CfnLogGroupProps

class aws_cdk.aws_logs.CfnLogGroupProps(*, data_protection_policy=None, kms_key_id=None, log_group_class=None, log_group_name=None, retention_in_days=None, tags=None)

Bases: object

Properties for defining a CfnLogGroup.

Parameters:

data_protection_policy (Any) – Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that’s ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking .
kms_key_id (Optional[str]) – The Amazon Resource Name (ARN) of the AWS KMS key to use when encrypting log data. To associate an AWS KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs . This enables CloudWatch Logs to decrypt this data whenever it is requested. If you attempt to associate a KMS key with the log group but the KMS key doesn’t exist or is deactivated, you will receive an InvalidParameterException error. Log group data is always encrypted in CloudWatch Logs . If you omit this key, the encryption does not use AWS KMS . For more information, see Encrypt log data in CloudWatch Logs using AWS Key Management Service
log_group_class (Optional[str]) – Specifies the log group class for this log group. There are two classes:. - The Standard log class supports all CloudWatch Logs features. - The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs. For details about the features supported by each class, see Log classes Default: - “STANDARD”
log_group_name (Optional[str]) – The name of the log group. If you don’t specify a name, AWS CloudFormation generates a unique ID for the log group.
retention_in_days (Union[int, float, None]) – The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy .
tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – An array of key-value pairs to apply to the log group. For more information, see Tag .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_logs as logs

# data_protection_policy: Any

cfn_log_group_props = logs.CfnLogGroupProps(
    data_protection_policy=data_protection_policy,
    kms_key_id="kmsKeyId",
    log_group_class="logGroupClass",
    log_group_name="logGroupName",
    retention_in_days=123,
    tags=[CfnTag(
        key="key",
        value="value"
    )]
)

Attributes

data_protection_policy

Creates a data protection policy and assigns it to the log group.

A data protection policy can help safeguard sensitive data that’s ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-dataprotectionpolicy

kms_key_id

The Amazon Resource Name (ARN) of the AWS KMS key to use when encrypting log data.

To associate an AWS KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs . This enables CloudWatch Logs to decrypt this data whenever it is requested.

If you attempt to associate a KMS key with the log group but the KMS key doesn’t exist or is deactivated, you will receive an InvalidParameterException error.

Log group data is always encrypted in CloudWatch Logs . If you omit this key, the encryption does not use AWS KMS . For more information, see Encrypt log data in CloudWatch Logs using AWS Key Management Service

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-kmskeyid

log_group_class

.

The Standard log class supports all CloudWatch Logs features.
The Infrequent Access log class supports a subset of CloudWatch Logs features and incurs lower costs.

For details about the features supported by each class, see Log classes

Default: