We recommend new projects start with resources from the AWS provider.
aws-native.logs.LogGroup
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::Logs::LogGroup
resource specifies a log group. A log group defines common properties for log streams, such as their retention and access control rules. Each log stream must belong to one log group.
You can create up to 1,000,000 log groups per Region per account. You must use the following guidelines when naming a log group:
- Log group names must be unique within a Region for an AWS account.
- Log group names can be between 1 and 512 characters long.
- Log group names consist of the following characters: a-z, A-Z, 0-9, ‘_’ (underscore), ‘-’ (hyphen), ‘/’ (forward slash), and ‘.’ (period).
Create LogGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new LogGroup(name: string, args?: LogGroupArgs, opts?: CustomResourceOptions);
@overload
def LogGroup(resource_name: str,
args: Optional[LogGroupArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def LogGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
data_protection_policy: Optional[Any] = None,
kms_key_id: Optional[str] = None,
log_group_class: Optional[LogGroupClass] = None,
log_group_name: Optional[str] = None,
retention_in_days: Optional[int] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
func NewLogGroup(ctx *Context, name string, args *LogGroupArgs, opts ...ResourceOption) (*LogGroup, error)
public LogGroup(string name, LogGroupArgs? args = null, CustomResourceOptions? opts = null)
public LogGroup(String name, LogGroupArgs args)
public LogGroup(String name, LogGroupArgs args, CustomResourceOptions options)
type: aws-native:logs:LogGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args LogGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args LogGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args LogGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args LogGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args LogGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
LogGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The LogGroup resource accepts the following input properties:
- Data
Protection objectPolicy Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
Search the CloudFormation User Guide for
AWS::Logs::LogGroup
for more information about the expected schema for this property.- Kms
Key stringId - The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.
If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an
InvalidParameterException
error. Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see Encrypt log data in using - Log
Group Pulumi.Class Aws Native. Logs. Log Group Class Specifies the log group class for this log group. There are two classes:
- The
Standard
log class supports all CWL features. - The
Infrequent Access
log class supports a subset of CWL features and incurs lower costs.
For details about the features supported by each class, see Log classes
- The
- Log
Group stringName - The name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
- Retention
In intDays - The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
- List<Pulumi.
Aws Native. Inputs. Tag> - An array of key-value pairs to apply to the log group. For more information, see Tag.
- Data
Protection interface{}Policy Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
Search the CloudFormation User Guide for
AWS::Logs::LogGroup
for more information about the expected schema for this property.- Kms
Key stringId - The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.
If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an
InvalidParameterException
error. Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see Encrypt log data in using - Log
Group LogClass Group Class Specifies the log group class for this log group. There are two classes:
- The
Standard
log class supports all CWL features. - The
Infrequent Access
log class supports a subset of CWL features and incurs lower costs.
For details about the features supported by each class, see Log classes
- The
- Log
Group stringName - The name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
- Retention
In intDays - The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
- Tag
Args - An array of key-value pairs to apply to the log group. For more information, see Tag.
- data
Protection ObjectPolicy Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
Search the CloudFormation User Guide for
AWS::Logs::LogGroup
for more information about the expected schema for this property.- kms
Key StringId - The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.
If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an
InvalidParameterException
error. Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see Encrypt log data in using - log
Group LogClass Group Class Specifies the log group class for this log group. There are two classes:
- The
Standard
log class supports all CWL features. - The
Infrequent Access
log class supports a subset of CWL features and incurs lower costs.
For details about the features supported by each class, see Log classes
- The
- log
Group StringName - The name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
- retention
In IntegerDays - The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
- List<Tag>
- An array of key-value pairs to apply to the log group. For more information, see Tag.
- data
Protection anyPolicy Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
Search the CloudFormation User Guide for
AWS::Logs::LogGroup
for more information about the expected schema for this property.- kms
Key stringId - The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.
If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an
InvalidParameterException
error. Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see Encrypt log data in using - log
Group LogClass Group Class Specifies the log group class for this log group. There are two classes:
- The
Standard
log class supports all CWL features. - The
Infrequent Access
log class supports a subset of CWL features and incurs lower costs.
For details about the features supported by each class, see Log classes
- The
- log
Group stringName - The name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
- retention
In numberDays - The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
- Tag[]
- An array of key-value pairs to apply to the log group. For more information, see Tag.
- data_
protection_ Anypolicy Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
Search the CloudFormation User Guide for
AWS::Logs::LogGroup
for more information about the expected schema for this property.- kms_
key_ strid - The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.
If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an
InvalidParameterException
error. Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see Encrypt log data in using - log_
group_ Logclass Group Class Specifies the log group class for this log group. There are two classes:
- The
Standard
log class supports all CWL features. - The
Infrequent Access
log class supports a subset of CWL features and incurs lower costs.
For details about the features supported by each class, see Log classes
- The
- log_
group_ strname - The name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
- retention_
in_ intdays - The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
- Sequence[Tag
Args] - An array of key-value pairs to apply to the log group. For more information, see Tag.
- data
Protection AnyPolicy Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks. For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
Search the CloudFormation User Guide for
AWS::Logs::LogGroup
for more information about the expected schema for this property.- kms
Key StringId - The Amazon Resource Name (ARN) of the KMS key to use when encrypting log data.
To associate an KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CWL. This enables CWL to decrypt this data whenever it is requested.
If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an
InvalidParameterException
error. Log group data is always encrypted in CWL. If you omit this key, the encryption does not use KMS. For more information, see Encrypt log data in using - log
Group "STANDARD" | "INFREQUENT_ACCESS"Class Specifies the log group class for this log group. There are two classes:
- The
Standard
log class supports all CWL features. - The
Infrequent Access
log class supports a subset of CWL features and incurs lower costs.
For details about the features supported by each class, see Log classes
- The
- log
Group StringName - The name of the log group. If you don't specify a name, CFNlong generates a unique ID for the log group.
- retention
In NumberDays - The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653. To set a log group so that its log events do not expire, use DeleteRetentionPolicy.
- List<Property Map>
- An array of key-value pairs to apply to the log group. For more information, see Tag.
Outputs
All input properties are implicitly available as output properties. Additionally, the LogGroup resource produces the following output properties:
Supporting Types
LogGroupClass, LogGroupClassArgs
- Standard
- STANDARD
- Infrequent
Access - INFREQUENT_ACCESS
- Log
Group Class Standard - STANDARD
- Log
Group Class Infrequent Access - INFREQUENT_ACCESS
- Standard
- STANDARD
- Infrequent
Access - INFREQUENT_ACCESS
- Standard
- STANDARD
- Infrequent
Access - INFREQUENT_ACCESS
- STANDARD
- STANDARD
- INFREQUENT_ACCESS
- INFREQUENT_ACCESS
- "STANDARD"
- STANDARD
- "INFREQUENT_ACCESS"
- INFREQUENT_ACCESS
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.