AWS CloudWatch Logs Access Policies
GPTKB entity
Statements (50)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:cloud_service
|
| gptkbp:allows |
granting permissions to AWS services
granting permissions to roles granting permissions to users |
| gptkbp:attachedTo |
log streams
log groups subscription filters |
| gptkbp:canBe |
gptkb:IAM_Policy_Simulator
granting access to AWS Glue granting access to AWS Lambda granting access to AWS Step Functions granting access to Amazon Kinesis granting access to Amazon S3 granting access to third-party services |
| gptkbp:canBeManagedBy |
gptkb:AWS_CloudFormation
gptkb:AWS_CLI gptkb:AWS_Management_Console gptkb:AWS_SDKs |
| gptkbp:documentation |
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-access-control-overview-cwl.html
|
| gptkbp:enables |
fine-grained access control
auditing of access cross-account access compliance with security standards |
| https://www.w3.org/2000/01/rdf-schema#label |
AWS CloudWatch Logs Access Policies
|
| gptkbp:partOf |
gptkb:Amazon_CloudWatch_Logs
|
| gptkbp:prohibits |
access by AWS account
access by IP address access by VPC access by condition keys access by resource ARN |
| gptkbp:relatedTo |
gptkb:AWS_Identity_and_Access_Management
gptkb:CloudWatch_Logs_Insights CloudWatch Logs API |
| gptkbp:supports |
policy statements
policy versioning identity-based policies policy conditions resource-based policies actions such as logs:CreateLogGroup actions such as logs:DeleteLogGroup actions such as logs:DescribeLogGroups actions such as logs:GetLogEvents actions such as logs:PutLogEvents actions such as logs:PutRetentionPolicy actions such as logs:PutSubscriptionFilter policy effect (Allow or Deny) |
| gptkbp:usedFor |
controlling access to CloudWatch Logs resources
|
| gptkbp:uses |
AWS IAM policy syntax
|
| gptkbp:bfsParent |
gptkb:Amazon_CloudWatch_Logs
|
| gptkbp:bfsLayer |
6
|