Skip to main content
← back to extensions

@swamp/aws/logs

v2026.04.23.3

AWS LOGS infrastructure models

Repository

https://github.com/systeminit/swamp-extensions

Platforms

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

Labels

awslogscloudinfrastructure

Contents

models

Quality score

Verified by Swamp

How well-documented and verifiable this extension is.

100%

Grade A

  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned

Install

$ swamp extension pull @swamp/aws/logs

@swamp/aws/logs/account-policyv2026.04.23.2account_policy.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
PolicyNamestringThe name of the account policy
PolicyDocumentstringThe body of the policy document you want to use for this topic. You can only add one policy per PolicyType. The policy must be in JSON string format. Length Constraints: Maximum length of 30720
PolicyTypeenumType of the policy.
Scope?enumScope for policy application
SelectionCriteria?stringLog group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
createCreate a Logs AccountPolicy
getGet a Logs AccountPolicy
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs AccountPolicy
updateUpdate a Logs AccountPolicy
deleteDelete a Logs AccountPolicy
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs AccountPolicy
syncSync Logs AccountPolicy state from AWS

Resources

state(infinite)— Logs AccountPolicy resource state
@swamp/aws/logs/deliveryv2026.04.23.2delivery.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
DeliverySourceNamestringThe name of the delivery source that is associated with this delivery.
DeliveryDestinationArnstringThe ARN of the delivery destination that is associated with this delivery.
Tags?arrayThe tags that have been assigned to this delivery.
RecordFields?arrayThe list of record fields to be delivered to the destination, in order. If the delivery's log source has mandatory fields, they must be included in this list.
FieldDelimiter?stringThe field delimiter to use between record fields when the final output format of a delivery is in Plain, W3C, or Raw format.
S3SuffixPath?stringThis string allows re-configuring the S3 object prefix to contain either static or variable sections. The valid variables to use in the suffix path will vary by each log source. See ConfigurationTemplate$allowedSuffixPathFields for more info on what values are supported in the suffix path for each log source.
S3EnableHiveCompatiblePath?booleanThis parameter causes the S3 objects that contain delivered logs to use a prefix structure that allows for integration with Apache Hive.
createCreate a Logs Delivery
getGet a Logs Delivery
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Delivery
updateUpdate a Logs Delivery
deleteDelete a Logs Delivery
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Delivery
syncSync Logs Delivery state from AWS

Resources

state(infinite)— Logs Delivery resource state
@swamp/aws/logs/delivery-destinationv2026.04.23.2delivery_destination.ts

Global Arguments

ArgumentTypeDescription
NamestringThe name of this delivery destination.
DestinationResourceArn?stringThe ARN of the Amazon Web Services destination that this delivery destination represents. That Amazon Web Services destination can be a log group in CloudWatch Logs, an Amazon S3 bucket, or a delivery stream in Firehose.
Tags?arrayThe tags that have been assigned to this delivery destination.
DeliveryDestinationType?stringDisplays whether this delivery destination is CloudWatch Logs, Amazon S3, Kinesis Data Firehose, or XRay.
DeliveryDestinationPolicy?objectIAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account. The policy must be in JSON string format. Length Constraints: Maximum length of 51200
OutputFormat?stringThe format of the logs that are sent to this delivery destination.
createCreate a Logs DeliveryDestination
getGet a Logs DeliveryDestination
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs DeliveryDestination
updateUpdate a Logs DeliveryDestination
deleteDelete a Logs DeliveryDestination
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs DeliveryDestination
syncSync Logs DeliveryDestination state from AWS

Resources

state(infinite)— Logs DeliveryDestination resource state
@swamp/aws/logs/delivery-sourcev2026.04.23.2delivery_source.ts

Global Arguments

ArgumentTypeDescription
NamestringThe unique name of the Log source.
ResourceArn?stringThe Amazon Resource Name (ARN) that uniquely identifies this delivery source.
LogType?stringThe type of logs being delivered. Only mandatory when the resourceArn could match more than one. In such a case, the error message will contain all the possible options.
Tags?arrayThe tags that have been assigned to this delivery source.
createCreate a Logs DeliverySource
getGet a Logs DeliverySource
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs DeliverySource
updateUpdate a Logs DeliverySource
deleteDelete a Logs DeliverySource
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs DeliverySource
syncSync Logs DeliverySource state from AWS

Resources

state(infinite)— Logs DeliverySource resource state
@swamp/aws/logs/destinationv2026.04.23.2destination.ts

Global Arguments

ArgumentTypeDescription
Tags?arrayAn array of key-value pairs to apply to this resource.
DestinationNamestringThe name of the destination resource
DestinationPolicy?stringAn IAM policy document that governs which AWS accounts can create subscription filters against this destination.
RoleArnstringThe ARN of an IAM role that permits CloudWatch Logs to send data to the specified AWS resource
TargetArnstringThe ARN of the physical target where the log events are delivered (for example, a Kinesis stream)
createCreate a Logs Destination
getGet a Logs Destination
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Destination
updateUpdate a Logs Destination
deleteDelete a Logs Destination
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Destination
syncSync Logs Destination state from AWS

Resources

state(infinite)— Logs Destination resource state
@swamp/aws/logs/integrationv2026.04.23.2integration.ts

Global Arguments

ArgumentTypeDescription
IntegrationNamestringUser provided identifier for integration, unique to the user account.
IntegrationTypeenumThe type of the Integration.
ResourceConfigobjectOpenSearchResourceConfig for the given Integration
createCreate a Logs Integration
getGet a Logs Integration
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Integration
deleteDelete a Logs Integration
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Integration
syncSync Logs Integration state from AWS

Resources

state(infinite)— Logs Integration resource state
@swamp/aws/logs/log-anomaly-detectorv2026.04.23.2log_anomaly_detector.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
AccountId?stringAccount ID for owner of detector
KmsKeyId?stringThe Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
DetectorName?stringName of detector
LogGroupArnList?arrayList of Arns for the given log group
EvaluationFrequency?enumHow often log group is evaluated
FilterPattern?string
AnomalyVisibilityTime?number
createCreate a Logs LogAnomalyDetector
getGet a Logs LogAnomalyDetector
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs LogAnomalyDetector
updateUpdate a Logs LogAnomalyDetector
deleteDelete a Logs LogAnomalyDetector
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs LogAnomalyDetector
syncSync Logs LogAnomalyDetector state from AWS

Resources

state(infinite)— Logs LogAnomalyDetector resource state
@swamp/aws/logs/log-groupv2026.04.23.2log_group.ts

Global Arguments

ArgumentTypeDescription
LogGroupName?stringThe name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
KmsKeyId?stringThe Amazon Resource Name (ARN) of the KMS key to use when encrypting log data. To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested. If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive
DataProtectionPolicy?stringCreates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.
FieldIndexPolicies?arrayCreates or updates a *field index policy* for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see [Log classes](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html). You can use field index policies to create *field indexes* on fields found in log events in the log group. Creating field indexes lowers the costs for CWL Insights queries that reference those field indexes,
LogGroupClass?enumSpecifies the log group class for this log group. There are two classes: The Standard log class supports all CWL features. The Infrequent Access log class supports a subset of CWL features and incurs lower costs. For details about the features supported by each class, see [Log classes](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html)
RetentionInDays?unionThe number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, do not specify this property.
Tags?arrayAn array of key-value pairs to apply to the log group. For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html).
ResourcePolicyDocument?stringCreates or updates a resource policy for the specified log group that allows other services to put log events to this account. A LogGroup can have 1 resource policy.
DeletionProtectionEnabled?booleanIndicates whether deletion protection is enabled for this log group. When enabled, deletion protection blocks all deletion operations until it is explicitly disabled.
BearerTokenAuthenticationEnabled?booleanIndicates whether bearer token authentication is enabled for this log group. When enabled, bearer token authentication is allowed on operations until it is explicitly disabled.
createCreate a Logs LogGroup
getGet a Logs LogGroup
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs LogGroup
updateUpdate a Logs LogGroup
deleteDelete a Logs LogGroup
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs LogGroup
syncSync Logs LogGroup state from AWS

Resources

state(infinite)— Logs LogGroup resource state
@swamp/aws/logs/log-streamv2026.04.23.2log_stream.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
LogStreamName?stringThe name of the log stream. The name must be unique wihtin the log group.
LogGroupNamestringThe name of the log group where the log stream is created.
createCreate a Logs LogStream
getGet a Logs LogStream
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs LogStream
deleteDelete a Logs LogStream
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs LogStream
syncSync Logs LogStream state from AWS

Resources

state(infinite)— Logs LogStream resource state
@swamp/aws/logs/metric-filterv2026.04.23.2metric_filter.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
FieldSelectionCriteria?stringThe filter expression that specifies which log events are processed by this metric filter based on system fields. Returns the fieldSelectionCriteria value if it was specified when the metric filter was created.
MetricTransformationsarrayThe metric transformations.
FilterPatternstringA filter pattern for extracting metric data out of ingested log events. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html).
EmitSystemFieldDimensions?arrayThe list of system fields that are emitted as additional dimensions in the generated metrics. Returns the emitSystemFieldDimensions value if it was specified when the metric filter was created.
LogGroupNamestringThe name of an existing log group that you want to associate with this metric filter.
ApplyOnTransformedLogs?booleanThis parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html). If this value is true, the metric filter is applied on the transformed version of the log events instead of the original ingested log events.
FilterName?stringThe name of the metric filter.
createCreate a Logs MetricFilter
getGet a Logs MetricFilter
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs MetricFilter
updateUpdate a Logs MetricFilter
deleteDelete a Logs MetricFilter
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs MetricFilter
syncSync Logs MetricFilter state from AWS

Resources

state(infinite)— Logs MetricFilter resource state
@swamp/aws/logs/query-definitionv2026.04.23.2query_definition.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
NamestringA name for the saved query definition
QueryStringstringThe query string to use for this definition
LogGroupNames?arrayOptionally define specific log groups as part of your query definition
QueryLanguage?enumQuery language of the query string. Possible values are CWLI, SQL, PPL, with CWLI being the default.
Parameters?arrayUse this parameter to include specific query parameters as part of your query definition. Query parameters are supported only for Logs Insights QL queries. Query parameters allow you to use placeholder variables in your query string that are substituted with values at execution time. Use the {{parameterName}} syntax in your query string to reference a parameter.
createCreate a Logs QueryDefinition
getGet a Logs QueryDefinition
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs QueryDefinition
updateUpdate a Logs QueryDefinition
deleteDelete a Logs QueryDefinition
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs QueryDefinition
syncSync Logs QueryDefinition state from AWS

Resources

state(infinite)— Logs QueryDefinition resource state
@swamp/aws/logs/resource-policyv2026.04.23.2resource_policy.ts

Global Arguments

ArgumentTypeDescription
PolicyNamestringA name for resource policy
PolicyDocumentstringThe policy document
createCreate a Logs ResourcePolicy
getGet a Logs ResourcePolicy
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs ResourcePolicy
updateUpdate a Logs ResourcePolicy
deleteDelete a Logs ResourcePolicy
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs ResourcePolicy
syncSync Logs ResourcePolicy state from AWS

Resources

state(infinite)— Logs ResourcePolicy resource state
@swamp/aws/logs/scheduled-queryv2026.04.23.2scheduled_query.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
Namestring
Description?string
QueryLanguagestring
QueryStringstring
LogGroupIdentifiers?array
ScheduleExpressionstring
Timezone?string
StartTimeOffset?number
DestinationConfiguration?object
ScheduleStartTime?number
ScheduleEndTime?number
ExecutionRoleArnstring
State?enum
Tags?array
createCreate a Logs ScheduledQuery
getGet a Logs ScheduledQuery
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs ScheduledQuery
updateUpdate a Logs ScheduledQuery
deleteDelete a Logs ScheduledQuery
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs ScheduledQuery
syncSync Logs ScheduledQuery state from AWS

Resources

state(infinite)— Logs ScheduledQuery resource state
@swamp/aws/logs/subscription-filterv2026.04.23.2subscription_filter.ts

Global Arguments

ArgumentTypeDescription
namestringInstance name for this resource (used as the unique identifier in the factory pattern)
FilterName?stringThe name of the subscription filter.
DestinationArnstringThe Amazon Resource Name (ARN) of the destination.
FilterPatternstringThe filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html).
LogGroupNamestringThe log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events.
RoleArn?stringThe ARN of an IAM role that grants CWL permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
Distribution?enumThe method used to distribute log data to the destination, which can be either random or grouped by log stream.
ApplyOnTransformedLogs?booleanThis parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html). If this value is true, the subscription filter is applied on the transformed version of the log events instead of the original ingested log events.
FieldSelectionCriteria?stringThe filter expression that specifies which log events are processed by this subscription filter based on system fields. Returns the fieldSelectionCriteria value if it was specified when the subscription filter was created.
EmitSystemFields?arrayThe list of system fields that are included in the log events sent to the subscription destination. Returns the emitSystemFields value if it was specified when the subscription filter was created.
createCreate a Logs SubscriptionFilter
getGet a Logs SubscriptionFilter
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs SubscriptionFilter
updateUpdate a Logs SubscriptionFilter
deleteDelete a Logs SubscriptionFilter
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs SubscriptionFilter
syncSync Logs SubscriptionFilter state from AWS

Resources

state(infinite)— Logs SubscriptionFilter resource state
@swamp/aws/logs/transformerv2026.04.23.2transformer.ts

Global Arguments

ArgumentTypeDescription
LogGroupIdentifierstringExisting log group that you want to associate with this transformer.
TransformerConfigarrayList of processors in a transformer
createCreate a Logs Transformer
getGet a Logs Transformer
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Transformer
updateUpdate a Logs Transformer
deleteDelete a Logs Transformer
ArgumentTypeDescription
identifierstringThe primary identifier of the Logs Transformer
syncSync Logs Transformer state from AWS

Resources

state(infinite)— Logs Transformer resource state