Package software.amazon.awscdk.services.logs

Class CfnLogGroup

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.logs.CfnLogGroup
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:38.075Z") @Stability(Stable) public class CfnLogGroup extends CfnResource implements IInspectable
A CloudFormation AWS::Logs::LogGroup.

The AWS::Logs::LogGroup resource specifies a log group. A log group defines common properties for log streams, such as their retention and access control rules. Each log stream must belong to one log group.

You can create up to 1,000,000 log groups per Region per account. You must use the following guidelines when naming a log group:

  • Log group names must be unique within a Region for an AWS account.
  • Log group names can be between 1 and 512 characters long.
  • Log group names consist of the following characters: a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), '/' (forward slash), and '.' (period).

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.logs.*;
 Object dataProtectionPolicy;
 CfnLogGroup cfnLogGroup = CfnLogGroup.Builder.create(this, "MyCfnLogGroup")
         .dataProtectionPolicy(dataProtectionPolicy)
         .kmsKeyId("kmsKeyId")
         .logGroupName("logGroupName")
         .retentionInDays(123)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnLogGroup

      protected CfnLogGroup(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnLogGroup

      protected CfnLogGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnLogGroup

      @Stability(Stable) public CfnLogGroup(@NotNull Construct scope, @NotNull String id, @Nullable CfnLogGroupProps props)
      Create a new AWS::Logs::LogGroup.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.

    • CfnLogGroup

      @Stability(Stable) public CfnLogGroup(@NotNull Construct scope, @NotNull String id)
      Create a new AWS::Logs::LogGroup.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrArn

      @Stability(Stable) @NotNull public String getAttrArn()
      The ARN of the log group, such as arn:aws:logs:us-west-1:123456789012:log-group:/mystack-testgroup-12ABC1AB12A1:*.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getTags

      @Stability(Stable) @NotNull public TagManager getTags()
      An array of key-value pairs to apply to the log group.

      For more information, see Tag .

    • getDataProtectionPolicy

      @Stability(Stable) @NotNull public Object getDataProtectionPolicy()
      Creates a data protection policy and assigns it to the log group.

      A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.

      For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking .

    • setDataProtectionPolicy

      @Stability(Stable) public void setDataProtectionPolicy(@NotNull Object value)
      Creates a data protection policy and assigns it to the log group.

      A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.

      For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking .

    • getKmsKeyId

      @Stability(Stable) @Nullable public String getKmsKeyId()
      The Amazon Resource Name (ARN) of the AWS KMS key to use when encrypting log data.

      To associate an AWS KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs . This enables CloudWatch Logs to decrypt this data whenever it is requested.

      If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an InvalidParameterException error.

      Log group data is always encrypted in CloudWatch Logs . If you omit this key, the encryption does not use AWS KMS . For more information, see Encrypt log data in CloudWatch Logs using AWS Key Management Service

    • setKmsKeyId

      @Stability(Stable) public void setKmsKeyId(@Nullable String value)
      The Amazon Resource Name (ARN) of the AWS KMS key to use when encrypting log data.

      To associate an AWS KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs . This enables CloudWatch Logs to decrypt this data whenever it is requested.

      If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an InvalidParameterException error.

      Log group data is always encrypted in CloudWatch Logs . If you omit this key, the encryption does not use AWS KMS . For more information, see Encrypt log data in CloudWatch Logs using AWS Key Management Service

    • getLogGroupName

      @Stability(Stable) @Nullable public String getLogGroupName()
      The name of the log group.

      If you don't specify a name, AWS CloudFormation generates a unique ID for the log group.

    • setLogGroupName

      @Stability(Stable) public void setLogGroupName(@Nullable String value)
      The name of the log group.

      If you don't specify a name, AWS CloudFormation generates a unique ID for the log group.

    • getRetentionInDays

      @Stability(Stable) @Nullable public Number getRetentionInDays()
      The number of days to retain the log events in the specified log group.

      Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653.

      To set a log group so that its log events do not expire, use DeleteRetentionPolicy .

    • setRetentionInDays

      @Stability(Stable) public void setRetentionInDays(@Nullable Number value)
      The number of days to retain the log events in the specified log group.

      Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653.

      To set a log group so that its log events do not expire, use DeleteRetentionPolicy .