@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class PutAccountPolicyRequest extends AmazonWebServiceRequest implements Serializable, Cloneable
NOOP
Constructor and Description |
---|
PutAccountPolicyRequest() |
Modifier and Type | Method and Description |
---|---|
PutAccountPolicyRequest |
clone()
Creates a shallow clone of this object for all fields except the handler context.
|
boolean |
equals(Object obj) |
String |
getPolicyDocument()
Specify the policy, in JSON.
|
String |
getPolicyName()
A name for the policy.
|
String |
getPolicyType()
The type of policy that you're creating or updating.
|
String |
getScope()
Currently the only valid value for this parameter is
ALL , which specifies that the data protection
policy applies to all log groups in the account. |
String |
getSelectionCriteria()
Use this parameter to apply the subscription filter policy to a subset of log groups in the account.
|
int |
hashCode() |
void |
setPolicyDocument(String policyDocument)
Specify the policy, in JSON.
|
void |
setPolicyName(String policyName)
A name for the policy.
|
void |
setPolicyType(String policyType)
The type of policy that you're creating or updating.
|
void |
setScope(String scope)
Currently the only valid value for this parameter is
ALL , which specifies that the data protection
policy applies to all log groups in the account. |
void |
setSelectionCriteria(String selectionCriteria)
Use this parameter to apply the subscription filter policy to a subset of log groups in the account.
|
String |
toString()
Returns a string representation of this object.
|
PutAccountPolicyRequest |
withPolicyDocument(String policyDocument)
Specify the policy, in JSON.
|
PutAccountPolicyRequest |
withPolicyName(String policyName)
A name for the policy.
|
PutAccountPolicyRequest |
withPolicyType(PolicyType policyType)
The type of policy that you're creating or updating.
|
PutAccountPolicyRequest |
withPolicyType(String policyType)
The type of policy that you're creating or updating.
|
PutAccountPolicyRequest |
withScope(Scope scope)
Currently the only valid value for this parameter is
ALL , which specifies that the data protection
policy applies to all log groups in the account. |
PutAccountPolicyRequest |
withScope(String scope)
Currently the only valid value for this parameter is
ALL , which specifies that the data protection
policy applies to all log groups in the account. |
PutAccountPolicyRequest |
withSelectionCriteria(String selectionCriteria)
Use this parameter to apply the subscription filter policy to a subset of log groups in the account.
|
addHandlerContext, getCloneRoot, getCloneSource, getCustomQueryParameters, getCustomRequestHeaders, getGeneralProgressListener, getHandlerContext, getReadLimit, getRequestClientOptions, getRequestCredentials, getRequestCredentialsProvider, getRequestMetricCollector, getSdkClientExecutionTimeout, getSdkRequestTimeout, putCustomQueryParameter, putCustomRequestHeader, setGeneralProgressListener, setRequestCredentials, setRequestCredentialsProvider, setRequestMetricCollector, setSdkClientExecutionTimeout, setSdkRequestTimeout, withGeneralProgressListener, withRequestCredentialsProvider, withRequestMetricCollector, withSdkClientExecutionTimeout, withSdkRequestTimeout
public void setPolicyName(String policyName)
A name for the policy. This must be unique within the account.
policyName
- A name for the policy. This must be unique within the account.public String getPolicyName()
A name for the policy. This must be unique within the account.
public PutAccountPolicyRequest withPolicyName(String policyName)
A name for the policy. This must be unique within the account.
policyName
- A name for the policy. This must be unique within the account.public void setPolicyDocument(String policyDocument)
Specify the policy, in JSON.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer
array and an Operation
property with
an Audit
action. The DataIdentifer
array lists the types of sensitive data that you
want to mask. For more information about the available options, see Types of data
that you can mask.
The Operation
property with an Audit
action is required to find the sensitive data
terms. This Audit
action must contain a FindingsDestination
object. You can optionally
use that FindingsDestination
object to list one or more destinations to send audit findings to. If
you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an Operation
property with
an Deidentify
action. The DataIdentifer
array must exactly match the
DataIdentifer
array in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the data, and
it must contain the "MaskConfig": {}
object. The "MaskConfig": {}
object must be
empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
Description
, and Version
fields. The Name
is different than the
operation's policyName
parameter, and is used as a dimension when CloudWatch Logs reports audit
findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is grouped by
log stream, but the grouping can be set to Random
for a more even distribution. This property is
only applicable when the destination is an Kinesis Data Streams data stream.
policyDocument
- Specify the policy, in JSON.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer
array and an Operation
property with an Audit
action. The DataIdentifer
array lists the types of
sensitive data that you want to mask. For more information about the available options, see Types
of data that you can mask.
The Operation
property with an Audit
action is required to find the sensitive
data terms. This Audit
action must contain a FindingsDestination
object. You can
optionally use that FindingsDestination
object to list one or more destinations to send audit
findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must
already exist.
The second block must include both a DataIdentifer
array and an Operation
property with an Deidentify
action. The DataIdentifer
array must exactly match
the DataIdentifer
array in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the
data, and it must contain the "MaskConfig": {}
object. The "MaskConfig": {}
object must be empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
Description
, and Version
fields. The Name
is different than the
operation's policyName
parameter, and is used as a dimension when CloudWatch Logs reports
audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is
grouped by log stream, but the grouping can be set to Random
for a more even distribution.
This property is only applicable when the destination is an Kinesis Data Streams data stream.
public String getPolicyDocument()
Specify the policy, in JSON.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer
array and an Operation
property with
an Audit
action. The DataIdentifer
array lists the types of sensitive data that you
want to mask. For more information about the available options, see Types of data
that you can mask.
The Operation
property with an Audit
action is required to find the sensitive data
terms. This Audit
action must contain a FindingsDestination
object. You can optionally
use that FindingsDestination
object to list one or more destinations to send audit findings to. If
you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an Operation
property with
an Deidentify
action. The DataIdentifer
array must exactly match the
DataIdentifer
array in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the data, and
it must contain the "MaskConfig": {}
object. The "MaskConfig": {}
object must be
empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
Description
, and Version
fields. The Name
is different than the
operation's policyName
parameter, and is used as a dimension when CloudWatch Logs reports audit
findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is grouped by
log stream, but the grouping can be set to Random
for a more even distribution. This property is
only applicable when the destination is an Kinesis Data Streams data stream.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer
array and an Operation
property with an Audit
action. The DataIdentifer
array lists the types of
sensitive data that you want to mask. For more information about the available options, see Types
of data that you can mask.
The Operation
property with an Audit
action is required to find the sensitive
data terms. This Audit
action must contain a FindingsDestination
object. You
can optionally use that FindingsDestination
object to list one or more destinations to send
audit findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they
must already exist.
The second block must include both a DataIdentifer
array and an Operation
property with an Deidentify
action. The DataIdentifer
array must exactly match
the DataIdentifer
array in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the
data, and it must contain the "MaskConfig": {}
object. The "MaskConfig": {}
object must be empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
Description
, and Version
fields. The Name
is different than the
operation's policyName
parameter, and is used as a dimension when CloudWatch Logs reports
audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is
grouped by log stream, but the grouping can be set to Random
for a more even distribution.
This property is only applicable when the destination is an Kinesis Data Streams data stream.
public PutAccountPolicyRequest withPolicyDocument(String policyDocument)
Specify the policy, in JSON.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer
array and an Operation
property with
an Audit
action. The DataIdentifer
array lists the types of sensitive data that you
want to mask. For more information about the available options, see Types of data
that you can mask.
The Operation
property with an Audit
action is required to find the sensitive data
terms. This Audit
action must contain a FindingsDestination
object. You can optionally
use that FindingsDestination
object to list one or more destinations to send audit findings to. If
you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.
The second block must include both a DataIdentifer
array and an Operation
property with
an Deidentify
action. The DataIdentifer
array must exactly match the
DataIdentifer
array in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the data, and
it must contain the "MaskConfig": {}
object. The "MaskConfig": {}
object must be
empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
Description
, and Version
fields. The Name
is different than the
operation's policyName
parameter, and is used as a dimension when CloudWatch Logs reports audit
findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is grouped by
log stream, but the grouping can be set to Random
for a more even distribution. This property is
only applicable when the destination is an Kinesis Data Streams data stream.
policyDocument
- Specify the policy, in JSON.
Data protection policy
A data protection policy must include two JSON blocks:
The first block must include both a DataIdentifer
array and an Operation
property with an Audit
action. The DataIdentifer
array lists the types of
sensitive data that you want to mask. For more information about the available options, see Types
of data that you can mask.
The Operation
property with an Audit
action is required to find the sensitive
data terms. This Audit
action must contain a FindingsDestination
object. You can
optionally use that FindingsDestination
object to list one or more destinations to send audit
findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must
already exist.
The second block must include both a DataIdentifer
array and an Operation
property with an Deidentify
action. The DataIdentifer
array must exactly match
the DataIdentifer
array in the first block of the policy.
The Operation
property with the Deidentify
action is what actually masks the
data, and it must contain the "MaskConfig": {}
object. The "MaskConfig": {}
object must be empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two DataIdentifer
arrays must match exactly.
In addition to the two JSON blocks, the policyDocument
can also include Name
,
Description
, and Version
fields. The Name
is different than the
operation's policyName
parameter, and is used as a dimension when CloudWatch Logs reports
audit findings metrics to CloudWatch.
The JSON specified in policyDocument
can be up to 30,720 characters long.
Subscription filter policy
A subscription filter policy can include the following attributes in a JSON block:
DestinationArn The ARN of the destination to deliver log events to. Supported destinations are:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
RoleArn The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream. You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
FilterPattern A filter pattern for subscribing to a filtered stream of log events.
DistributionThe method used to distribute log data to the destination. By default, log data is
grouped by log stream, but the grouping can be set to Random
for a more even distribution.
This property is only applicable when the destination is an Kinesis Data Streams data stream.
public void setPolicyType(String policyType)
The type of policy that you're creating or updating.
policyType
- The type of policy that you're creating or updating.PolicyType
public String getPolicyType()
The type of policy that you're creating or updating.
PolicyType
public PutAccountPolicyRequest withPolicyType(String policyType)
The type of policy that you're creating or updating.
policyType
- The type of policy that you're creating or updating.PolicyType
public PutAccountPolicyRequest withPolicyType(PolicyType policyType)
The type of policy that you're creating or updating.
policyType
- The type of policy that you're creating or updating.PolicyType
public void setScope(String scope)
Currently the only valid value for this parameter is ALL
, which specifies that the data protection
policy applies to all log groups in the account. If you omit this parameter, the default of ALL
is
used.
scope
- Currently the only valid value for this parameter is ALL
, which specifies that the data
protection policy applies to all log groups in the account. If you omit this parameter, the default of
ALL
is used.Scope
public String getScope()
Currently the only valid value for this parameter is ALL
, which specifies that the data protection
policy applies to all log groups in the account. If you omit this parameter, the default of ALL
is
used.
ALL
, which specifies that the data
protection policy applies to all log groups in the account. If you omit this parameter, the default of
ALL
is used.Scope
public PutAccountPolicyRequest withScope(String scope)
Currently the only valid value for this parameter is ALL
, which specifies that the data protection
policy applies to all log groups in the account. If you omit this parameter, the default of ALL
is
used.
scope
- Currently the only valid value for this parameter is ALL
, which specifies that the data
protection policy applies to all log groups in the account. If you omit this parameter, the default of
ALL
is used.Scope
public PutAccountPolicyRequest withScope(Scope scope)
Currently the only valid value for this parameter is ALL
, which specifies that the data protection
policy applies to all log groups in the account. If you omit this parameter, the default of ALL
is
used.
scope
- Currently the only valid value for this parameter is ALL
, which specifies that the data
protection policy applies to all log groups in the account. If you omit this parameter, the default of
ALL
is used.Scope
public void setSelectionCriteria(String selectionCriteria)
Use this parameter to apply the subscription filter policy to a subset of log groups in the account. Currently,
the only supported filter is LogGroupName NOT IN []
. The selectionCriteria
string can
be up to 25KB in length. The length is determined by using its UTF-8 bytes.
Using the selectionCriteria
parameter is useful to help prevent infinite loops. For more
information, see Log
recursion prevention.
Specifing selectionCriteria
is valid only when you specify SUBSCRIPTION_FILTER_POLICY
for policyType
.
selectionCriteria
- Use this parameter to apply the subscription filter policy to a subset of log groups in the account.
Currently, the only supported filter is LogGroupName NOT IN []
. The
selectionCriteria
string can be up to 25KB in length. The length is determined by using its
UTF-8 bytes.
Using the selectionCriteria
parameter is useful to help prevent infinite loops. For more
information, see Log recursion prevention.
Specifing selectionCriteria
is valid only when you specify
SUBSCRIPTION_FILTER_POLICY
for policyType
.
public String getSelectionCriteria()
Use this parameter to apply the subscription filter policy to a subset of log groups in the account. Currently,
the only supported filter is LogGroupName NOT IN []
. The selectionCriteria
string can
be up to 25KB in length. The length is determined by using its UTF-8 bytes.
Using the selectionCriteria
parameter is useful to help prevent infinite loops. For more
information, see Log
recursion prevention.
Specifing selectionCriteria
is valid only when you specify SUBSCRIPTION_FILTER_POLICY
for policyType
.
LogGroupName NOT IN []
. The
selectionCriteria
string can be up to 25KB in length. The length is determined by using its
UTF-8 bytes.
Using the selectionCriteria
parameter is useful to help prevent infinite loops. For more
information, see Log recursion prevention.
Specifing selectionCriteria
is valid only when you specify
SUBSCRIPTION_FILTER_POLICY
for policyType
.
public PutAccountPolicyRequest withSelectionCriteria(String selectionCriteria)
Use this parameter to apply the subscription filter policy to a subset of log groups in the account. Currently,
the only supported filter is LogGroupName NOT IN []
. The selectionCriteria
string can
be up to 25KB in length. The length is determined by using its UTF-8 bytes.
Using the selectionCriteria
parameter is useful to help prevent infinite loops. For more
information, see Log
recursion prevention.
Specifing selectionCriteria
is valid only when you specify SUBSCRIPTION_FILTER_POLICY
for policyType
.
selectionCriteria
- Use this parameter to apply the subscription filter policy to a subset of log groups in the account.
Currently, the only supported filter is LogGroupName NOT IN []
. The
selectionCriteria
string can be up to 25KB in length. The length is determined by using its
UTF-8 bytes.
Using the selectionCriteria
parameter is useful to help prevent infinite loops. For more
information, see Log recursion prevention.
Specifing selectionCriteria
is valid only when you specify
SUBSCRIPTION_FILTER_POLICY
for policyType
.
public String toString()
toString
in class Object
Object.toString()
public PutAccountPolicyRequest clone()
AmazonWebServiceRequest
clone
in class AmazonWebServiceRequest
Object.clone()