query definition
      New: Grants permissions to delete a saved CloudWatch Logs Insights query definition
  • DeleteResourcePolicy
      Description
    • Old: Deletes a resource policy from this account
      New: Grants permissions to delete a resource policy from this account
  • DeleteRetentionPolicy
      Description
    • Old: Deletes the retention policy of the specified log group
      New: Grants permissions to delete the retention policy of the specified log group
  • DeleteSubscriptionFilter
      Description
    • Old: Deletes a subscription filter associated with the specified log group
      New: Grants permissions to delete a subscription filter associated with the specified log group
  • DescribeDestinations
      Description
    • Old: Returns all the destinations that are associated with the AWS account making the request
      New: Grants permissions to return all the destinations that are associated with the AWS account making the request
  • DescribeExportTasks
      Description
    • Old: Returns all the export tasks that are associated with the AWS account making the request
      New: Grants permissions to return all the export tasks that are associated with the AWS account making the request
  • DescribeLogGroups
      Description
    • Old: Returns all the log groups that are associated with the AWS account making the request
      New: Grants permissions to return all the log groups that are associated with the AWS account making the request
  • DescribeLogStreams
      Description
    • Old: Returns all the log streams that are associated with the specified log group
      New: Grants permissions to return all the log streams that are associated with the specified log group
  • DescribeMetricFilters
      Description
    • Old: Returns all the metrics filters associated with the specified log group
      New: Grants permissions to return all the metrics filters associated with the specified log group
  • DescribeQueries
      Description
    • Old: Returns a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account. You can request all queries, or limit it to queries of a specific log group or queries with a certain status.
      New: Grants permissions to return a list of CloudWatch Logs Insights queries that are scheduled, executing, or have been executed recently in this account
  • DescribeQueryDefinitions
      Description
    • Old: Returns a paginated list of your saved CloudWatch Logs Insights query definitions
      New: Grants permissions to return a paginated list of your saved CloudWatch Logs Insights query definitions
  • DescribeResourcePolicies
      Description
    • Old: Return all the resource policies in this account.
      New: Grants permissions to return all the resource policies in this account
  • DescribeSubscriptionFilters
      Description
    • Old: Returns all the subscription filters associated with the specified log group
      New: Grants permissions to return all the subscription filters associated with the specified log group
  • DisassociateKmsKey
      Description
    • Old: Disassociates the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group
      New: Grants permissions to disassociate the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group
  • FilterLogEvents
      Description
    • Old: Retrieves log events, optionally filtered by a filter pattern from the specified log group
      New: Grants permissions to retrieve log events, optionally filtered by a filter pattern from the specified log group
  • GetLogEvents
      Description
    • Old: Retrieves log events from the specified log stream
      New: Grants permissions to retrieve log events from the specified log stream
  • GetLogGroupFields
      Description
    • Old: Returns a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field. The search is limited to a time period that you specify.
      New: Grants permissions to return a list of the fields that are included in log events in the specified log group, along with the percentage of log events that contain each field
  • GetLogRecord
      Description
    • Old: Retrieves all the fields and values of a single log event. All fields are retrieved, even if the original query that produced the logRecordPointer retrieved only a subset of fields. Fields are returned as field name/field value pairs.
      New: Grants permissions to retrieve all the fields and values of a single log event
  • GetQueryResults
      Description
    • Old: Returns the results from the specified query. If the query is in progress, partial results of that current execution are returned. Only the fields requested in the query are returned.
      New: Grants permissions to return the results from the specified query
  • ListTagsLogGroup
      Description
    • Old: Lists the tags for the specified log group
      New: Grants permissions to list the tags for the specified log group
  • PutDestination
      Description
    • Old: Creates or updates a Destination
      New: Grants permissions to create or update a Destination
  • PutDestinationPolicy
      Description
    • Old: Creates or updates an access policy associated with an existing Destination
      New: Grants permissions to create or update an access policy associated with an existing Destination
  • PutLogEvents
      Description
    • Old: Uploads a batch of log events to the specified log stream
      New: Grants permissions to upload a batch of log events to the specified log stream
  • PutMetricFilter
      Description
    • Old: Creates or updates a metric filter and associates it with the specified log group
      New: Grants permissions to create or update a metric filter and associates it with the specified log group
  • PutQueryDefinition
      Description
    • Old: Creates or updates a metric filter and associates it with the specified log group
      New: Grants permissions to create or update a query definition
  • PutResourcePolicy
      Description
    • Old: Creates or updates a resource policy allowing other AWS services to put log events to this account
      New: Grants permissions to create or update a resource policy allowing other AWS services to put log events to this account
  • PutRetentionPolicy
      Description
    • Old: Sets the retention of the specified log group
      New: Grants permissions to set the retention of the specified log group
  • PutSubscriptionFilter
      Description
    • Old: Creates or updates a subscription filter and associates it with the specified log group
      New: Grants permissions to create or update a subscription filter and associates it with the specified log group
  • StartQuery
      Description
    • Old: Schedules a query of a log group using CloudWatch Logs Insights. You specify the log group and time range to query, and the query string to use.
      New: Grants permissions to schedules a query of a log group using CloudWatch Logs Insights
  • StopQuery
      Description
    • Old: Stops a CloudWatch Logs Insights query that is in progress. If the query has already ended, the operation returns an error indicating that the specified query is not running.
      New: Grants permissions to stop a CloudWatch Logs Insights query that is in progress
  • TagLogGroup
      Description
    • Old: Adds or updates the specified tags for the specified log group
      New: Grants permissions to add or update the specified tags for the specified log group
      Access
    • Write  ⟶  Tagging
  • TestMetricFilter
      Description
    • Old: Tests the filter pattern of a metric filter against a sample of log event messages
      New: Grants permissions to test the filter pattern of a metric filter against a sample of log event messages
  • UntagLogGroup
      Description
    • Old: Removes the specified tags from the specified log group
      New: Grants permissions to remove the specified tags from the specified log group
      Access
    • Write  ⟶  Tagging
  • null
      New_value
    • Url: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html

      Name: DeleteLogDelivery

      Description: Grants permissions to delete the log delivery information for specified log delivery

      Access: Write

      Resources: []

      Conditions: []

      Dependents: []

      Old_value
    • Url:

      Name: DeleteLogDelivery [permission only]

      Description: Deletes the log delivery information for specified log delivery

      Access: Write

      Resources: []

      Conditions: []

      Dependents: []

  • UpdateLogDelivery
      Description
    • Old: Updates the log delivery information for specified log delivery
      New: Grants permissions to update the log delivery information for specified log delivery
  • CreateLogDelivery
      Description
    • Old: Creates the log delivery
      New: Grants permissions to create the log delivery
  • ListLogDeliveries
      Description
    • Old: Lists all the log deliveries for specified account and/or log source
      New: Grants permissions to list all the log deliveries for specified account and/or log source
  • GetLogDelivery
      Description
    • Old: Gets the log delivery information for specified log delivery
      New: Grants permissions to get the log delivery information for specified log delivery
  • DeleteLogDelivery
      Description
    • Old: Deletes the log delivery information for specified log delivery
      New: Grants permissions to delete the log delivery information for specified log delivery
    Resources
  • log-group
      Conditions
    • + aws:ResourceTag/${TagKey}