LogGroupProps

class aws_cdk.aws_logs.LogGroupProps(*, encryption_key=None, log_group_name=None, removal_policy=None, retention=None)

Bases: object

Properties for a LogGroup.

Parameters
  • encryption_key (Optional[IKey]) – The KMS Key to encrypt the log group with. Default: - log group is encrypted with the default master key

  • log_group_name (Optional[str]) – Name of the log group. Default: Automatically generated

  • removal_policy (Optional[RemovalPolicy]) – Determine the removal policy of this log group. Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs. Default: RemovalPolicy.Retain

  • retention (Optional[RetentionDays]) – How long, in days, the log contents will be retained. To retain all logs, set this value to RetentionDays.INFINITE. Default: RetentionDays.TWO_YEARS

ExampleMetadata

infused

Example:

# vpc: ec2.Vpc

kms_key = kms.Key(self, "KmsKey")

# Pass the KMS key in the `encryptionKey` field to associate the key to the log group
log_group = logs.LogGroup(self, "LogGroup",
    encryption_key=kms_key
)

# Pass the KMS key in the `encryptionKey` field to associate the key to the S3 bucket
exec_bucket = s3.Bucket(self, "EcsExecBucket",
    encryption_key=kms_key
)

cluster = ecs.Cluster(self, "Cluster",
    vpc=vpc,
    execute_command_configuration=ecs.ExecuteCommandConfiguration(
        kms_key=kms_key,
        log_configuration=ecs.ExecuteCommandLogConfiguration(
            cloud_watch_log_group=log_group,
            cloud_watch_encryption_enabled=True,
            s3_bucket=exec_bucket,
            s3_encryption_enabled=True,
            s3_key_prefix="exec-command-output"
        ),
        logging=ecs.ExecuteCommandLogging.OVERRIDE
    )
)

Attributes

encryption_key

The KMS Key to encrypt the log group with.

Default
  • log group is encrypted with the default master key

log_group_name

Name of the log group.

Default

Automatically generated

removal_policy

Determine the removal policy of this log group.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

Default

RemovalPolicy.Retain

retention

How long, in days, the log contents will be retained.

To retain all logs, set this value to RetentionDays.INFINITE.

Default

RetentionDays.TWO_YEARS