Skip to content
Alchemy
GitHubXDiscord

Destination

The Destination resource lets you manage AWS Logs Destinations for routing log events to AWS services. A destination is an AWS resource that allows you to send logs from Amazon CloudWatch Logs to other services like Amazon Kinesis Data Streams or Amazon Kinesis Data Firehose.

Minimal Example

Section titled “Minimal Example”

Create a basic log destination that sends logs to a Kinesis Data Stream.

import AWS from "alchemy/aws/control";


const logDestination = await AWS.Logs.Destination("myLogDestination", {
  DestinationName: "MyKinesisStream",
  TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/my-kinesis-stream",
  RoleArn: "arn:aws:iam::123456789012:role/myCloudWatchLogsRole",
  DestinationPolicy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          Service: "logs.amazonaws.com"
        },
        Action: "kinesis:PutRecord",
        Resource: "arn:aws:kinesis:us-east-1:123456789012:stream/my-kinesis-stream"
      }
    ]
  })
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a log destination with a more specific IAM policy for controlling access.

const advancedLogDestination = await AWS.Logs.Destination("advancedLogDestination", {
  DestinationName: "AdvancedKinesisStream",
  TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/advanced-kinesis-stream",
  RoleArn: "arn:aws:iam::123456789012:role/myAdvancedCloudWatchLogsRole",
  DestinationPolicy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Principal: {
          Service: "logs.amazonaws.com"
        },
        Action: [
          "kinesis:PutRecord",
          "kinesis:PutRecords"
        ],
        Resource: "arn:aws:kinesis:us-east-1:123456789012:stream/advanced-kinesis-stream"
      },
      {
        Effect: "Allow",
        Principal: {
          Service: "logs.amazonaws.com"
        },
        Action: "iam:PassRole",
        Resource: "arn:aws:iam::123456789012:role/myAdvancedCloudWatchLogsRole"
      }
    ]
  })
});

Adoption of Existing Resource

Section titled “Adoption of Existing Resource”

If you want to adopt an existing log destination resource instead of failing if it already exists, you can set the adopt property to true.

const adoptLogDestination = await AWS.Logs.Destination("adoptLogDestination", {
  DestinationName: "ExistingLogDestination",
  TargetArn: "arn:aws:kinesis:us-east-1:123456789012:stream/existing-kinesis-stream",
  RoleArn: "arn:aws:iam::123456789012:role/myExistingCloudWatchLogsRole",
  adopt: true
});