forked from globaldatanet/aws-firewall-factory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmonitoring-account-sink.template.yml
42 lines (38 loc) · 1.08 KB
/
monitoring-account-sink.template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template to create an OAM sink with a cross-account policy
Parameters:
PrincipalOrgID:
Type: String
Description: The AWS Organization ID that can create links to the sink
SinkName:
Type: String
Description: The name of the OAM sink
Resources:
OAMSink:
Type: AWS::Oam::Sink
Properties:
Name: !Ref SinkName
Policy:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- oam:CreateLink
- oam:UpdateLink
Resource: "*"
Principal:
AWS: "*"
Condition:
ForAllValues:StringEquals:
oam:PrincipalOrgID: !Ref PrincipalOrgID
SinkArnParameter:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/oam/${SinkName}/arn"
Type: String
Value: !GetAtt OAMSink.Arn
Description: !Sub "The ARN of the OAM sink for region: ${AWS::Region}"
Outputs:
SinkArn:
Description: The ARN of the OAM sink
Value: !GetAtt OAMSink.Arn