LogGroupProps

class aws_cdk.aws_logs.LogGroupProps(*, data_protection_policy=None, encryption_key=None, log_group_class=None, log_group_name=None, removal_policy=None, retention=None)

Bases: object

Properties for a LogGroup.

Parameters:

data_protection_policy (Optional[DataProtectionPolicy]) – Data Protection Policy for this log group. Default: - no data protection policy
encryption_key (Optional[IKey]) – The KMS customer managed key to encrypt the log group with. Default: Server-side encryption managed by the CloudWatch Logs service
log_group_class (Optional[LogGroupClass]) – The class of the log group. Possible values are: STANDARD and INFREQUENT_ACCESS. INFREQUENT_ACCESS class provides customers a cost-effective way to consolidate logs which supports querying using Logs Insights. The logGroupClass property cannot be changed once the log group is created. Default: LogGroupClass.STANDARD
log_group_name (Optional[str]) – Name of the log group. Default: Automatically generated
removal_policy (Optional[RemovalPolicy]) – Determine the removal policy of this log group. Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs. Default: RemovalPolicy.Retain
retention (Optional[RetentionDays]) – How long, in days, the log contents will be retained. To retain all logs, set this value to RetentionDays.INFINITE. Default: RetentionDays.TWO_YEARS

ExampleMetadata:

infused

Example:

import aws_cdk.aws_kinesisfirehose_alpha as kinesisfirehose
import aws_cdk.aws_kinesisfirehose_destinations_alpha as destinations


log_group_destination = logs.LogGroup(self, "LogGroupLambdaAudit",
    log_group_name="auditDestinationForCDK"
)

bucket = s3.Bucket(self, "audit-bucket")
s3_destination = destinations.S3Bucket(bucket)

delivery_stream = kinesisfirehose.DeliveryStream(self, "Delivery Stream",
    destination=s3_destination
)

data_protection_policy = logs.DataProtectionPolicy(
    name="data protection policy",
    description="policy description",
    identifiers=[logs.DataIdentifier.DRIVERSLICENSE_US,  # managed data identifier
        logs.DataIdentifier("EmailAddress"),  # forward compatibility for new managed data identifiers
        logs.CustomDataIdentifier("EmployeeId", "EmployeeId-\d{9}")
    ],  # custom data identifier
    log_group_audit_destination=log_group_destination,
    s3_bucket_audit_destination=bucket,
    delivery_stream_name_audit_destination=delivery_stream.delivery_stream_name
)

logs.LogGroup(self, "LogGroupLambda",
    log_group_name="cdkIntegLogGroup",
    data_protection_policy=data_protection_policy
)

Attributes

data_protection_policy

Data Protection Policy for this log group.

Default:

no data protection policy

encryption_key

The KMS customer managed key to encrypt the log group with.

Default:: Server-side encryption managed by the CloudWatch Logs service

log_group_class

STANDARD and INFREQUENT_ACCESS.

INFREQUENT_ACCESS class provides customers a cost-effective way to consolidate logs which supports querying using Logs Insights. The logGroupClass property cannot be changed once the log group is created.

Default:: LogGroupClass.STANDARD
Type:: The class of the log group. Possible values are

log_group_name

Name of the log group.

Default:: Automatically generated

removal_policy

Determine the removal policy of this log group.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

Default:: RemovalPolicy.Retain

retention

How long, in days, the log contents will be retained.

To retain all logs, set this value to RetentionDays.INFINITE.

Default:: RetentionDays.TWO_YEARS