ExecuteCommandLogConfiguration

class aws_cdk.aws_ecs.ExecuteCommandLogConfiguration(*, cloud_watch_encryption_enabled=None, cloud_watch_log_group=None, s3_bucket=None, s3_encryption_enabled=None, s3_key_prefix=None)

Bases: object

The log configuration for the results of the execute command actions.

The logs can be sent to CloudWatch Logs and/ or an Amazon S3 bucket. For more information, see [ExecuteCommandLogConfiguration] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html

Parameters:

  • cloud_watch_encryption_enabled (Optional[bool]) – Whether or not to enable encryption on the CloudWatch logs. Default: - encryption will be disabled.

  • cloud_watch_log_group (Optional[ILogGroup]) – The name of the CloudWatch log group to send logs to. The CloudWatch log group must already be created. Default: - none

  • s3_bucket (Optional[IBucket]) – The name of the S3 bucket to send logs to. The S3 bucket must already be created. Default: - none

  • s3_encryption_enabled (Optional[bool]) – Whether or not to enable encryption on the S3 bucket. Default: - encryption will be disabled.

  • s3_key_prefix (Optional[str]) – An optional folder in the S3 bucket to place logs in. Default: - none

ExampleMetadata:

infused

Example:

# vpc: ec2.Vpc

kms_key = kms.Key(self, "KmsKey")

# Pass the KMS key in the `encryptionKey` field to associate the key to the log group
log_group = logs.LogGroup(self, "LogGroup",
    encryption_key=kms_key
)

# Pass the KMS key in the `encryptionKey` field to associate the key to the S3 bucket
exec_bucket = s3.Bucket(self, "EcsExecBucket",
    encryption_key=kms_key
)

cluster = ecs.Cluster(self, "Cluster",
    vpc=vpc,
    execute_command_configuration=ecs.ExecuteCommandConfiguration(
        kms_key=kms_key,
        log_configuration=ecs.ExecuteCommandLogConfiguration(
            cloud_watch_log_group=log_group,
            cloud_watch_encryption_enabled=True,
            s3_bucket=exec_bucket,
            s3_encryption_enabled=True,
            s3_key_prefix="exec-command-output"
        ),
        logging=ecs.ExecuteCommandLogging.OVERRIDE
    )
)

Attributes

cloud_watch_encryption_enabled

Whether or not to enable encryption on the CloudWatch logs.

Default:

  • encryption will be disabled.

cloud_watch_log_group

The name of the CloudWatch log group to send logs to.

The CloudWatch log group must already be created.

Default:

  • none

s3_bucket

The name of the S3 bucket to send logs to.

The S3 bucket must already be created.

Default:

  • none

s3_encryption_enabled

Whether or not to enable encryption on the S3 bucket.

Default:

  • encryption will be disabled.

s3_key_prefix

An optional folder in the S3 bucket to place logs in.

Default:

  • none