Amazon CloudWatch Logs announces AWS Organizations support for cross account Subscriptions

CloudWatch Logs now makes it easier for AWS Organizations customers to manage CloudWatch Logs Subscription Filter destination access policies. Subscription Filters are a feature that allow you to deliver log data in real-time to services such as Amazon Kinesis Data Streams, an Amazon Kinesis Data Firehose, or Amazon Lambda. Subscription Filters are also used to share log data with other AWS accounts. You can now use your Organization ID or Organization Path in destination access policies.

A common use case for CloudWatch Logs Subscription Filters is to help customers centralize log collection. Now with Organization ID and Organization Path support for destination access policies customers no longer need to maintain a list of Account ID’s within their destination policy and can instead specify an aws:PrincipalOrgId or aws:PrincipalOrgPath reducing the maintenance needed to maintain the policy. Get started by reviewing CloudWatch Logs Cross-Account log data sharing with Subscriptions documentation.

CloudWatch Logs AWS Organizations support for cross account Subscriptions is available in all AWS Commercial and GovCloud Regions but is not yet available in AWS China Regions.