CloudWatchLogs / Client / put_destination



Creates or updates a destination. This operation is used only to create destinations for cross-account subscriptions.

A destination encapsulates a physical resource (such as an Amazon Kinesis stream). With a destination, you can subscribe to a real-time stream of log events for a different account, ingested using PutLogEvents.

Through an access policy, a destination controls what is written to it. By default, PutDestination does not set any access policy with the destination, which means a cross-account user cannot call PutSubscriptionFilter against this destination. To enable this, the destination owner must call PutDestinationPolicy after PutDestination.

To perform a PutDestination operation, you must also have the iam:PassRole permission.

See also: AWS API Documentation

Request Syntax

response = client.put_destination(
        'string': 'string'
  • destinationName (string) –


    A name for the destination.

  • targetArn (string) –


    The ARN of an Amazon Kinesis stream to which to deliver matching log events.

  • roleArn (string) –


    The ARN of an IAM role that grants CloudWatch Logs permissions to call the Amazon Kinesis PutRecord operation on the destination stream.

  • tags (dict) –

    An optional list of key-value pairs to associate with the resource.

    For more information about tagging, see Tagging Amazon Web Services resources

    • (string) –

      • (string) –

Return type:



Response Syntax

    'destination': {
        'destinationName': 'string',
        'targetArn': 'string',
        'roleArn': 'string',
        'accessPolicy': 'string',
        'arn': 'string',
        'creationTime': 123

Response Structure

  • (dict) –

    • destination (dict) –

      The destination.

      • destinationName (string) –

        The name of the destination.

      • targetArn (string) –

        The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).

      • roleArn (string) –

        A role for impersonation, used when delivering log events to the target.

      • accessPolicy (string) –

        An IAM policy document that governs which Amazon Web Services accounts can create subscription filters against this destination.

      • arn (string) –

        The ARN of this destination.

      • creationTime (integer) –

        The creation time of the destination, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.