We recommend new projects start with resources from the AWS provider.
aws-native.logs.AccountPolicy
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::Logs::AccountPolicy resource specifies a CloudWatch Logs AccountPolicy.
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var accountPolicy = new AwsNative.Logs.AccountPolicy("accountPolicy", new()
{
PolicyName = "TestPolicy",
PolicyDocument = "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
PolicyType = AwsNative.Logs.AccountPolicyPolicyType.DataProtectionPolicy,
Scope = AwsNative.Logs.AccountPolicyScope.All,
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/logs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logs.NewAccountPolicy(ctx, "accountPolicy", &logs.AccountPolicyArgs{
PolicyName: pulumi.String("TestPolicy"),
PolicyDocument: pulumi.String("{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }"),
PolicyType: logs.AccountPolicyPolicyTypeDataProtectionPolicy,
Scope: logs.AccountPolicyScopeAll,
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
account_policy = aws_native.logs.AccountPolicy("accountPolicy",
policy_name="TestPolicy",
policy_document="{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policy_type=aws_native.logs.AccountPolicyPolicyType.DATA_PROTECTION_POLICY,
scope=aws_native.logs.AccountPolicyScope.ALL)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const accountPolicy = new aws_native.logs.AccountPolicy("accountPolicy", {
policyName: "TestPolicy",
policyDocument: "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policyType: aws_native.logs.AccountPolicyPolicyType.DataProtectionPolicy,
scope: aws_native.logs.AccountPolicyScope.All,
});
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var accountPolicy = new AwsNative.Logs.AccountPolicy("accountPolicy", new()
{
PolicyName = "TestPolicy",
PolicyDocument = "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
PolicyType = AwsNative.Logs.AccountPolicyPolicyType.DataProtectionPolicy,
Scope = AwsNative.Logs.AccountPolicyScope.All,
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/logs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logs.NewAccountPolicy(ctx, "accountPolicy", &logs.AccountPolicyArgs{
PolicyName: pulumi.String("TestPolicy"),
PolicyDocument: pulumi.String("{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }"),
PolicyType: logs.AccountPolicyPolicyTypeDataProtectionPolicy,
Scope: logs.AccountPolicyScopeAll,
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
account_policy = aws_native.logs.AccountPolicy("accountPolicy",
policy_name="TestPolicy",
policy_document="{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policy_type=aws_native.logs.AccountPolicyPolicyType.DATA_PROTECTION_POLICY,
scope=aws_native.logs.AccountPolicyScope.ALL)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const accountPolicy = new aws_native.logs.AccountPolicy("accountPolicy", {
policyName: "TestPolicy",
policyDocument: "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policyType: aws_native.logs.AccountPolicyPolicyType.DataProtectionPolicy,
scope: aws_native.logs.AccountPolicyScope.All,
});
Coming soon!
Create AccountPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccountPolicy(name: string, args: AccountPolicyArgs, opts?: CustomResourceOptions);
@overload
def AccountPolicy(resource_name: str,
args: AccountPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccountPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_document: Optional[str] = None,
policy_type: Optional[AccountPolicyPolicyType] = None,
policy_name: Optional[str] = None,
scope: Optional[AccountPolicyScope] = None,
selection_criteria: Optional[str] = None)
func NewAccountPolicy(ctx *Context, name string, args AccountPolicyArgs, opts ...ResourceOption) (*AccountPolicy, error)
public AccountPolicy(string name, AccountPolicyArgs args, CustomResourceOptions? opts = null)
public AccountPolicy(String name, AccountPolicyArgs args)
public AccountPolicy(String name, AccountPolicyArgs args, CustomResourceOptions options)
type: aws-native:logs:AccountPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccountPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccountPolicy resource accepts the following input properties:
- Policy
Document string The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- Policy
Type Pulumi.Aws Native. Logs. Account Policy Policy Type - Type of the policy.
- Policy
Name string - The name of the account policy
- Scope
Pulumi.
Aws Native. Logs. Account Policy Scope - Scope for policy application
- Selection
Criteria string - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- Policy
Document string The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- Policy
Type AccountPolicy Policy Type - Type of the policy.
- Policy
Name string - The name of the account policy
- Scope
Account
Policy Scope - Scope for policy application
- Selection
Criteria string - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy
Document String The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy
Type AccountPolicy Policy Type - Type of the policy.
- policy
Name String - The name of the account policy
- scope
Account
Policy Scope - Scope for policy application
- selection
Criteria String - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy
Document string The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy
Type AccountPolicy Policy Type - Type of the policy.
- policy
Name string - The name of the account policy
- scope
Account
Policy Scope - Scope for policy application
- selection
Criteria string - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy_
document str The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy_
type AccountPolicy Policy Type - Type of the policy.
- policy_
name str - The name of the account policy
- scope
Account
Policy Scope - Scope for policy application
- selection_
criteria str - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy
Document String The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy
Type "DATA_PROTECTION_POLICY" | "SUBSCRIPTION_FILTER_POLICY" - Type of the policy.
- policy
Name String - The name of the account policy
- scope "ALL"
- Scope for policy application
- selection
Criteria String - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountPolicy resource produces the following output properties:
- account_
id str - User account id
- id str
- The provider-assigned unique ID for this managed resource.
Supporting Types
AccountPolicyPolicyType, AccountPolicyPolicyTypeArgs
- Data
Protection Policy - DATA_PROTECTION_POLICY
- Subscription
Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Account
Policy Policy Type Data Protection Policy - DATA_PROTECTION_POLICY
- Account
Policy Policy Type Subscription Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Data
Protection Policy - DATA_PROTECTION_POLICY
- Subscription
Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Data
Protection Policy - DATA_PROTECTION_POLICY
- Subscription
Filter Policy - SUBSCRIPTION_FILTER_POLICY
- DATA_PROTECTION_POLICY
- DATA_PROTECTION_POLICY
- SUBSCRIPTION_FILTER_POLICY
- SUBSCRIPTION_FILTER_POLICY
- "DATA_PROTECTION_POLICY"
- DATA_PROTECTION_POLICY
- "SUBSCRIPTION_FILTER_POLICY"
- SUBSCRIPTION_FILTER_POLICY
AccountPolicyScope, AccountPolicyScopeArgs
- All
- ALL
- Account
Policy Scope All - ALL
- All
- ALL
- All
- ALL
- ALL
- ALL
- "ALL"
- ALL
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.