Alchemy

Appearance

Destination ​

The Destination resource lets you manage AWS Logs Destinations for routing log events to AWS services. A destination is an AWS resource that allows you to send logs from Amazon CloudWatch Logs to other services like Amazon Kinesis Data Streams or Amazon Kinesis Data Firehose.

Minimal Example ​

Create a basic log destination that sends logs to a Kinesis Data Stream.

ts
import AWS from "alchemy/aws/control";

const logDestination = await AWS.Logs.Destination("myLogDestination", {
  DestinationName: "MyKinesisStream",
  TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/my-kinesis-stream",
  RoleArn: "arn:aws:iam::123456789012:role/myCloudWatchLogsRole",
  DestinationPolicy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          Service: "logs.amazonaws.com"
        },
        Action: "kinesis:PutRecord",
        Resource: "arn:aws:kinesis:us-east-1:123456789012:stream/my-kinesis-stream"
      }
    ]
  })
});

Advanced Configuration ​

Configure a log destination with a more specific IAM policy for controlling access.

ts
const advancedLogDestination = await AWS.Logs.Destination("advancedLogDestination", {
  DestinationName: "AdvancedKinesisStream",
  TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/advanced-kinesis-stream",
  RoleArn: "arn:aws:iam::123456789012:role/myAdvancedCloudWatchLogsRole",
  DestinationPolicy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          Service: "logs.amazonaws.com"
        },
        Action: [
          "kinesis:PutRecord",
          "kinesis:PutRecords"
        ],
        Resource: "arn:aws:kinesis:us-east-1:123456789012:stream/advanced-kinesis-stream"
      },
      {
        Effect: "Allow",
        Principal: {
          Service: "logs.amazonaws.com"
        },
        Action: "iam:PassRole",
        Resource: "arn:aws:iam::123456789012:role/myAdvancedCloudWatchLogsRole"
      }
    ]
  })
});

Adoption of Existing Resource ​

If you want to adopt an existing log destination resource instead of failing if it already exists, you can set the adopt property to true.

ts
const adoptLogDestination = await AWS.Logs.Destination("adoptLogDestination", {
  DestinationName: "ExistingLogDestination",
  TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/existing-kinesis-stream",
  RoleArn: "arn:aws:iam::123456789012:role/myExistingCloudWatchLogsRole",
  adopt: true
});