Resource: aws_oam_sink_policy

Terraform resource for managing an AWS CloudWatch Observability Access Manager Sink Policy.

Example Usage

Basic Usage

resource "aws_oam_sink" "example" {
  name = "ExampleSink"
}

resource "aws_oam_sink_policy" "example" {
  sink_identifier = aws_oam_sink.example.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action   = ["oam:CreateLink", "oam:UpdateLink"]
        Effect   = "Allow"
        Resource = "*"
        Principal = {
          "AWS" = ["1111111111111", "222222222222"]
        }
        Condition = {
          "ForAllValues:StringEquals" = {
            "oam:ResourceTypes" = ["AWS::CloudWatch::Metric", "AWS::Logs::LogGroup"]
          }
        }
      }
    ]
  })
}

Argument Reference

The following arguments are required:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Timeouts

Configuration options:

Import

In Terraform v1.5.0 and later, use an import block to import CloudWatch Observability Access Manager Sink Policy using the sink_identifier. For example:

import {
  to = aws_oam_sink_policy.example
  id = "arn:aws:oam:us-west-2:123456789012:sink/sink-id"
}

Using terraform import, import CloudWatch Observability Access Manager Sink Policy using the sink_identifier. For example:

% terraform import aws_oam_sink_policy.example arn:aws:oam:us-west-2:123456789012:sink/sink-id