This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::XRay::ResourcePolicy
Use AWS::XRay::ResourcePolicy to specify an X-Ray resource-based policy,
which grants one or more AWS services and accounts permissions
to access X-Ray. Each resource-based policy is associated with a
specific AWS account.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::XRay::ResourcePolicy", "Properties" : { "BypassPolicyLockoutCheck" :Boolean, "PolicyDocument" :String, "PolicyName" :String} }
YAML
Type: AWS::XRay::ResourcePolicy Properties: BypassPolicyLockoutCheck:BooleanPolicyDocument:StringPolicyName:String
Properties
BypassPolicyLockoutCheck-
A flag to indicate whether to bypass the resource-based policy lockout safety check.
Required: No
Type: Boolean
Update requires: No interruption
PolicyDocument-
The resource-based policy document, which can be up to 5kb in size.
Required: Yes
Type: String
Minimum:
1Maximum:
5120Update requires: No interruption
PolicyName-
The name of the resource-based policy. Must be unique within a specific AWS account.
Required: Yes
Type: String
Pattern:
[\w+=,.@-]+Minimum:
1Maximum:
128Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the policy name.
For more information about using the Ref function, see Ref.
Examples
Create resource-based policy
This example creates a resource-based policy called MySnsActiveTracingPolicy, which configures Amazon SNS active tracing.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyResourcePolicy": { "Type": "AWS::XRay::ResourcePolicy", "Properties": { "BypassPolicyLockoutCheck": "false", "PolicyDocument": "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"SNSAccess\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"sns.amazonaws.com\" }, \"Action\": [ \"xray:PutTraceSegments\", \"xray:GetSamplingRules\", \"xray:GetSamplingTargets\" ], \"Resource\": \"*\", \"Condition\": { \"StringEquals\": { \"aws:SourceAccount\": \"my-account-id\" }, \"StringLike\": { \"aws:SourceArn\": \"arn:$my-partition:sns:$my-region:$my-account-id:my-topic-name\" } } } ] }", "PolicyName": "MySnsActiveTracingPolicy" } } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: MyResourcePolicy: Type: AWS::XRay::ResourcePolicy Properties: BypassPolicyLockoutCheck: false PolicyDocument: "{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Sid\": \"SNSAccess\", \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"sns.amazonaws.com\" }, \"Action\": [ \"xray:PutTraceSegments\", \"xray:GetSamplingRules\", \"xray:GetSamplingTargets\" ], \"Resource\": \"*\", \"Condition\": { \"StringEquals\": { \"aws:SourceAccount\": \"my-account-id\" }, \"StringLike\": { \"aws:SourceArn\": \"arn:$my-partition:sns:$my-region:$my-account-id:my-topic-name\" } } } ] }" PolicyName: "MySNSActiveTracingPolicy"
See also
-
PutResourcePolicy action in the X-Ray API Reference
