aws-cdk-lib.aws_ecs.ExecuteCommandLogConfiguration

interface ExecuteCommandLogConfiguration

LanguageType name
.NETAmazon.CDK.AWS.ECS.ExecuteCommandLogConfiguration
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsecs#ExecuteCommandLogConfiguration
Javasoftware.amazon.awscdk.services.ecs.ExecuteCommandLogConfiguration
Pythonaws_cdk.aws_ecs.ExecuteCommandLogConfiguration
TypeScript (source)aws-cdk-lib » aws_ecs » ExecuteCommandLogConfiguration

The log configuration for the results of the execute command actions.

The logs can be sent to CloudWatch Logs and/ or an Amazon S3 bucket. For more information, see [ExecuteCommandLogConfiguration] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-cluster-executecommandlogconfiguration.html

Example

declare const vpc: ec2.Vpc;
const kmsKey = new kms.Key(this, 'KmsKey');

// Pass the KMS key in the `encryptionKey` field to associate the key to the log group
const logGroup = new logs.LogGroup(this, 'LogGroup', {
  encryptionKey: kmsKey,
});

// Pass the KMS key in the `encryptionKey` field to associate the key to the S3 bucket
const execBucket = new s3.Bucket(this, 'EcsExecBucket', {
  encryptionKey: kmsKey,
});

const cluster = new ecs.Cluster(this, 'Cluster', {
  vpc,
  executeCommandConfiguration: {
    kmsKey,
    logConfiguration: {
      cloudWatchLogGroup: logGroup,
      cloudWatchEncryptionEnabled: true,
      s3Bucket: execBucket,
      s3EncryptionEnabled: true,
      s3KeyPrefix: 'exec-command-output',
    },
    logging: ecs.ExecuteCommandLogging.OVERRIDE,
  },
});

Properties

NameTypeDescription
cloudWatchEncryptionEnabled?booleanWhether or not to enable encryption on the CloudWatch logs.
cloudWatchLogGroup?ILogGroupThe name of the CloudWatch log group to send logs to.
s3Bucket?IBucketThe name of the S3 bucket to send logs to.
s3EncryptionEnabled?booleanWhether or not to enable encryption on the S3 bucket.
s3KeyPrefix?stringAn optional folder in the S3 bucket to place logs in.

cloudWatchEncryptionEnabled?

Type: boolean (optional, default: encryption will be disabled.)

Whether or not to enable encryption on the CloudWatch logs.


cloudWatchLogGroup?

Type: ILogGroup (optional, default: none)

The name of the CloudWatch log group to send logs to.

The CloudWatch log group must already be created.


s3Bucket?

Type: IBucket (optional, default: none)

The name of the S3 bucket to send logs to.

The S3 bucket must already be created.


s3EncryptionEnabled?

Type: boolean (optional, default: encryption will be disabled.)

Whether or not to enable encryption on the S3 bucket.


s3KeyPrefix?

Type: string (optional, default: none)

An optional folder in the S3 bucket to place logs in.