aws-cdk-lib.aws_logs.DataProtectionPolicyProps

interface DataProtectionPolicyProps

LanguageType name
.NETAmazon.CDK.AWS.Logs.DataProtectionPolicyProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awslogs#DataProtectionPolicyProps
Javasoftware.amazon.awscdk.services.logs.DataProtectionPolicyProps
Pythonaws_cdk.aws_logs.DataProtectionPolicyProps
TypeScript (source)aws-cdk-lib » aws_logs » DataProtectionPolicyProps

Properties for creating a data protection policy.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_logs as logs } from 'aws-cdk-lib';
import { aws_s3 as s3 } from 'aws-cdk-lib';

declare const bucket: s3.Bucket;
declare const dataIdentifier: logs.DataIdentifier;
declare const logGroup: logs.LogGroup;
const dataProtectionPolicyProps: logs.DataProtectionPolicyProps = {
  identifiers: [dataIdentifier],

  // the properties below are optional
  deliveryStreamNameAuditDestination: 'deliveryStreamNameAuditDestination',
  description: 'description',
  logGroupAuditDestination: logGroup,
  name: 'name',
  s3BucketAuditDestination: bucket,
};

Properties

NameTypeDescription
identifiersDataIdentifier[]List of data protection identifiers.
deliveryStreamNameAuditDestination?stringAmazon Kinesis Data Firehose delivery stream to send audit findings to.
description?stringDescription of the data protection policy.
logGroupAuditDestination?ILogGroupCloudWatch Logs log group to send audit findings to.
name?stringName of the data protection policy.
s3BucketAuditDestination?IBucketS3 bucket to send audit findings to.

identifiers

Type: DataIdentifier[]

List of data protection identifiers.

Must be in the following list: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html


deliveryStreamNameAuditDestination?

Type: string (optional, default: no firehose delivery stream audit destination)

Amazon Kinesis Data Firehose delivery stream to send audit findings to.

The delivery stream must already exist.


description?

Type: string (optional, default: 'cdk generated data protection policy')

Description of the data protection policy.


logGroupAuditDestination?

Type: ILogGroup (optional, default: no CloudWatch Logs audit destination)

CloudWatch Logs log group to send audit findings to.

The log group must already exist prior to creating the data protection policy.


name?

Type: string (optional, default: 'data-protection-policy-cdk')

Name of the data protection policy.


s3BucketAuditDestination?

Type: IBucket (optional, default: no S3 bucket audit destination)

S3 bucket to send audit findings to.

The bucket must already exist.