aws-cdk-lib.aws_cloudtrail.CfnTrail

class CfnTrail (construct)

LanguageType name
.NETAmazon.CDK.AWS.CloudTrail.CfnTrail
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscloudtrail#CfnTrail
Javasoftware.amazon.awscdk.services.cloudtrail.CfnTrail
Pythonaws_cdk.aws_cloudtrail.CfnTrail
TypeScript aws-cdk-lib » aws_cloudtrail » CfnTrail

Implements IConstruct, IDependable, IInspectable

A CloudFormation AWS::CloudTrail::Trail.

Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_cloudtrail as cloudtrail } from 'aws-cdk-lib';
const cfnTrail = new cloudtrail.CfnTrail(this, 'MyCfnTrail', {
  isLogging: false,
  s3BucketName: 's3BucketName',

  // the properties below are optional
  advancedEventSelectors: [{
    fieldSelectors: [{
      field: 'field',

      // the properties below are optional
      endsWith: ['endsWith'],
      equalTo: ['equalTo'],
      notEndsWith: ['notEndsWith'],
      notEquals: ['notEquals'],
      notStartsWith: ['notStartsWith'],
      startsWith: ['startsWith'],
    }],

    // the properties below are optional
    name: 'name',
  }],
  cloudWatchLogsLogGroupArn: 'cloudWatchLogsLogGroupArn',
  cloudWatchLogsRoleArn: 'cloudWatchLogsRoleArn',
  enableLogFileValidation: false,
  eventSelectors: [{
    dataResources: [{
      type: 'type',

      // the properties below are optional
      values: ['values'],
    }],
    excludeManagementEventSources: ['excludeManagementEventSources'],
    includeManagementEvents: false,
    readWriteType: 'readWriteType',
  }],
  includeGlobalServiceEvents: false,
  insightSelectors: [{
    insightType: 'insightType',
  }],
  isMultiRegionTrail: false,
  isOrganizationTrail: false,
  kmsKeyId: 'kmsKeyId',
  s3KeyPrefix: 's3KeyPrefix',
  snsTopicName: 'snsTopicName',
  tags: [{
    key: 'key',
    value: 'value',
  }],
  trailName: 'trailName',
});

Initializer

new CfnTrail(scope: Construct, id: string, props: CfnTrailProps)

Parameters

  • scope Construct — - scope in which this resource is defined.
  • id string — - scoped id of the resource.
  • props CfnTrailProps — - resource properties.

Create a new AWS::CloudTrail::Trail.

Construct Props

NameTypeDescription
isLoggingboolean | IResolvableWhether the CloudTrail trail is currently logging AWS API calls.
s3BucketNamestringSpecifies the name of the Amazon S3 bucket designated for publishing log files.
advancedEventSelectors?IResolvable | IResolvable | AdvancedEventSelectorProperty[]Specifies the settings for advanced event selectors.
cloudWatchLogsLogGroupArn?stringSpecifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered.
cloudWatchLogsRoleArn?stringSpecifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
enableLogFileValidation?boolean | IResolvableSpecifies whether log file validation is enabled. The default is false.
eventSelectors?IResolvable | IResolvable | EventSelectorProperty[]Use event selectors to further specify the management and data event settings for your trail.
includeGlobalServiceEvents?boolean | IResolvableSpecifies whether the trail is publishing events from global services such as IAM to the log files.
insightSelectors?IResolvable | IResolvable | InsightSelectorProperty[]A JSON string that contains the insight types you want to log on a trail.
isMultiRegionTrail?boolean | IResolvableSpecifies whether the trail applies only to the current Region or to all Regions.
isOrganizationTrail?boolean | IResolvableSpecifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .
kmsKeyId?stringSpecifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail.
s3KeyPrefix?stringSpecifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.
snsTopicName?stringSpecifies the name of the Amazon SNS topic defined for notification of log file delivery.
tags?CfnTag[]A custom set of tags (key-value pairs) for this trail.
trailName?stringSpecifies the name of the trail. The name must meet the following requirements:.

isLogging

Type: boolean | IResolvable

Whether the CloudTrail trail is currently logging AWS API calls.


s3BucketName

Type: string

Specifies the name of the Amazon S3 bucket designated for publishing log files.

See Amazon S3 Bucket Naming Requirements .


advancedEventSelectors?

Type: IResolvable | IResolvable | AdvancedEventSelectorProperty[] (optional)

Specifies the settings for advanced event selectors.

You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors , but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events in the AWS CloudTrail User Guide .


cloudWatchLogsLogGroupArn?

Type: string (optional)

Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered.

You must use a log group that exists in your account.

Not required unless you specify CloudWatchLogsRoleArn .


cloudWatchLogsRoleArn?

Type: string (optional)

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

You must use a role that exists in your account.


enableLogFileValidation?

Type: boolean | IResolvable (optional)

Specifies whether log file validation is enabled. The default is false.

When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.


eventSelectors?

Type: IResolvable | IResolvable | EventSelectorProperty[] (optional)

Use event selectors to further specify the management and data event settings for your trail.

By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

You can configure up to five event selectors for a trail.

For more information about how to configure event selectors, see Examples and Configuring event selectors in the AWS CloudTrail User Guide .


includeGlobalServiceEvents?

Type: boolean | IResolvable (optional)

Specifies whether the trail is publishing events from global services such as IAM to the log files.


insightSelectors?

Type: IResolvable | IResolvable | InsightSelectorProperty[] (optional)

A JSON string that contains the insight types you want to log on a trail.

ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.

The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.

The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.


isMultiRegionTrail?

Type: boolean | IResolvable (optional)

Specifies whether the trail applies only to the current Region or to all Regions.

The default is false. If the trail exists only in the current Region and this value is set to true, shadow trails (replications of the trail) will be created in the other Regions. If the trail exists in all Regions and this value is set to false, the trail will remain in the Region where it was created, and its shadow trails in other Regions will be deleted. As a best practice, consider using trails that log events in all Regions.


isOrganizationTrail?

Type: boolean | IResolvable (optional)

Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .

The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the management account or delegated administrator account for an organization in AWS Organizations . If the trail is not an organization trail and this is set to true , the trail will be created in all AWS accounts that belong to the organization. If the trail is an organization trail and this is set to false , the trail will remain in the current AWS account but be deleted from all member accounts in the organization.


kmsKeyId?

Type: string (optional)

Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail.

The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.

CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the AWS Key Management Service Developer Guide .

Examples:

  • alias/MyAliasName
  • arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
  • arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
  • 12345678-1234-1234-1234-123456789012

s3KeyPrefix?

Type: string (optional)

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.

For more information, see Finding Your CloudTrail Log Files . The maximum length is 200 characters.


snsTopicName?

Type: string (optional)

Specifies the name of the Amazon SNS topic defined for notification of log file delivery.

The maximum length is 256 characters.


tags?

Type: CfnTag[] (optional)

A custom set of tags (key-value pairs) for this trail.


trailName?

Type: string (optional)

Specifies the name of the trail. The name must meet the following requirements:.

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
  • Start with a letter or number, and end with a letter or number
  • Be between 3 and 128 characters
  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.
  • Not be in IP address format (for example, 192.168.5.4)

Properties

NameTypeDescription
attrArnstringRef returns the ARN of the CloudTrail trail, such as arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail .
attrSnsTopicArnstringRef returns the ARN of the Amazon SNS topic that's associated with the CloudTrail trail, such as arn:aws:sns:us-east-2:123456789012:mySNSTopic .
cfnOptionsICfnResourceOptionsOptions for this resource, such as condition, update policy etc.
cfnProperties{ [string]: any }
cfnResourceTypestringAWS resource type.
creationStackstring[]
isLoggingboolean | IResolvableWhether the CloudTrail trail is currently logging AWS API calls.
logicalIdstringThe logical ID for this CloudFormation stack element.
nodeNodeThe tree node.
refstringReturn a string that will be resolved to a CloudFormation { Ref } for this element.
s3BucketNamestringSpecifies the name of the Amazon S3 bucket designated for publishing log files.
stackStackThe stack in which this element is defined.
tagsTagManagerA custom set of tags (key-value pairs) for this trail.
advancedEventSelectors?IResolvable | IResolvable | AdvancedEventSelectorProperty[]Specifies the settings for advanced event selectors.
cloudWatchLogsLogGroupArn?stringSpecifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered.
cloudWatchLogsRoleArn?stringSpecifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.
enableLogFileValidation?boolean | IResolvableSpecifies whether log file validation is enabled. The default is false.
eventSelectors?IResolvable | IResolvable | EventSelectorProperty[]Use event selectors to further specify the management and data event settings for your trail.
includeGlobalServiceEvents?boolean | IResolvableSpecifies whether the trail is publishing events from global services such as IAM to the log files.
insightSelectors?IResolvable | IResolvable | InsightSelectorProperty[]A JSON string that contains the insight types you want to log on a trail.
isMultiRegionTrail?boolean | IResolvableSpecifies whether the trail applies only to the current Region or to all Regions.
isOrganizationTrail?boolean | IResolvableSpecifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .
kmsKeyId?stringSpecifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail.
s3KeyPrefix?stringSpecifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.
snsTopicName?stringSpecifies the name of the Amazon SNS topic defined for notification of log file delivery.
trailName?stringSpecifies the name of the trail. The name must meet the following requirements:.
static CFN_RESOURCE_TYPE_NAMEstringThe CloudFormation resource type name for this resource class.

attrArn

Type: string

Ref returns the ARN of the CloudTrail trail, such as arn:aws:cloudtrail:us-east-2:123456789012:trail/myCloudTrail .


attrSnsTopicArn

Type: string

Ref returns the ARN of the Amazon SNS topic that's associated with the CloudTrail trail, such as arn:aws:sns:us-east-2:123456789012:mySNSTopic .


cfnOptions

Type: ICfnResourceOptions

Options for this resource, such as condition, update policy etc.


cfnProperties

Type: { [string]: any }


cfnResourceType

Type: string

AWS resource type.


creationStack

Type: string[]


isLogging

Type: boolean | IResolvable

Whether the CloudTrail trail is currently logging AWS API calls.


logicalId

Type: string

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).


node

Type: Node

The tree node.


ref

Type: string

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).


s3BucketName

Type: string

Specifies the name of the Amazon S3 bucket designated for publishing log files.

See Amazon S3 Bucket Naming Requirements .


stack

Type: Stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).


tags

Type: TagManager

A custom set of tags (key-value pairs) for this trail.


advancedEventSelectors?

Type: IResolvable | IResolvable | AdvancedEventSelectorProperty[] (optional)

Specifies the settings for advanced event selectors.

You can add advanced event selectors, and conditions for your advanced event selectors, up to a maximum of 500 values for all conditions and selectors on a trail. You can use either AdvancedEventSelectors or EventSelectors , but not both. If you apply AdvancedEventSelectors to a trail, any existing EventSelectors are overwritten. For more information about advanced event selectors, see Logging data events in the AWS CloudTrail User Guide .


cloudWatchLogsLogGroupArn?

Type: string (optional)

Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs are delivered.

You must use a log group that exists in your account.

Not required unless you specify CloudWatchLogsRoleArn .


cloudWatchLogsRoleArn?

Type: string (optional)

Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group.

You must use a role that exists in your account.


enableLogFileValidation?

Type: boolean | IResolvable (optional)

Specifies whether log file validation is enabled. The default is false.

When you disable log file integrity validation, the chain of digest files is broken after one hour. CloudTrail does not create digest files for log files that were delivered during a period in which log file integrity validation was disabled. For example, if you enable log file integrity validation at noon on January 1, disable it at noon on January 2, and re-enable it at noon on January 10, digest files will not be created for the log files delivered from noon on January 2 to noon on January 10. The same applies whenever you stop CloudTrail logging or delete a trail.


eventSelectors?

Type: IResolvable | IResolvable | EventSelectorProperty[] (optional)

Use event selectors to further specify the management and data event settings for your trail.

By default, trails created without specific event selectors will be configured to log all read and write management events, and no data events. When an event occurs in your account, CloudTrail evaluates the event selector for all trails. For each trail, if the event matches any event selector, the trail processes and logs the event. If the event doesn't match any event selector, the trail doesn't log the event.

You can configure up to five event selectors for a trail.

For more information about how to configure event selectors, see Examples and Configuring event selectors in the AWS CloudTrail User Guide .


includeGlobalServiceEvents?

Type: boolean | IResolvable (optional)

Specifies whether the trail is publishing events from global services such as IAM to the log files.


insightSelectors?

Type: IResolvable | IResolvable | InsightSelectorProperty[] (optional)

A JSON string that contains the insight types you want to log on a trail.

ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.

The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.

The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.


isMultiRegionTrail?

Type: boolean | IResolvable (optional)

Specifies whether the trail applies only to the current Region or to all Regions.

The default is false. If the trail exists only in the current Region and this value is set to true, shadow trails (replications of the trail) will be created in the other Regions. If the trail exists in all Regions and this value is set to false, the trail will remain in the Region where it was created, and its shadow trails in other Regions will be deleted. As a best practice, consider using trails that log events in all Regions.


isOrganizationTrail?

Type: boolean | IResolvable (optional)

Specifies whether the trail is applied to all accounts in an organization in AWS Organizations , or only for the current AWS account .

The default is false, and cannot be true unless the call is made on behalf of an AWS account that is the management account or delegated administrator account for an organization in AWS Organizations . If the trail is not an organization trail and this is set to true , the trail will be created in all AWS accounts that belong to the organization. If the trail is an organization trail and this is set to false , the trail will remain in the current AWS account but be deleted from all member accounts in the organization.


kmsKeyId?

Type: string (optional)

Specifies the AWS KMS key ID to use to encrypt the logs delivered by CloudTrail.

The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.

CloudTrail also supports AWS KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the AWS Key Management Service Developer Guide .

Examples:

  • alias/MyAliasName
  • arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
  • arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
  • 12345678-1234-1234-1234-123456789012

s3KeyPrefix?

Type: string (optional)

Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery.

For more information, see Finding Your CloudTrail Log Files . The maximum length is 200 characters.


snsTopicName?

Type: string (optional)

Specifies the name of the Amazon SNS topic defined for notification of log file delivery.

The maximum length is 256 characters.


trailName?

Type: string (optional)

Specifies the name of the trail. The name must meet the following requirements:.

  • Contain only ASCII letters (a-z, A-Z), numbers (0-9), periods (.), underscores (_), or dashes (-)
  • Start with a letter or number, and end with a letter or number
  • Be between 3 and 128 characters
  • Have no adjacent periods, underscores or dashes. Names like my-_namespace and my--namespace are not valid.
  • Not be in IP address format (for example, 192.168.5.4)

static CFN_RESOURCE_TYPE_NAME

Type: string

The CloudFormation resource type name for this resource class.

Methods

NameDescription
addDeletionOverride(path)Syntactic sugar for addOverride(path, undefined).
addDependency(target)Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
addDependsOn(target)⚠️Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
addMetadata(key, value)Add a value to the CloudFormation Resource Metadata.
addOverride(path, value)Adds an override to the synthesized CloudFormation resource.
addPropertyDeletionOverride(propertyPath)Adds an override that deletes the value of a property from the resource definition.
addPropertyOverride(propertyPath, value)Adds an override to a resource property.
applyRemovalPolicy(policy?, options?)Sets the deletion policy of the resource based on the removal policy specified.
getAtt(attributeName, typeHint?)Returns a token for an runtime attribute of this resource.
getMetadata(key)Retrieve a value value from the CloudFormation Resource Metadata.
inspect(inspector)Examines the CloudFormation resource and discloses attributes.
obtainDependencies()Retrieves an array of resources this resource depends on.
obtainResourceDependencies()Get a shallow copy of dependencies between this resource and other resources in the same stack.
overrideLogicalId(newLogicalId)Overrides the auto-generated logical ID with a specific ID.
removeDependency(target)Indicates that this resource no longer depends on another resource.
replaceDependency(target, newTarget)Replaces one dependency with another.
toString()Returns a string representation of this construct.
protected renderProperties(props)

addDeletionOverride(path)

public addDeletionOverride(path: string): void

Parameters

  • path string — The path of the value to delete.

Syntactic sugar for addOverride(path, undefined).


addDependency(target)

public addDependency(target: CfnResource): void

Parameters

  • target CfnResource

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.


addDependsOn(target)⚠️

public addDependsOn(target: CfnResource): void

⚠️ Deprecated: use addDependency

Parameters

  • target CfnResource

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.


addMetadata(key, value)

public addMetadata(key: string, value: any): void

Parameters

  • key string
  • value any

Add a value to the CloudFormation Resource Metadata.

See also: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.)


addOverride(path, value)

public addOverride(path: string, value: any): void

Parameters

  • path string — - The path of the property, you can use dot notation to override values in complex types.
  • value any — - The value.

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with "Properties." (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example,

cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');

would add the overrides

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.


addPropertyDeletionOverride(propertyPath)

public addPropertyDeletionOverride(propertyPath: string): void

Parameters

  • propertyPath string — The path to the property.

Adds an override that deletes the value of a property from the resource definition.


addPropertyOverride(propertyPath, value)

public addPropertyOverride(propertyPath: string, value: any): void

Parameters

  • propertyPath string — The path of the property.
  • value any — The value.

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).


applyRemovalPolicy(policy?, options?)

public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void

Parameters

  • policy RemovalPolicy
  • options RemovalPolicyOptions

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options


getAtt(attributeName, typeHint?)

public getAtt(attributeName: string, typeHint?: ResolutionTypeHint): Reference

Parameters

  • attributeName string — The name of the attribute.
  • typeHint ResolutionTypeHint

Returns

  • Reference

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.


getMetadata(key)

public getMetadata(key: string): any

Parameters

  • key string

Returns

  • any

Retrieve a value value from the CloudFormation Resource Metadata.

See also: [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.)


inspect(inspector)

public inspect(inspector: TreeInspector): void

Parameters

  • inspector TreeInspector — - tree inspector to collect and process attributes.

Examines the CloudFormation resource and discloses attributes.


obtainDependencies()

public obtainDependencies(): Stack &#124; CfnResource[]

Returns

  • Stack | CfnResource[]

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.


obtainResourceDependencies()

public obtainResourceDependencies(): CfnResource[]

Returns

  • CfnResource[]

Get a shallow copy of dependencies between this resource and other resources in the same stack.


overrideLogicalId(newLogicalId)

public overrideLogicalId(newLogicalId: string): void

Parameters

  • newLogicalId string — The new logical ID to use for this stack element.

Overrides the auto-generated logical ID with a specific ID.


removeDependency(target)

public removeDependency(target: CfnResource): void

Parameters

  • target CfnResource

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.


replaceDependency(target, newTarget)

public replaceDependency(target: CfnResource, newTarget: CfnResource): void

Parameters

  • target CfnResource — The dependency to replace.
  • newTarget CfnResource — The new dependency to add.

Replaces one dependency with another.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


protected renderProperties(props)

protected renderProperties(props: { [string]: any }): { [string]: any }

Parameters

  • props { [string]: any }

Returns

  • { [string]: any }