ExecuteCommandConfiguration

class aws_cdk.aws_ecs.ExecuteCommandConfiguration(*, kms_key=None, log_configuration=None, logging=None)

Bases: object

The details of the execute command configuration.

For more information, see [ExecuteCommandConfiguration] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandconfiguration.html

Parameters:

  • kms_key (Optional[IKey]) – The AWS Key Management Service key ID to encrypt the data between the local client and the container. Default: - none

  • log_configuration (Union[ExecuteCommandLogConfiguration, Dict[str, Any], None]) – The log configuration for the results of the execute command actions. The logs can be sent to CloudWatch Logs or an Amazon S3 bucket. Default: - none

  • logging (Optional[ExecuteCommandLogging]) – The log settings to use for logging the execute command session. Default: - none

ExampleMetadata:

infused

Example:

# vpc: ec2.Vpc

kms_key = kms.Key(self, "KmsKey")

# Pass the KMS key in the `encryptionKey` field to associate the key to the log group
log_group = logs.LogGroup(self, "LogGroup",
    encryption_key=kms_key
)

# Pass the KMS key in the `encryptionKey` field to associate the key to the S3 bucket
exec_bucket = s3.Bucket(self, "EcsExecBucket",
    encryption_key=kms_key
)

cluster = ecs.Cluster(self, "Cluster",
    vpc=vpc,
    execute_command_configuration=ecs.ExecuteCommandConfiguration(
        kms_key=kms_key,
        log_configuration=ecs.ExecuteCommandLogConfiguration(
            cloud_watch_log_group=log_group,
            cloud_watch_encryption_enabled=True,
            s3_bucket=exec_bucket,
            s3_encryption_enabled=True,
            s3_key_prefix="exec-command-output"
        ),
        logging=ecs.ExecuteCommandLogging.OVERRIDE
    )
)

Attributes

kms_key

The AWS Key Management Service key ID to encrypt the data between the local client and the container.

Default:

  • none

log_configuration

The log configuration for the results of the execute command actions.

The logs can be sent to CloudWatch Logs or an Amazon S3 bucket.

Default:

  • none

logging

The log settings to use for logging the execute command session.

Default:

  • none