Docs Home
AWS v6.74.0 published on Wednesday, Mar 26, 2025 by Pulumi
aws.cloudwatch.getLogDataProtectionPolicyDocument
Explore with Pulumi AI
Generates a CloudWatch Log Group Data Protection Policy document in JSON format for use with the aws.cloudwatch.LogDataProtectionPolicy resource.
For more information about data protection policies, see the Help protect sensitive log data with masking.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.cloudwatch.getLogDataProtectionPolicyDocument({
name: "Example",
statements: [
{
sid: "Audit",
dataIdentifiers: [
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
],
operation: {
audit: {
findingsDestination: {
cloudwatchLogs: {
logGroup: audit.name,
},
firehose: {
deliveryStream: auditAwsKinesisFirehoseDeliveryStream.name,
},
s3: {
bucket: auditAwsS3Bucket.bucket,
},
},
},
},
},
{
sid: "Deidentify",
dataIdentifiers: [
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
],
operation: {
deidentify: {
maskConfig: {},
},
},
},
],
});
const exampleLogDataProtectionPolicy = new aws.cloudwatch.LogDataProtectionPolicy("example", {
logGroupName: exampleAwsCloudwatchLogGroup.name,
policyDocument: example.then(example => example.json),
});
import pulumi
import pulumi_aws as aws
example = aws.cloudwatch.get_log_data_protection_policy_document(name="Example",
statements=[
{
"sid": "Audit",
"data_identifiers": [
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
],
"operation": {
"audit": {
"findings_destination": {
"cloudwatch_logs": {
"log_group": audit["name"],
},
"firehose": {
"delivery_stream": audit_aws_kinesis_firehose_delivery_stream["name"],
},
"s3": {
"bucket": audit_aws_s3_bucket["bucket"],
},
},
},
},
},
{
"sid": "Deidentify",
"data_identifiers": [
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
],
"operation": {
"deidentify": {
"mask_config": {},
},
},
},
])
example_log_data_protection_policy = aws.cloudwatch.LogDataProtectionPolicy("example",
log_group_name=example_aws_cloudwatch_log_group["name"],
policy_document=example.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := cloudwatch.GetLogDataProtectionPolicyDocument(ctx, &cloudwatch.GetLogDataProtectionPolicyDocumentArgs{
Name: "Example",
Statements: []cloudwatch.GetLogDataProtectionPolicyDocumentStatement{
{
Sid: pulumi.StringRef("Audit"),
DataIdentifiers: []string{
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
},
Operation: {
Audit: {
FindingsDestination: {
CloudwatchLogs: {
LogGroup: audit.Name,
},
Firehose: {
DeliveryStream: auditAwsKinesisFirehoseDeliveryStream.Name,
},
S3: {
Bucket: auditAwsS3Bucket.Bucket,
},
},
},
},
},
{
Sid: pulumi.StringRef("Deidentify"),
DataIdentifiers: []string{
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
},
Operation: {
Deidentify: {
MaskConfig: {},
},
},
},
},
}, nil)
if err != nil {
return err
}
_, err = cloudwatch.NewLogDataProtectionPolicy(ctx, "example", &cloudwatch.LogDataProtectionPolicyArgs{
LogGroupName: pulumi.Any(exampleAwsCloudwatchLogGroup.Name),
PolicyDocument: pulumi.String(example.Json),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.CloudWatch.GetLogDataProtectionPolicyDocument.Invoke(new()
{
Name = "Example",
Statements = new[]
{
new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementInputArgs
{
Sid = "Audit",
DataIdentifiers = new[]
{
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
},
Operation = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationInputArgs
{
Audit = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditInputArgs
{
FindingsDestination = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationInputArgs
{
CloudwatchLogs = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsInputArgs
{
LogGroup = audit.Name,
},
Firehose = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseInputArgs
{
DeliveryStream = auditAwsKinesisFirehoseDeliveryStream.Name,
},
S3 = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3InputArgs
{
Bucket = auditAwsS3Bucket.Bucket,
},
},
},
},
},
new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementInputArgs
{
Sid = "Deidentify",
DataIdentifiers = new[]
{
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US",
},
Operation = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationInputArgs
{
Deidentify = new Aws.CloudWatch.Inputs.GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyInputArgs
{
MaskConfig = null,
},
},
},
},
});
var exampleLogDataProtectionPolicy = new Aws.CloudWatch.LogDataProtectionPolicy("example", new()
{
LogGroupName = exampleAwsCloudwatchLogGroup.Name,
PolicyDocument = example.Apply(getLogDataProtectionPolicyDocumentResult => getLogDataProtectionPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.CloudwatchFunctions;
import com.pulumi.aws.cloudwatch.inputs.GetLogDataProtectionPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogDataProtectionPolicy;
import com.pulumi.aws.cloudwatch.LogDataProtectionPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = CloudwatchFunctions.getLogDataProtectionPolicyDocument(GetLogDataProtectionPolicyDocumentArgs.builder()
.name("Example")
.statements(
GetLogDataProtectionPolicyDocumentStatementArgs.builder()
.sid("Audit")
.dataIdentifiers(
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US")
.operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()
.audit(GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs.builder()
.findingsDestination(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs.builder()
.cloudwatchLogs(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs.builder()
.logGroup(audit.name())
.build())
.firehose(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs.builder()
.deliveryStream(auditAwsKinesisFirehoseDeliveryStream.name())
.build())
.s3(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args.builder()
.bucket(auditAwsS3Bucket.bucket())
.build())
.build())
.build())
.build())
.build(),
GetLogDataProtectionPolicyDocumentStatementArgs.builder()
.sid("Deidentify")
.dataIdentifiers(
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US")
.operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()
.deidentify(GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs.builder()
.maskConfig()
.build())
.build())
.build())
.build());
var exampleLogDataProtectionPolicy = new LogDataProtectionPolicy("exampleLogDataProtectionPolicy", LogDataProtectionPolicyArgs.builder()
.logGroupName(exampleAwsCloudwatchLogGroup.name())
.policyDocument(example.applyValue(getLogDataProtectionPolicyDocumentResult -> getLogDataProtectionPolicyDocumentResult.json()))
.build());
}
}
resources:
exampleLogDataProtectionPolicy:
type: aws:cloudwatch:LogDataProtectionPolicy
name: example
properties:
logGroupName: ${exampleAwsCloudwatchLogGroup.name}
policyDocument: ${example.json}
variables:
example:
fn::invoke:
function: aws:cloudwatch:getLogDataProtectionPolicyDocument
arguments:
name: Example
statements:
- sid: Audit
dataIdentifiers:
- arn:aws:dataprotection::aws:data-identifier/EmailAddress
- arn:aws:dataprotection::aws:data-identifier/DriversLicense-US
operation:
audit:
findingsDestination:
cloudwatchLogs:
logGroup: ${audit.name}
firehose:
deliveryStream: ${auditAwsKinesisFirehoseDeliveryStream.name}
s3:
bucket: ${auditAwsS3Bucket.bucket}
- sid: Deidentify
dataIdentifiers:
- arn:aws:dataprotection::aws:data-identifier/EmailAddress
- arn:aws:dataprotection::aws:data-identifier/DriversLicense-US
operation:
deidentify:
maskConfig: {}
Using getLogDataProtectionPolicyDocument
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getLogDataProtectionPolicyDocument(args: GetLogDataProtectionPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetLogDataProtectionPolicyDocumentResult>
function getLogDataProtectionPolicyDocumentOutput(args: GetLogDataProtectionPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetLogDataProtectionPolicyDocumentResult>def get_log_data_protection_policy_document(configuration: Optional[GetLogDataProtectionPolicyDocumentConfiguration] = None,
description: Optional[str] = None,
name: Optional[str] = None,
statements: Optional[Sequence[GetLogDataProtectionPolicyDocumentStatement]] = None,
version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetLogDataProtectionPolicyDocumentResult
def get_log_data_protection_policy_document_output(configuration: Optional[pulumi.Input[GetLogDataProtectionPolicyDocumentConfigurationArgs]] = None,
description: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
statements: Optional[pulumi.Input[Sequence[pulumi.Input[GetLogDataProtectionPolicyDocumentStatementArgs]]]] = None,
version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetLogDataProtectionPolicyDocumentResult]func GetLogDataProtectionPolicyDocument(ctx *Context, args *GetLogDataProtectionPolicyDocumentArgs, opts ...InvokeOption) (*GetLogDataProtectionPolicyDocumentResult, error)
func GetLogDataProtectionPolicyDocumentOutput(ctx *Context, args *GetLogDataProtectionPolicyDocumentOutputArgs, opts ...InvokeOption) GetLogDataProtectionPolicyDocumentResultOutput> Note: This function is named GetLogDataProtectionPolicyDocument in the Go SDK.
public static class GetLogDataProtectionPolicyDocument
{
public static Task<GetLogDataProtectionPolicyDocumentResult> InvokeAsync(GetLogDataProtectionPolicyDocumentArgs args, InvokeOptions? opts = null)
public static Output<GetLogDataProtectionPolicyDocumentResult> Invoke(GetLogDataProtectionPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetLogDataProtectionPolicyDocumentResult> getLogDataProtectionPolicyDocument(GetLogDataProtectionPolicyDocumentArgs args, InvokeOptions options)
public static Output<GetLogDataProtectionPolicyDocumentResult> getLogDataProtectionPolicyDocument(GetLogDataProtectionPolicyDocumentArgs args, InvokeOptions options)
fn::invoke:
function: aws:cloudwatch/getLogDataProtectionPolicyDocument:getLogDataProtectionPolicyDocument
arguments:
# arguments dictionaryThe following arguments are supported:
- Name
This property is required. string - The name of the data protection policy document.
- Statements
This property is required. List<GetLog Data Protection Policy Document Statement> Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation.The following arguments are optional:
- Configuration
Get
Log Data Protection Policy Document Configuration - Description string
- Version string
- Name
This property is required. string - The name of the data protection policy document.
- Statements
This property is required. []GetLog Data Protection Policy Document Statement Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation.The following arguments are optional:
- Configuration
Get
Log Data Protection Policy Document Configuration - Description string
- Version string
- name
This property is required. String - The name of the data protection policy document.
- statements
This property is required. List<GetLog Data Protection Policy Document Statement> Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation.The following arguments are optional:
- configuration
Get
Log Data Protection Policy Document Configuration - description String
- version String
- name
This property is required. string - The name of the data protection policy document.
- statements
This property is required. GetLog Data Protection Policy Document Statement[] Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation.The following arguments are optional:
- configuration
Get
Log Data Protection Policy Document Configuration - description string
- version string
- name
This property is required. str - The name of the data protection policy document.
- statements
This property is required. Sequence[GetLog Data Protection Policy Document Statement] Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation.The following arguments are optional:
- configuration
Get
Log Data Protection Policy Document Configuration - description str
- version str
- name
This property is required. String - The name of the data protection policy document.
- statements
This property is required. List<Property Map> Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation.The following arguments are optional:
- configuration Property Map
- description String
- version String
getLogDataProtectionPolicyDocument Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- Standard JSON policy document rendered based on the arguments above.
- Name string
- Statements
List<Get
Log Data Protection Policy Document Statement> - Configuration
Get
Log Data Protection Policy Document Configuration - Description string
- Version string
- Id string
- The provider-assigned unique ID for this managed resource.
- Json string
- Standard JSON policy document rendered based on the arguments above.
- Name string
- Statements
[]Get
Log Data Protection Policy Document Statement - Configuration
Get
Log Data Protection Policy Document Configuration - Description string
- Version string
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- Standard JSON policy document rendered based on the arguments above.
- name String
- statements
List<Get
Log Data Protection Policy Document Statement> - configuration
Get
Log Data Protection Policy Document Configuration - description String
- version String
- id string
- The provider-assigned unique ID for this managed resource.
- json string
- Standard JSON policy document rendered based on the arguments above.
- name string
- statements
Get
Log Data Protection Policy Document Statement[] - configuration
Get
Log Data Protection Policy Document Configuration - description string
- version string
- id str
- The provider-assigned unique ID for this managed resource.
- json str
- Standard JSON policy document rendered based on the arguments above.
- name str
- statements
Sequence[Get
Log Data Protection Policy Document Statement] - configuration
Get
Log Data Protection Policy Document Configuration - description str
- version str
- id String
- The provider-assigned unique ID for this managed resource.
- json String
- Standard JSON policy document rendered based on the arguments above.
- name String
- statements List<Property Map>
- configuration Property Map
- description String
- version String
Supporting Types
GetLogDataProtectionPolicyDocumentConfiguration
- Custom
Data List<GetIdentifiers Log Data Protection Policy Document Configuration Custom Data Identifier> - Configures custom regular expressions to detect sensitive data. Read more in Custom data identifiers.
- Custom
Data []GetIdentifiers Log Data Protection Policy Document Configuration Custom Data Identifier - Configures custom regular expressions to detect sensitive data. Read more in Custom data identifiers.
- custom
Data List<GetIdentifiers Log Data Protection Policy Document Configuration Custom Data Identifier> - Configures custom regular expressions to detect sensitive data. Read more in Custom data identifiers.
- custom
Data GetIdentifiers Log Data Protection Policy Document Configuration Custom Data Identifier[] - Configures custom regular expressions to detect sensitive data. Read more in Custom data identifiers.
- custom_
data_ Sequence[Getidentifiers Log Data Protection Policy Document Configuration Custom Data Identifier] - Configures custom regular expressions to detect sensitive data. Read more in Custom data identifiers.
- custom
Data List<Property Map>Identifiers - Configures custom regular expressions to detect sensitive data. Read more in Custom data identifiers.
GetLogDataProtectionPolicyDocumentConfigurationCustomDataIdentifier
GetLogDataProtectionPolicyDocumentStatement
- Data
Identifiers This property is required. List<string> - Set of at least 1 sensitive data identifiers that you want to mask. Read more in Types of data that you can protect.
- Operation
This property is required. GetLog Data Protection Policy Document Statement Operation - Configures the data protection operation applied by this statement.
- Sid string
- Name of this statement.
- Data
Identifiers This property is required. []string - Set of at least 1 sensitive data identifiers that you want to mask. Read more in Types of data that you can protect.
- Operation
This property is required. GetLog Data Protection Policy Document Statement Operation - Configures the data protection operation applied by this statement.
- Sid string
- Name of this statement.
- data
Identifiers This property is required. List<String> - Set of at least 1 sensitive data identifiers that you want to mask. Read more in Types of data that you can protect.
- operation
This property is required. GetLog Data Protection Policy Document Statement Operation - Configures the data protection operation applied by this statement.
- sid String
- Name of this statement.
- data
Identifiers This property is required. string[] - Set of at least 1 sensitive data identifiers that you want to mask. Read more in Types of data that you can protect.
- operation
This property is required. GetLog Data Protection Policy Document Statement Operation - Configures the data protection operation applied by this statement.
- sid string
- Name of this statement.
- data_
identifiers This property is required. Sequence[str] - Set of at least 1 sensitive data identifiers that you want to mask. Read more in Types of data that you can protect.
- operation
This property is required. GetLog Data Protection Policy Document Statement Operation - Configures the data protection operation applied by this statement.
- sid str
- Name of this statement.
- data
Identifiers This property is required. List<String> - Set of at least 1 sensitive data identifiers that you want to mask. Read more in Types of data that you can protect.
- operation
This property is required. Property Map - Configures the data protection operation applied by this statement.
- sid String
- Name of this statement.
GetLogDataProtectionPolicyDocumentStatementOperation
- Audit
Get
Log Data Protection Policy Document Statement Operation Audit - Configures the detection of sensitive data.
- Deidentify
Get
Log Data Protection Policy Document Statement Operation Deidentify Configures the masking of sensitive data.
Every policy statement must specify exactly one operation.
- Audit
Get
Log Data Protection Policy Document Statement Operation Audit - Configures the detection of sensitive data.
- Deidentify
Get
Log Data Protection Policy Document Statement Operation Deidentify Configures the masking of sensitive data.
Every policy statement must specify exactly one operation.
- audit
Get
Log Data Protection Policy Document Statement Operation Audit - Configures the detection of sensitive data.
- deidentify
Get
Log Data Protection Policy Document Statement Operation Deidentify Configures the masking of sensitive data.
Every policy statement must specify exactly one operation.
- audit
Get
Log Data Protection Policy Document Statement Operation Audit - Configures the detection of sensitive data.
- deidentify
Get
Log Data Protection Policy Document Statement Operation Deidentify Configures the masking of sensitive data.
Every policy statement must specify exactly one operation.
- audit
Get
Log Data Protection Policy Document Statement Operation Audit - Configures the detection of sensitive data.
- deidentify
Get
Log Data Protection Policy Document Statement Operation Deidentify Configures the masking of sensitive data.
Every policy statement must specify exactly one operation.
- audit Property Map
- Configures the detection of sensitive data.
- deidentify Property Map
Configures the masking of sensitive data.
Every policy statement must specify exactly one operation.
GetLogDataProtectionPolicyDocumentStatementOperationAudit
- Findings
Destination This property is required. GetLog Data Protection Policy Document Statement Operation Audit Findings Destination - Configures destinations to send audit findings to.
- Findings
Destination This property is required. GetLog Data Protection Policy Document Statement Operation Audit Findings Destination - Configures destinations to send audit findings to.
- findings
Destination This property is required. GetLog Data Protection Policy Document Statement Operation Audit Findings Destination - Configures destinations to send audit findings to.
- findings
Destination This property is required. GetLog Data Protection Policy Document Statement Operation Audit Findings Destination - Configures destinations to send audit findings to.
- findings_
destination This property is required. GetLog Data Protection Policy Document Statement Operation Audit Findings Destination - Configures destinations to send audit findings to.
- findings
Destination This property is required. Property Map - Configures destinations to send audit findings to.
GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestination
- Cloudwatch
Logs GetLog Data Protection Policy Document Statement Operation Audit Findings Destination Cloudwatch Logs - Configures CloudWatch Logs as a findings destination.
- Firehose
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination Firehose - Configures Kinesis Firehose as a findings destination.
- S3
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination S3 - Configures S3 as a findings destination.
- Cloudwatch
Logs GetLog Data Protection Policy Document Statement Operation Audit Findings Destination Cloudwatch Logs - Configures CloudWatch Logs as a findings destination.
- Firehose
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination Firehose - Configures Kinesis Firehose as a findings destination.
- S3
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination S3 - Configures S3 as a findings destination.
- cloudwatch
Logs GetLog Data Protection Policy Document Statement Operation Audit Findings Destination Cloudwatch Logs - Configures CloudWatch Logs as a findings destination.
- firehose
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination Firehose - Configures Kinesis Firehose as a findings destination.
- s3
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination S3 - Configures S3 as a findings destination.
- cloudwatch
Logs GetLog Data Protection Policy Document Statement Operation Audit Findings Destination Cloudwatch Logs - Configures CloudWatch Logs as a findings destination.
- firehose
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination Firehose - Configures Kinesis Firehose as a findings destination.
- s3
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination S3 - Configures S3 as a findings destination.
- cloudwatch_
logs GetLog Data Protection Policy Document Statement Operation Audit Findings Destination Cloudwatch Logs - Configures CloudWatch Logs as a findings destination.
- firehose
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination Firehose - Configures Kinesis Firehose as a findings destination.
- s3
Get
Log Data Protection Policy Document Statement Operation Audit Findings Destination S3 - Configures S3 as a findings destination.
- cloudwatch
Logs Property Map - Configures CloudWatch Logs as a findings destination.
- firehose Property Map
- Configures Kinesis Firehose as a findings destination.
- s3 Property Map
- Configures S3 as a findings destination.
GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogs
- Log
Group This property is required. string - Name of the CloudWatch Log Group to send findings to.
- Log
Group This property is required. string - Name of the CloudWatch Log Group to send findings to.
- log
Group This property is required. String - Name of the CloudWatch Log Group to send findings to.
- log
Group This property is required. string - Name of the CloudWatch Log Group to send findings to.
- log_
group This property is required. str - Name of the CloudWatch Log Group to send findings to.
- log
Group This property is required. String - Name of the CloudWatch Log Group to send findings to.
GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehose
- Delivery
Stream This property is required. string - Name of the Kinesis Firehose Delivery Stream to send findings to.
- Delivery
Stream This property is required. string - Name of the Kinesis Firehose Delivery Stream to send findings to.
- delivery
Stream This property is required. String - Name of the Kinesis Firehose Delivery Stream to send findings to.
- delivery
Stream This property is required. string - Name of the Kinesis Firehose Delivery Stream to send findings to.
- delivery_
stream This property is required. str - Name of the Kinesis Firehose Delivery Stream to send findings to.
- delivery
Stream This property is required. String - Name of the Kinesis Firehose Delivery Stream to send findings to.
GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3
- Bucket
This property is required. string - Name of the S3 Bucket to send findings to.
- Bucket
This property is required. string - Name of the S3 Bucket to send findings to.
- bucket
This property is required. String - Name of the S3 Bucket to send findings to.
- bucket
This property is required. string - Name of the S3 Bucket to send findings to.
- bucket
This property is required. str - Name of the S3 Bucket to send findings to.
- bucket
This property is required. String - Name of the S3 Bucket to send findings to.
GetLogDataProtectionPolicyDocumentStatementOperationDeidentify
- Mask
Config This property is required. GetLog Data Protection Policy Document Statement Operation Deidentify Mask Config - An empty object that configures masking.
- Mask
Config This property is required. GetLog Data Protection Policy Document Statement Operation Deidentify Mask Config - An empty object that configures masking.
- mask
Config This property is required. GetLog Data Protection Policy Document Statement Operation Deidentify Mask Config - An empty object that configures masking.
- mask
Config This property is required. GetLog Data Protection Policy Document Statement Operation Deidentify Mask Config - An empty object that configures masking.
- mask_
config This property is required. GetLog Data Protection Policy Document Statement Operation Deidentify Mask Config - An empty object that configures masking.
- mask
Config This property is required. Property Map - An empty object that configures masking.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.