Hello,

I have been playing around a bit with CloudWatch Destinations, my goal is to send logs across accounts. However, in the documentation and in the examples there is only the example with Kineses as destination for the CloudWatch Destinations.

Destination Object

https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_Destination.html here it talks mentioned Kinesis for example.

API Call

In the API description https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html, however, only Kinesis is mentioned. Also in the example only Kineses is mentioned. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Cross-Account-Log_Subscription-New.html

Lambda tweak

However, if a Lambda ARN is entered, this also works, the log events are successfully forwarded cross-account to the Lambda functions.

{
    "destinations": [
        {
            "destinationName": "my-name",
            "targetArn": "arn:aws:lambda:eu-central-1:xxxxxxxxxxxx:function:logs",
            "roleArn": "arn:aws:iam::xxxxxxxxxx:role/LambdaRole",
            "accessPolicy": "{......}",
            "arn": "arn:aws:logs:eu-central-1:xxxxxxxxxxxx:destination:logs",
        }
    ]
}

My question is therefore, can there be problems with this, since this is not described in the documentation, is there something to consider?

If it is usable without problems so, it would be nice if the Documentation can be adapted accordingly.