awslogs

package
v2.102.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2023 License: Apache-2.0 Imports: 11 Imported by: 81

README

Amazon CloudWatch Logs Construct Library

This library supplies constructs for working with CloudWatch Logs.

Log Groups/Streams

The basic unit of CloudWatch is a Log Group. Every log group typically has the same kind of data logged to it, in the same format. If there are multiple applications or services logging into the Log Group, each of them creates a new Log Stream.

Every log operation creates a "log event", which can consist of a simple string or a single-line JSON object. JSON objects have the advantage that they afford more filtering abilities (see below).

The only configurable attribute for log streams is the retention period, which configures after how much time the events in the log stream expire and are deleted.

The default retention period if not supplied is 2 years, but it can be set to one of the values in the RetentionDays enum to configure a different retention period (including infinite retention).

// Configure log group for short retention
logGroup := awscdk.NewLogGroup(stack, jsii.String("LogGroup"), &LogGroupProps{
	Retention: awscdk.RetentionDays_ONE_WEEK,
})// Configure log group for infinite retention
logGroup := awscdk.NewLogGroup(stack, jsii.String("LogGroup"), &LogGroupProps{
	Retention: infinity,
})

LogRetention

The LogRetention construct is a way to control the retention period of log groups that are created outside of the CDK. The construct is usually used on log groups that are auto created by AWS services, such as AWS lambda.

This is implemented using a CloudFormation custom resource which pre-creates the log group if it doesn't exist, and sets the specified log retention period (never expire, by default).

By default, the log group will be created in the same region as the stack. The logGroupRegion property can be used to configure log groups in other regions. This is typically useful when controlling retention for log groups auto-created by global services that publish their log group to a specific region, such as AWS Chatbot creating a log group in us-east-1.

By default, the log group created by LogRetention will be retained after the stack is deleted. If the RemovalPolicy is set to DESTROY, then the log group will be deleted when the stack is deleted.

Resource Policy

CloudWatch Resource Policies allow other AWS services or IAM Principals to put log events into the log groups. A resource policy is automatically created when addToResourcePolicy is called on the LogGroup for the first time:

logGroup := logs.NewLogGroup(this, jsii.String("LogGroup"))
logGroup.addToResourcePolicy(iam.NewPolicyStatement(&PolicyStatementProps{
	Actions: []*string{
		jsii.String("logs:CreateLogStream"),
		jsii.String("logs:PutLogEvents"),
	},
	Principals: []iPrincipal{
		iam.NewServicePrincipal(jsii.String("es.amazonaws.com")),
	},
	Resources: []*string{
		logGroup.LogGroupArn,
	},
}))

Or more conveniently, write permissions to the log group can be granted as follows which gives same result as in the above example.

logGroup := logs.NewLogGroup(this, jsii.String("LogGroup"))
logGroup.grantWrite(iam.NewServicePrincipal(jsii.String("es.amazonaws.com")))

Similarily, read permissions can be granted to the log group as follows.

logGroup := logs.NewLogGroup(this, jsii.String("LogGroup"))
logGroup.grantRead(iam.NewServicePrincipal(jsii.String("es.amazonaws.com")))

Be aware that any ARNs or tokenized values passed to the resource policy will be converted into AWS Account IDs. This is because CloudWatch Logs Resource Policies do not accept ARNs as principals, but they do accept Account ID strings. Non-ARN principals, like Service principals or Any principals, are accepted by CloudWatch.

Encrypting Log Groups

By default, log group data is always encrypted in CloudWatch Logs. You have the option to encrypt log group data using a AWS KMS customer master key (CMK) should you not wish to use the default AWS encryption. Keep in mind that if you decide to encrypt a log group, any service or IAM identity that needs to read the encrypted log streams in the future will require the same CMK to decrypt the data.

Here's a simple example of creating an encrypted Log Group using a KMS CMK.

import kms "github.com/aws/aws-cdk-go/awscdk"


logs.NewLogGroup(this, jsii.String("LogGroup"), &LogGroupProps{
	EncryptionKey: kms.NewKey(this, jsii.String("Key")),
})

See the AWS documentation for more detailed information about encrypting CloudWatch Logs.

Subscriptions and Destinations

Log events matching a particular filter can be sent to either a Lambda function or a Kinesis stream.

If the Kinesis stream lives in a different account, a CrossAccountDestination object needs to be added in the destination account which will act as a proxy for the remote Kinesis stream. This object is automatically created for you if you use the CDK Kinesis library.

Create a SubscriptionFilter, initialize it with an appropriate Pattern (see below) and supply the intended destination:

import destinations "github.com/aws/aws-cdk-go/awscdk"

var fn function
var logGroup logGroup


logs.NewSubscriptionFilter(this, jsii.String("Subscription"), &SubscriptionFilterProps{
	LogGroup: LogGroup,
	Destination: destinations.NewLambdaDestination(fn),
	FilterPattern: logs.FilterPattern_AllTerms(jsii.String("ERROR"), jsii.String("MainThread")),
	FilterName: jsii.String("ErrorInMainThread"),
})

Metric Filters

CloudWatch Logs can extract and emit metrics based on a textual log stream. Depending on your needs, this may be a more convenient way of generating metrics for you application than making calls to CloudWatch Metrics yourself.

A MetricFilter either emits a fixed number every time it sees a log event matching a particular pattern (see below), or extracts a number from the log event and uses that as the metric value.

Example:

awscdk.NewMetricFilter(this, jsii.String("MetricFilter"), &MetricFilterProps{
	LogGroup: LogGroup,
	MetricNamespace: jsii.String("MyApp"),
	MetricName: jsii.String("Latency"),
	FilterPattern: awscdk.FilterPattern_Exists(jsii.String("$.latency")),
	MetricValue: jsii.String("$.latency"),
})

Remember that if you want to use a value from the log event as the metric value, you must mention it in your pattern somewhere.

A very simple MetricFilter can be created by using the logGroup.extractMetric() helper function:

var logGroup logGroup

logGroup.extractMetric(jsii.String("$.jsonField"), jsii.String("Namespace"), jsii.String("MetricName"))

Will extract the value of jsonField wherever it occurs in JSON-structured log records in the LogGroup, and emit them to CloudWatch Metrics under the name Namespace/MetricName.

Exposing Metric on a Metric Filter

You can expose a metric on a metric filter by calling the MetricFilter.metric() API. This has a default of statistic = 'avg' if the statistic is not set in the props.

var logGroup logGroup

mf := logs.NewMetricFilter(this, jsii.String("MetricFilter"), &MetricFilterProps{
	LogGroup: LogGroup,
	MetricNamespace: jsii.String("MyApp"),
	MetricName: jsii.String("Latency"),
	FilterPattern: logs.FilterPattern_Exists(jsii.String("$.latency")),
	MetricValue: jsii.String("$.latency"),
	Dimensions: map[string]*string{
		"ErrorCode": jsii.String("$.errorCode"),
	},
	Unit: cloudwatch.Unit_MILLISECONDS,
})

//expose a metric from the metric filter
metric := mf.Metric()

//you can use the metric to create a new alarm
//you can use the metric to create a new alarm
cloudwatch.NewAlarm(this, jsii.String("alarm from metric filter"), &AlarmProps{
	Metric: Metric,
	Threshold: jsii.Number(100),
	EvaluationPeriods: jsii.Number(2),
})

Patterns

Patterns describe which log events match a subscription or metric filter. There are three types of patterns:

  • Text patterns
  • JSON patterns
  • Space-delimited table patterns

All patterns are constructed by using static functions on the FilterPattern class.

In addition to the patterns above, the following special patterns exist:

  • FilterPattern.allEvents(): matches all log events.
  • FilterPattern.literal(string): if you already know what pattern expression to use, this function takes a string and will use that as the log pattern. For more information, see the Filter and Pattern Syntax.
Text Patterns

Text patterns match if the literal strings appear in the text form of the log line.

  • FilterPattern.allTerms(term, term, ...): matches if all of the given terms (substrings) appear in the log event.
  • FilterPattern.anyTerm(term, term, ...): matches if all of the given terms (substrings) appear in the log event.
  • FilterPattern.anyTermGroup([term, term, ...], [term, term, ...], ...): matches if all of the terms in any of the groups (specified as arrays) matches. This is an OR match.

Examples:

// Search for lines that contain both "ERROR" and "MainThread"
pattern1 := logs.FilterPattern_AllTerms(jsii.String("ERROR"), jsii.String("MainThread"))

// Search for lines that either contain both "ERROR" and "MainThread", or
// both "WARN" and "Deadlock".
pattern2 := logs.FilterPattern_AnyTermGroup([]*string{
	jsii.String("ERROR"),
	jsii.String("MainThread"),
}, []*string{
	jsii.String("WARN"),
	jsii.String("Deadlock"),
})

JSON Patterns

JSON patterns apply if the log event is the JSON representation of an object (without any other characters, so it cannot include a prefix such as timestamp or log level). JSON patterns can make comparisons on the values inside the fields.

  • Strings: the comparison operators allowed for strings are = and !=. String values can start or end with a * wildcard.
  • Numbers: the comparison operators allowed for numbers are =, !=, <, <=, >, >=.

Fields in the JSON structure are identified by identifier the complete object as $ and then descending into it, such as $.field or $.list[0].field.

  • FilterPattern.stringValue(field, comparison, string): matches if the given field compares as indicated with the given string value.
  • FilterPattern.numberValue(field, comparison, number): matches if the given field compares as indicated with the given numerical value.
  • FilterPattern.isNull(field): matches if the given field exists and has the value null.
  • FilterPattern.notExists(field): matches if the given field is not in the JSON structure.
  • FilterPattern.exists(field): matches if the given field is in the JSON structure.
  • FilterPattern.booleanValue(field, boolean): matches if the given field is exactly the given boolean value.
  • FilterPattern.all(jsonPattern, jsonPattern, ...): matches if all of the given JSON patterns match. This makes an AND combination of the given patterns.
  • FilterPattern.any(jsonPattern, jsonPattern, ...): matches if any of the given JSON patterns match. This makes an OR combination of the given patterns.

Example:

// Search for all events where the component field is equal to
// "HttpServer" and either error is true or the latency is higher
// than 1000.
pattern := logs.FilterPattern_All(logs.FilterPattern_StringValue(jsii.String("$.component"), jsii.String("="), jsii.String("HttpServer")), logs.FilterPattern_Any(logs.FilterPattern_BooleanValue(jsii.String("$.error"), jsii.Boolean(true)), logs.FilterPattern_NumberValue(jsii.String("$.latency"), jsii.String(">"), jsii.Number(1000))))

Space-delimited table patterns

If the log events are rows of a space-delimited table, this pattern can be used to identify the columns in that structure and add conditions on any of them. The canonical example where you would apply this type of pattern is Apache server logs.

Text that is surrounded by "..." quotes or [...] square brackets will be treated as one column.

  • FilterPattern.spaceDelimited(column, column, ...): construct a SpaceDelimitedTextPattern object with the indicated columns. The columns map one-by-one the columns found in the log event. The string "..." may be used to specify an arbitrary number of unnamed columns anywhere in the name list (but may only be specified once).

After constructing a SpaceDelimitedTextPattern, you can use the following two members to add restrictions:

  • pattern.whereString(field, comparison, string): add a string condition. The rules are the same as for JSON patterns.
  • pattern.whereNumber(field, comparison, number): add a numerical condition. The rules are the same as for JSON patterns.

Multiple restrictions can be added on the same column; they must all apply.

Example:

// Search for all events where the component is "HttpServer" and the
// result code is not equal to 200.
pattern := logs.FilterPattern_SpaceDelimited(jsii.String("time"), jsii.String("component"), jsii.String("..."), jsii.String("result_code"), jsii.String("latency")).WhereString(jsii.String("component"), jsii.String("="), jsii.String("HttpServer")).WhereNumber(jsii.String("result_code"), jsii.String("!="), jsii.Number(200))

Logs Insights Query Definition

Creates a query definition for CloudWatch Logs Insights.

Example:

logs.NewQueryDefinition(this, jsii.String("QueryDefinition"), &QueryDefinitionProps{
	QueryDefinitionName: jsii.String("MyQuery"),
	QueryString: logs.NewQueryString(&QueryStringProps{
		Fields: []*string{
			jsii.String("@timestamp"),
			jsii.String("@message"),
		},
		ParseStatements: []*string{
			jsii.String("@message \"[*] *\" as loggingType, loggingMessage"),
			jsii.String("@message \"<*>: *\" as differentLoggingType, differentLoggingMessage"),
		},
		FilterStatements: []*string{
			jsii.String("loggingType = \"ERROR\""),
			jsii.String("loggingMessage = \"A very strange error occurred!\""),
		},
		Sort: jsii.String("@timestamp desc"),
		Limit: jsii.Number(20),
	}),
})

Data Protection Policy

Creates a data protection policy and assigns it to the log group. A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.

For more information, see Protect sensitive log data with masking.

For a list of types of identifiers that can be audited and masked, see Types of data that you can protect

If a new identifier is supported but not yet in the DataIdentifiers enum, the full ARN of the identifier can be supplied in identifierArnStrings instead.

Each policy may consist of a log group, S3 bucket, and/or Firehose delivery stream audit destination.

Example:

import kinesisfirehose "github.com/aws/aws-cdk-go/awscdkkinesisfirehosealpha"
import destinations "github.com/aws/aws-cdk-go/awscdkkinesisfirehosedestinationsalpha"


logGroupDestination := logs.NewLogGroup(this, jsii.String("LogGroupLambdaAudit"), &LogGroupProps{
	LogGroupName: jsii.String("auditDestinationForCDK"),
})

bucket := s3.NewBucket(this, jsii.String("audit-bucket"))
s3Destination := destinations.NewS3Bucket(bucket)

deliveryStream := kinesisfirehose.NewDeliveryStream(this, jsii.String("Delivery Stream"), &DeliveryStreamProps{
	Destinations: []iDestination{
		s3Destination,
	},
})

dataProtectionPolicy := logs.NewDataProtectionPolicy(&DataProtectionPolicyProps{
	Name: jsii.String("data protection policy"),
	Description: jsii.String("policy description"),
	Identifiers: []dataIdentifier{
		logs.*dataIdentifier_DRIVERSLICENSE_US(),
		logs.NewDataIdentifier(jsii.String("EmailAddress")),
	},
	LogGroupAuditDestination: logGroupDestination,
	S3BucketAuditDestination: bucket,
	DeliveryStreamNameAuditDestination: deliveryStream.DeliveryStreamName,
})

logs.NewLogGroup(this, jsii.String("LogGroupLambda"), &LogGroupProps{
	LogGroupName: jsii.String("cdkIntegLogGroup"),
	DataProtectionPolicy: dataProtectionPolicy,
})

Notes

Be aware that Log Group ARNs will always have the string :* appended to them, to match the behavior of the CloudFormation AWS::Logs::LogGroup resource.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CfnAccountPolicy_CFN_RESOURCE_TYPE_NAME added in v2.89.0

func CfnAccountPolicy_CFN_RESOURCE_TYPE_NAME() *string

func CfnAccountPolicy_IsCfnElement added in v2.89.0

func CfnAccountPolicy_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnAccountPolicy_IsCfnResource added in v2.89.0

func CfnAccountPolicy_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnAccountPolicy_IsConstruct added in v2.89.0

func CfnAccountPolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnDestination_CFN_RESOURCE_TYPE_NAME

func CfnDestination_CFN_RESOURCE_TYPE_NAME() *string

func CfnDestination_IsCfnElement

func CfnDestination_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnDestination_IsCfnResource

func CfnDestination_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnDestination_IsConstruct

func CfnDestination_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnLogGroup_CFN_RESOURCE_TYPE_NAME

func CfnLogGroup_CFN_RESOURCE_TYPE_NAME() *string

func CfnLogGroup_IsCfnElement

func CfnLogGroup_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnLogGroup_IsCfnResource

func CfnLogGroup_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnLogGroup_IsConstruct

func CfnLogGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnLogStream_CFN_RESOURCE_TYPE_NAME

func CfnLogStream_CFN_RESOURCE_TYPE_NAME() *string

func CfnLogStream_IsCfnElement

func CfnLogStream_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnLogStream_IsCfnResource

func CfnLogStream_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnLogStream_IsConstruct

func CfnLogStream_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnMetricFilter_CFN_RESOURCE_TYPE_NAME

func CfnMetricFilter_CFN_RESOURCE_TYPE_NAME() *string

func CfnMetricFilter_IsCfnElement

func CfnMetricFilter_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnMetricFilter_IsCfnResource

func CfnMetricFilter_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnMetricFilter_IsConstruct

func CfnMetricFilter_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnQueryDefinition_CFN_RESOURCE_TYPE_NAME

func CfnQueryDefinition_CFN_RESOURCE_TYPE_NAME() *string

func CfnQueryDefinition_IsCfnElement

func CfnQueryDefinition_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnQueryDefinition_IsCfnResource

func CfnQueryDefinition_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnQueryDefinition_IsConstruct

func CfnQueryDefinition_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME

func CfnResourcePolicy_CFN_RESOURCE_TYPE_NAME() *string

func CfnResourcePolicy_IsCfnElement

func CfnResourcePolicy_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnResourcePolicy_IsCfnResource

func CfnResourcePolicy_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnResourcePolicy_IsConstruct

func CfnResourcePolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnSubscriptionFilter_CFN_RESOURCE_TYPE_NAME

func CfnSubscriptionFilter_CFN_RESOURCE_TYPE_NAME() *string

func CfnSubscriptionFilter_IsCfnElement

func CfnSubscriptionFilter_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnSubscriptionFilter_IsCfnResource

func CfnSubscriptionFilter_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource.

func CfnSubscriptionFilter_IsConstruct

func CfnSubscriptionFilter_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CrossAccountDestination_IsConstruct

func CrossAccountDestination_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CrossAccountDestination_IsOwnedResource added in v2.32.0

func CrossAccountDestination_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func CrossAccountDestination_IsResource

func CrossAccountDestination_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func LogGroup_IsConstruct

func LogGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func LogGroup_IsOwnedResource added in v2.32.0

func LogGroup_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func LogGroup_IsResource

func LogGroup_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func LogRetention_IsConstruct

func LogRetention_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func LogStream_IsConstruct

func LogStream_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func LogStream_IsOwnedResource added in v2.32.0

func LogStream_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func LogStream_IsResource

func LogStream_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func MetricFilter_IsConstruct

func MetricFilter_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func MetricFilter_IsOwnedResource added in v2.32.0

func MetricFilter_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func MetricFilter_IsResource

func MetricFilter_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NewCfnAccountPolicy_Override added in v2.89.0

func NewCfnAccountPolicy_Override(c CfnAccountPolicy, scope constructs.Construct, id *string, props *CfnAccountPolicyProps)

func NewCfnDestination_Override

func NewCfnDestination_Override(c CfnDestination, scope constructs.Construct, id *string, props *CfnDestinationProps)

func NewCfnLogGroup_Override

func NewCfnLogGroup_Override(c CfnLogGroup, scope constructs.Construct, id *string, props *CfnLogGroupProps)

func NewCfnLogStream_Override

func NewCfnLogStream_Override(c CfnLogStream, scope constructs.Construct, id *string, props *CfnLogStreamProps)

func NewCfnMetricFilter_Override

func NewCfnMetricFilter_Override(c CfnMetricFilter, scope constructs.Construct, id *string, props *CfnMetricFilterProps)

func NewCfnQueryDefinition_Override

func NewCfnQueryDefinition_Override(c CfnQueryDefinition, scope constructs.Construct, id *string, props *CfnQueryDefinitionProps)

func NewCfnResourcePolicy_Override

func NewCfnResourcePolicy_Override(c CfnResourcePolicy, scope constructs.Construct, id *string, props *CfnResourcePolicyProps)

func NewCfnSubscriptionFilter_Override

func NewCfnSubscriptionFilter_Override(c CfnSubscriptionFilter, scope constructs.Construct, id *string, props *CfnSubscriptionFilterProps)

func NewCrossAccountDestination_Override

func NewCrossAccountDestination_Override(c CrossAccountDestination, scope constructs.Construct, id *string, props *CrossAccountDestinationProps)

func NewDataIdentifier_Override added in v2.79.0

func NewDataIdentifier_Override(d DataIdentifier, identifier *string)

func NewDataProtectionPolicy_Override added in v2.79.0

func NewDataProtectionPolicy_Override(d DataProtectionPolicy, props *DataProtectionPolicyProps)

func NewFilterPattern_Override

func NewFilterPattern_Override(f FilterPattern)

func NewJsonPattern_Override

func NewJsonPattern_Override(j JsonPattern, jsonPatternString *string)

func NewLogGroup_Override

func NewLogGroup_Override(l LogGroup, scope constructs.Construct, id *string, props *LogGroupProps)

func NewLogRetention_Override

func NewLogRetention_Override(l LogRetention, scope constructs.Construct, id *string, props *LogRetentionProps)

func NewLogStream_Override

func NewLogStream_Override(l LogStream, scope constructs.Construct, id *string, props *LogStreamProps)

func NewMetricFilter_Override

func NewMetricFilter_Override(m MetricFilter, scope constructs.Construct, id *string, props *MetricFilterProps)

func NewQueryDefinition_Override added in v2.21.0

func NewQueryDefinition_Override(q QueryDefinition, scope constructs.Construct, id *string, props *QueryDefinitionProps)

func NewQueryString_Override added in v2.21.0

func NewQueryString_Override(q QueryString, props *QueryStringProps)

func NewResourcePolicy_Override

func NewResourcePolicy_Override(r ResourcePolicy, scope constructs.Construct, id *string, props *ResourcePolicyProps)

func NewSpaceDelimitedTextPattern_Override

func NewSpaceDelimitedTextPattern_Override(s SpaceDelimitedTextPattern, columns *[]*string, restrictions *map[string]*[]*ColumnRestriction)

func NewSubscriptionFilter_Override

func NewSubscriptionFilter_Override(s SubscriptionFilter, scope constructs.Construct, id *string, props *SubscriptionFilterProps)

func QueryDefinition_IsConstruct added in v2.21.0

func QueryDefinition_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func QueryDefinition_IsOwnedResource added in v2.32.0

func QueryDefinition_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func QueryDefinition_IsResource added in v2.21.0

func QueryDefinition_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func ResourcePolicy_IsConstruct

func ResourcePolicy_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ResourcePolicy_IsOwnedResource added in v2.32.0

func ResourcePolicy_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func ResourcePolicy_IsResource

func ResourcePolicy_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func SubscriptionFilter_IsConstruct

func SubscriptionFilter_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func SubscriptionFilter_IsOwnedResource added in v2.32.0

func SubscriptionFilter_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func SubscriptionFilter_IsResource

func SubscriptionFilter_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

Types

type CfnAccountPolicy added in v2.89.0

type CfnAccountPolicy interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The account ID of the account where this policy was created.
	//
	// For example, `123456789012` .
	AttrAccountId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Specify the data protection policy, in JSON.
	PolicyDocument() *string
	SetPolicyDocument(val *string)
	// A name for the policy.
	PolicyName() *string
	SetPolicyName(val *string)
	// Currently the only valid value for this parameter is `DATA_PROTECTION_POLICY` .
	PolicyType() *string
	SetPolicyType(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// Currently the only valid value for this parameter is `ALL` , which specifies that the data protection policy applies to all log groups in the account.
	Scope() *string
	SetScope(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Creates or updates an account-level data protection policy that applies to all log groups in the account.

A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level policy.

> Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the `logs:Unmask` permission can use a [GetLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html) or [FilterLogEvents](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_FilterLogEvents.html) operation with the `unmask` parameter set to `true` to view the unmasked log events. Users with the `logs:Unmask` can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the `unmask` query command.

For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) .

To create an account-level policy, you must be signed on with the `logs:PutDataProtectionPolicy` and `logs:PutAccountPolicy` permissions.

An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccountPolicy := awscdk.Aws_logs.NewCfnAccountPolicy(this, jsii.String("MyCfnAccountPolicy"), &CfnAccountPolicyProps{
	PolicyDocument: jsii.String("policyDocument"),
	PolicyName: jsii.String("policyName"),
	PolicyType: jsii.String("policyType"),

	// the properties below are optional
	Scope: jsii.String("scope"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-accountpolicy.html

func NewCfnAccountPolicy added in v2.89.0

func NewCfnAccountPolicy(scope constructs.Construct, id *string, props *CfnAccountPolicyProps) CfnAccountPolicy

type CfnAccountPolicyProps added in v2.89.0

type CfnAccountPolicyProps struct {
	// Specify the data protection policy, in JSON.
	//
	// This policy must include two JSON blocks:
	//
	// - The first block must include both a `DataIdentifer` array and an `Operation` property with an `Audit` action. The `DataIdentifer` array lists the types of sensitive data that you want to mask. For more information about the available options, see [Types of data that you can mask](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html) .
	//
	// The `Operation` property with an `Audit` action is required to find the sensitive data terms. This `Audit` action must contain a `FindingsDestination` object. You can optionally use that `FindingsDestination` object to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Kinesis Data Firehose streams, and S3 buckets, they must already exist.
	// - The second block must include both a `DataIdentifer` array and an `Operation` property with an `Deidentify` action. The `DataIdentifer` array must exactly match the `DataIdentifer` array in the first block of the policy.
	//
	// The `Operation` property with the `Deidentify` action is what actually masks the data, and it must contain the `"MaskConfig": {}` object. The `"MaskConfig": {}` object must be empty.
	//
	// > The contents of the two `DataIdentifer` arrays must match exactly.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-accountpolicy.html#cfn-logs-accountpolicy-policydocument
	//
	PolicyDocument *string `field:"required" json:"policyDocument" yaml:"policyDocument"`
	// A name for the policy.
	//
	// This must be unique within the account.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-accountpolicy.html#cfn-logs-accountpolicy-policyname
	//
	PolicyName *string `field:"required" json:"policyName" yaml:"policyName"`
	// Currently the only valid value for this parameter is `DATA_PROTECTION_POLICY` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-accountpolicy.html#cfn-logs-accountpolicy-policytype
	//
	PolicyType *string `field:"required" json:"policyType" yaml:"policyType"`
	// Currently the only valid value for this parameter is `ALL` , which specifies that the data protection policy applies to all log groups in the account.
	//
	// If you omit this parameter, the default of `ALL` is used.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-accountpolicy.html#cfn-logs-accountpolicy-scope
	//
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
}

Properties for defining a `CfnAccountPolicy`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnAccountPolicyProps := &CfnAccountPolicyProps{
	PolicyDocument: jsii.String("policyDocument"),
	PolicyName: jsii.String("policyName"),
	PolicyType: jsii.String("policyType"),

	// the properties below are optional
	Scope: jsii.String("scope"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-accountpolicy.html

type CfnDestination

type CfnDestination interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The ARN of the CloudWatch Logs destination, such as `arn:aws:logs:us-west-1:123456789012:destination:MyDestination` .
	AttrArn() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The name of the destination.
	DestinationName() *string
	SetDestinationName(val *string)
	// An IAM policy document that governs which AWS accounts can create subscription filters against this destination.
	DestinationPolicy() *string
	SetDestinationPolicy(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The ARN of an IAM role that permits CloudWatch Logs to send data to the specified AWS resource.
	RoleArn() *string
	SetRoleArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).
	TargetArn() *string
	SetTargetArn(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The AWS::Logs::Destination resource specifies a CloudWatch Logs destination.

A destination encapsulates a physical resource (such as an Amazon Kinesis data stream) and enables you to subscribe that resource to a stream of log events.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnDestination := awscdk.Aws_logs.NewCfnDestination(this, jsii.String("MyCfnDestination"), &CfnDestinationProps{
	DestinationName: jsii.String("destinationName"),
	RoleArn: jsii.String("roleArn"),
	TargetArn: jsii.String("targetArn"),

	// the properties below are optional
	DestinationPolicy: jsii.String("destinationPolicy"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html

func NewCfnDestination

func NewCfnDestination(scope constructs.Construct, id *string, props *CfnDestinationProps) CfnDestination

type CfnDestinationProps

type CfnDestinationProps struct {
	// The name of the destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html#cfn-logs-destination-destinationname
	//
	DestinationName *string `field:"required" json:"destinationName" yaml:"destinationName"`
	// The ARN of an IAM role that permits CloudWatch Logs to send data to the specified AWS resource.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html#cfn-logs-destination-rolearn
	//
	RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
	// The Amazon Resource Name (ARN) of the physical target where the log events are delivered (for example, a Kinesis stream).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html#cfn-logs-destination-targetarn
	//
	TargetArn *string `field:"required" json:"targetArn" yaml:"targetArn"`
	// An IAM policy document that governs which AWS accounts can create subscription filters against this destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html#cfn-logs-destination-destinationpolicy
	//
	DestinationPolicy *string `field:"optional" json:"destinationPolicy" yaml:"destinationPolicy"`
}

Properties for defining a `CfnDestination`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnDestinationProps := &CfnDestinationProps{
	DestinationName: jsii.String("destinationName"),
	RoleArn: jsii.String("roleArn"),
	TargetArn: jsii.String("targetArn"),

	// the properties below are optional
	DestinationPolicy: jsii.String("destinationPolicy"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-destination.html

type CfnLogGroup

type CfnLogGroup interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// The ARN of the log group, such as `arn:aws:logs:us-west-1:123456789012:log-group:/mystack-testgroup-12ABC1AB12A1:*`.
	AttrArn() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// Creates a data protection policy and assigns it to the log group.
	DataProtectionPolicy() interface{}
	SetDataProtectionPolicy(val interface{})
	// The Amazon Resource Name (ARN) of the AWS KMS key to use when encrypting log data.
	KmsKeyId() *string
	SetKmsKeyId(val *string)
	// The name of the log group.
	LogGroupName() *string
	SetLogGroupName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The number of days to retain the log events in the specified log group.
	RetentionInDays() *float64
	SetRetentionInDays(val *float64)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// An array of key-value pairs to apply to the log group.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Logs::LogGroup` resource specifies a log group.

A log group defines common properties for log streams, such as their retention and access control rules. Each log stream must belong to one log group.

You can create up to 1,000,000 log groups per Region per account. You must use the following guidelines when naming a log group:

- Log group names must be unique within a Region for an AWS account. - Log group names can be between 1 and 512 characters long. - Log group names consist of the following characters: a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), '/' (forward slash), and '.' (period).

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var dataProtectionPolicy interface{}

cfnLogGroup := awscdk.Aws_logs.NewCfnLogGroup(this, jsii.String("MyCfnLogGroup"), &CfnLogGroupProps{
	DataProtectionPolicy: dataProtectionPolicy,
	KmsKeyId: jsii.String("kmsKeyId"),
	LogGroupName: jsii.String("logGroupName"),
	RetentionInDays: jsii.Number(123),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html

func NewCfnLogGroup

func NewCfnLogGroup(scope constructs.Construct, id *string, props *CfnLogGroupProps) CfnLogGroup

type CfnLogGroupProps

type CfnLogGroupProps struct {
	// Creates a data protection policy and assigns it to the log group.
	//
	// A data protection policy can help safeguard sensitive data that's ingested by the log group by auditing and masking the sensitive log data. When a user who does not have permission to view masked data views a log event that includes masked data, the sensitive data is replaced by asterisks.
	//
	// For more information, including a list of types of data that can be audited and masked, see [Protect sensitive log data with masking](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-dataprotectionpolicy
	//
	DataProtectionPolicy interface{} `field:"optional" json:"dataProtectionPolicy" yaml:"dataProtectionPolicy"`
	// The Amazon Resource Name (ARN) of the AWS KMS key to use when encrypting log data.
	//
	// To associate an AWS KMS key with the log group, specify the ARN of that KMS key here. If you do so, ingested data is encrypted using this key. This association is stored as long as the data encrypted with the KMS key is still within CloudWatch Logs . This enables CloudWatch Logs to decrypt this data whenever it is requested.
	//
	// If you attempt to associate a KMS key with the log group but the KMS key doesn't exist or is deactivated, you will receive an `InvalidParameterException` error.
	//
	// Log group data is always encrypted in CloudWatch Logs . If you omit this key, the encryption does not use AWS KMS . For more information, see [Encrypt log data in CloudWatch Logs using AWS Key Management Service](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html)
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-kmskeyid
	//
	KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
	// The name of the log group.
	//
	// If you don't specify a name, AWS CloudFormation generates a unique ID for the log group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-loggroupname
	//
	LogGroupName *string `field:"optional" json:"logGroupName" yaml:"logGroupName"`
	// The number of days to retain the log events in the specified log group.
	//
	// Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, and 3653.
	//
	// To set a log group so that its log events do not expire, use [DeleteRetentionPolicy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteRetentionPolicy.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-retentionindays
	//
	RetentionInDays *float64 `field:"optional" json:"retentionInDays" yaml:"retentionInDays"`
	// An array of key-value pairs to apply to the log group.
	//
	// For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnLogGroup`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var dataProtectionPolicy interface{}

cfnLogGroupProps := &CfnLogGroupProps{
	DataProtectionPolicy: dataProtectionPolicy,
	KmsKeyId: jsii.String("kmsKeyId"),
	LogGroupName: jsii.String("logGroupName"),
	RetentionInDays: jsii.Number(123),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html

type CfnLogStream

type CfnLogStream interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The name of the log group where the log stream is created.
	LogGroupName() *string
	SetLogGroupName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The name of the log stream.
	LogStreamName() *string
	SetLogStreamName(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Logs::LogStream` resource specifies an Amazon CloudWatch Logs log stream in a specific log group.

A log stream represents the sequence of events coming from an application instance or resource that you are monitoring.

There is no limit on the number of log streams that you can create for a log group.

You must use the following guidelines when naming a log stream:

- Log stream names must be unique within the log group. - Log stream names can be between 1 and 512 characters long. - The ':' (colon) and '*' (asterisk) characters are not allowed.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnLogStream := awscdk.Aws_logs.NewCfnLogStream(this, jsii.String("MyCfnLogStream"), &CfnLogStreamProps{
	LogGroupName: jsii.String("logGroupName"),

	// the properties below are optional
	LogStreamName: jsii.String("logStreamName"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html

func NewCfnLogStream

func NewCfnLogStream(scope constructs.Construct, id *string, props *CfnLogStreamProps) CfnLogStream

type CfnLogStreamProps

type CfnLogStreamProps struct {
	// The name of the log group where the log stream is created.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html#cfn-logs-logstream-loggroupname
	//
	LogGroupName *string `field:"required" json:"logGroupName" yaml:"logGroupName"`
	// The name of the log stream.
	//
	// The name must be unique within the log group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html#cfn-logs-logstream-logstreamname
	//
	LogStreamName *string `field:"optional" json:"logStreamName" yaml:"logStreamName"`
}

Properties for defining a `CfnLogStream`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnLogStreamProps := &CfnLogStreamProps{
	LogGroupName: jsii.String("logGroupName"),

	// the properties below are optional
	LogStreamName: jsii.String("logStreamName"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-logstream.html

type CfnMetricFilter

type CfnMetricFilter interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The name of the metric filter.
	FilterName() *string
	SetFilterName(val *string)
	// A filter pattern for extracting metric data out of ingested log events.
	FilterPattern() *string
	SetFilterPattern(val *string)
	// The name of an existing log group that you want to associate with this metric filter.
	LogGroupName() *string
	SetLogGroupName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The metric transformations.
	MetricTransformations() interface{}
	SetMetricTransformations(val interface{})
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Logs::MetricFilter` resource specifies a metric filter that describes how CloudWatch Logs extracts information from logs and transforms it into Amazon CloudWatch metrics.

If you have multiple metric filters that are associated with a log group, all the filters are applied to the log streams in that group.

The maximum number of metric filters that can be associated with a log group is 100.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnMetricFilter := awscdk.Aws_logs.NewCfnMetricFilter(this, jsii.String("MyCfnMetricFilter"), &CfnMetricFilterProps{
	FilterPattern: jsii.String("filterPattern"),
	LogGroupName: jsii.String("logGroupName"),
	MetricTransformations: []interface{}{
		&MetricTransformationProperty{
			MetricName: jsii.String("metricName"),
			MetricNamespace: jsii.String("metricNamespace"),
			MetricValue: jsii.String("metricValue"),

			// the properties below are optional
			DefaultValue: jsii.Number(123),
			Dimensions: []interface{}{
				&DimensionProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			Unit: jsii.String("unit"),
		},
	},

	// the properties below are optional
	FilterName: jsii.String("filterName"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html

func NewCfnMetricFilter

func NewCfnMetricFilter(scope constructs.Construct, id *string, props *CfnMetricFilterProps) CfnMetricFilter

type CfnMetricFilterProps

type CfnMetricFilterProps struct {
	// A filter pattern for extracting metric data out of ingested log events.
	//
	// For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html#cfn-logs-metricfilter-filterpattern
	//
	FilterPattern *string `field:"required" json:"filterPattern" yaml:"filterPattern"`
	// The name of an existing log group that you want to associate with this metric filter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html#cfn-logs-metricfilter-loggroupname
	//
	LogGroupName *string `field:"required" json:"logGroupName" yaml:"logGroupName"`
	// The metric transformations.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html#cfn-logs-metricfilter-metrictransformations
	//
	MetricTransformations interface{} `field:"required" json:"metricTransformations" yaml:"metricTransformations"`
	// The name of the metric filter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html#cfn-logs-metricfilter-filtername
	//
	FilterName *string `field:"optional" json:"filterName" yaml:"filterName"`
}

Properties for defining a `CfnMetricFilter`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnMetricFilterProps := &CfnMetricFilterProps{
	FilterPattern: jsii.String("filterPattern"),
	LogGroupName: jsii.String("logGroupName"),
	MetricTransformations: []interface{}{
		&MetricTransformationProperty{
			MetricName: jsii.String("metricName"),
			MetricNamespace: jsii.String("metricNamespace"),
			MetricValue: jsii.String("metricValue"),

			// the properties below are optional
			DefaultValue: jsii.Number(123),
			Dimensions: []interface{}{
				&DimensionProperty{
					Key: jsii.String("key"),
					Value: jsii.String("value"),
				},
			},
			Unit: jsii.String("unit"),
		},
	},

	// the properties below are optional
	FilterName: jsii.String("filterName"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-metricfilter.html

type CfnMetricFilter_DimensionProperty added in v2.32.0

type CfnMetricFilter_DimensionProperty struct {
	// The name for the CloudWatch metric dimension that the metric filter creates.
	//
	// Dimension names must contain only ASCII characters, must include at least one non-whitespace character, and cannot start with a colon (:).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-dimension.html#cfn-logs-metricfilter-dimension-key
	//
	Key *string `field:"required" json:"key" yaml:"key"`
	// The log event field that will contain the value for this dimension.
	//
	// This dimension will only be published for a metric if the value is found in the log event. For example, `$.eventType` for JSON log events, or `$server` for space-delimited log events.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-dimension.html#cfn-logs-metricfilter-dimension-value
	//
	Value *string `field:"required" json:"value" yaml:"value"`
}

Specifies the CloudWatch metric dimensions to publish with this metric.

Because dimensions are part of the unique identifier for a metric, whenever a unique dimension name/value pair is extracted from your logs, you are creating a new variation of that metric.

For more information about publishing dimensions with metrics created by metric filters, see [Publishing dimensions with metrics from values in JSON or space-delimited log events](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html#logs-metric-filters-dimensions) .

> Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as `IPAddress` or `requestID` as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric. > > To help prevent accidental high charges, Amazon disables a metric filter if it generates 1000 different name/value pairs for the dimensions that you have specified within a certain amount of time. > > You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated AWS Charges](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

dimensionProperty := &DimensionProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-dimension.html

type CfnMetricFilter_MetricTransformationProperty

type CfnMetricFilter_MetricTransformationProperty struct {
	// The name of the CloudWatch metric.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-metricname
	//
	MetricName *string `field:"required" json:"metricName" yaml:"metricName"`
	// A custom namespace to contain your metric in CloudWatch.
	//
	// Use namespaces to group together metrics that are similar. For more information, see [Namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Namespace) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-metricnamespace
	//
	MetricNamespace *string `field:"required" json:"metricNamespace" yaml:"metricNamespace"`
	// The value that is published to the CloudWatch metric.
	//
	// For example, if you're counting the occurrences of a particular term like `Error` , specify 1 for the metric value. If you're counting the number of bytes transferred, reference the value that is in the log event by using $. followed by the name of the field that you specified in the filter pattern, such as `$.size` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-metricvalue
	//
	MetricValue *string `field:"required" json:"metricValue" yaml:"metricValue"`
	// (Optional) The value to emit when a filter pattern does not match a log event.
	//
	// This value can be null.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-defaultvalue
	//
	DefaultValue *float64 `field:"optional" json:"defaultValue" yaml:"defaultValue"`
	// The fields to use as dimensions for the metric. One metric filter can include as many as three dimensions.
	//
	// > Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as `IPAddress` or `requestID` as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric.
	// >
	// > CloudWatch Logs disables a metric filter if it generates 1000 different name/value pairs for your specified dimensions within a certain amount of time. This helps to prevent accidental high charges.
	// >
	// > You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see [Creating a Billing Alarm to Monitor Your Estimated AWS Charges](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-dimensions
	//
	Dimensions interface{} `field:"optional" json:"dimensions" yaml:"dimensions"`
	// The unit to assign to the metric.
	//
	// If you omit this, the unit is set as `None` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-unit
	//
	Unit *string `field:"optional" json:"unit" yaml:"unit"`
}

`MetricTransformation` is a property of the `AWS::Logs::MetricFilter` resource that describes how to transform log streams into a CloudWatch metric.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

metricTransformationProperty := &MetricTransformationProperty{
	MetricName: jsii.String("metricName"),
	MetricNamespace: jsii.String("metricNamespace"),
	MetricValue: jsii.String("metricValue"),

	// the properties below are optional
	DefaultValue: jsii.Number(123),
	Dimensions: []interface{}{
		&DimensionProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Unit: jsii.String("unit"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html

type CfnQueryDefinition

type CfnQueryDefinition interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The ID of the query definition.
	AttrQueryDefinitionId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// Use this parameter if you want the query to query only certain log groups.
	LogGroupNames() *[]*string
	SetLogGroupNames(val *[]*string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// A name for the query definition.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// The query string to use for this query definition.
	QueryString() *string
	SetQueryString(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Creates a query definition for CloudWatch Logs Insights.

For more information, see [Analyzing Log Data with CloudWatch Logs Insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html) .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnQueryDefinition := awscdk.Aws_logs.NewCfnQueryDefinition(this, jsii.String("MyCfnQueryDefinition"), &CfnQueryDefinitionProps{
	Name: jsii.String("name"),
	QueryString: jsii.String("queryString"),

	// the properties below are optional
	LogGroupNames: []*string{
		jsii.String("logGroupNames"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-querydefinition.html

func NewCfnQueryDefinition

func NewCfnQueryDefinition(scope constructs.Construct, id *string, props *CfnQueryDefinitionProps) CfnQueryDefinition

type CfnQueryDefinitionProps

type CfnQueryDefinitionProps struct {
	// A name for the query definition.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-querydefinition.html#cfn-logs-querydefinition-name
	//
	Name *string `field:"required" json:"name" yaml:"name"`
	// The query string to use for this query definition.
	//
	// For more information, see [CloudWatch Logs Insights Query Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-querydefinition.html#cfn-logs-querydefinition-querystring
	//
	QueryString *string `field:"required" json:"queryString" yaml:"queryString"`
	// Use this parameter if you want the query to query only certain log groups.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-querydefinition.html#cfn-logs-querydefinition-loggroupnames
	//
	LogGroupNames *[]*string `field:"optional" json:"logGroupNames" yaml:"logGroupNames"`
}

Properties for defining a `CfnQueryDefinition`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnQueryDefinitionProps := &CfnQueryDefinitionProps{
	Name: jsii.String("name"),
	QueryString: jsii.String("queryString"),

	// the properties below are optional
	LogGroupNames: []*string{
		jsii.String("logGroupNames"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-querydefinition.html

type CfnResourcePolicy

type CfnResourcePolicy interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The details of the policy.
	PolicyDocument() *string
	SetPolicyDocument(val *string)
	// The name of the resource policy.
	PolicyName() *string
	SetPolicyName(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Creates or updates a resource policy that allows other AWS services to put log events to this account.

An account can have up to 10 resource policies per AWS Region.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnResourcePolicy := awscdk.Aws_logs.NewCfnResourcePolicy(this, jsii.String("MyCfnResourcePolicy"), &CfnResourcePolicyProps{
	PolicyDocument: jsii.String("policyDocument"),
	PolicyName: jsii.String("policyName"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html

func NewCfnResourcePolicy

func NewCfnResourcePolicy(scope constructs.Construct, id *string, props *CfnResourcePolicyProps) CfnResourcePolicy

type CfnResourcePolicyProps

type CfnResourcePolicyProps struct {
	// The details of the policy.
	//
	// It must be formatted in JSON, and you must use backslashes to escape characters that need to be escaped in JSON strings, such as double quote marks.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html#cfn-logs-resourcepolicy-policydocument
	//
	PolicyDocument *string `field:"required" json:"policyDocument" yaml:"policyDocument"`
	// The name of the resource policy.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html#cfn-logs-resourcepolicy-policyname
	//
	PolicyName *string `field:"required" json:"policyName" yaml:"policyName"`
}

Properties for defining a `CfnResourcePolicy`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnResourcePolicyProps := &CfnResourcePolicyProps{
	PolicyDocument: jsii.String("policyDocument"),
	PolicyName: jsii.String("policyName"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-resourcepolicy.html

type CfnSubscriptionFilter

type CfnSubscriptionFilter interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The Amazon Resource Name (ARN) of the destination.
	DestinationArn() *string
	SetDestinationArn(val *string)
	// The method used to distribute log data to the destination, which can be either random or grouped by log stream.
	Distribution() *string
	SetDistribution(val *string)
	// The name of the subscription filter.
	FilterName() *string
	SetFilterName(val *string)
	// The filtering expressions that restrict what gets delivered to the destination AWS resource.
	FilterPattern() *string
	SetFilterPattern(val *string)
	// The log group to associate with the subscription filter.
	LogGroupName() *string
	SetLogGroupName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream.
	RoleArn() *string
	SetRoleArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Logs::SubscriptionFilter` resource specifies a subscription filter and associates it with the specified log group.

Subscription filters allow you to subscribe to a real-time stream of log events and have them delivered to a specific destination. Currently, the supported destinations are:

- An Amazon Kinesis data stream belonging to the same account as the subscription filter, for same-account delivery. - A logical destination that belongs to a different account, for cross-account delivery. - An Amazon Kinesis Firehose delivery stream that belongs to the same account as the subscription filter, for same-account delivery. - An AWS Lambda function that belongs to the same account as the subscription filter, for same-account delivery.

There can be as many as two subscription filters associated with a log group.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnSubscriptionFilter := awscdk.Aws_logs.NewCfnSubscriptionFilter(this, jsii.String("MyCfnSubscriptionFilter"), &CfnSubscriptionFilterProps{
	DestinationArn: jsii.String("destinationArn"),
	FilterPattern: jsii.String("filterPattern"),
	LogGroupName: jsii.String("logGroupName"),

	// the properties below are optional
	Distribution: jsii.String("distribution"),
	FilterName: jsii.String("filterName"),
	RoleArn: jsii.String("roleArn"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html

func NewCfnSubscriptionFilter

func NewCfnSubscriptionFilter(scope constructs.Construct, id *string, props *CfnSubscriptionFilterProps) CfnSubscriptionFilter

type CfnSubscriptionFilterProps

type CfnSubscriptionFilterProps struct {
	// The Amazon Resource Name (ARN) of the destination.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-logs-subscriptionfilter-destinationarn
	//
	DestinationArn *string `field:"required" json:"destinationArn" yaml:"destinationArn"`
	// The filtering expressions that restrict what gets delivered to the destination AWS resource.
	//
	// For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-logs-subscriptionfilter-filterpattern
	//
	FilterPattern *string `field:"required" json:"filterPattern" yaml:"filterPattern"`
	// The log group to associate with the subscription filter.
	//
	// All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-logs-subscriptionfilter-loggroupname
	//
	LogGroupName *string `field:"required" json:"logGroupName" yaml:"logGroupName"`
	// The method used to distribute log data to the destination, which can be either random or grouped by log stream.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-logs-subscriptionfilter-distribution
	//
	Distribution *string `field:"optional" json:"distribution" yaml:"distribution"`
	// The name of the subscription filter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-logs-subscriptionfilter-filtername
	//
	FilterName *string `field:"optional" json:"filterName" yaml:"filterName"`
	// The ARN of an IAM role that grants CloudWatch Logs permissions to deliver ingested log events to the destination stream.
	//
	// You don't need to provide the ARN when you are working with a logical destination for cross-account delivery.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html#cfn-logs-subscriptionfilter-rolearn
	//
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
}

Properties for defining a `CfnSubscriptionFilter`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnSubscriptionFilterProps := &CfnSubscriptionFilterProps{
	DestinationArn: jsii.String("destinationArn"),
	FilterPattern: jsii.String("filterPattern"),
	LogGroupName: jsii.String("logGroupName"),

	// the properties below are optional
	Distribution: jsii.String("distribution"),
	FilterName: jsii.String("filterName"),
	RoleArn: jsii.String("roleArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-subscriptionfilter.html

type ColumnRestriction

type ColumnRestriction struct {
	// Comparison operator to use.
	Comparison *string `field:"required" json:"comparison" yaml:"comparison"`
	// Number value to compare to.
	//
	// Exactly one of 'stringValue' and 'numberValue' must be set.
	NumberValue *float64 `field:"optional" json:"numberValue" yaml:"numberValue"`
	// String value to compare to.
	//
	// Exactly one of 'stringValue' and 'numberValue' must be set.
	StringValue *string `field:"optional" json:"stringValue" yaml:"stringValue"`
}

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

columnRestriction := &ColumnRestriction{
	Comparison: jsii.String("comparison"),

	// the properties below are optional
	NumberValue: jsii.Number(123),
	StringValue: jsii.String("stringValue"),
}

type CrossAccountDestination

type CrossAccountDestination interface {
	awscdk.Resource
	ILogSubscriptionDestination
	// The ARN of this CrossAccountDestination object.
	DestinationArn() *string
	// The name of this CrossAccountDestination object.
	DestinationName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// Policy object of this CrossAccountDestination object.
	PolicyDocument() awsiam.PolicyDocument
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	AddToPolicy(statement awsiam.PolicyStatement)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Return the properties required to send subscription events to this destination.
	//
	// If necessary, the destination can use the properties of the SubscriptionFilter
	// object itself to configure its permissions to allow the subscription to write
	// to it.
	//
	// The destination may reconfigure its own permissions in response to this
	// function call.
	Bind(_scope constructs.Construct, _sourceLogGroup ILogGroup) *LogSubscriptionDestinationConfig
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A new CloudWatch Logs Destination for use in cross-account scenarios.

CrossAccountDestinations are used to subscribe a Kinesis stream in a different account to a CloudWatch Subscription.

Consumers will hardly ever need to use this class. Instead, directly subscribe a Kinesis stream using the integration class in the `aws-cdk-lib/aws-logs-destinations` package; if necessary, a `CrossAccountDestination` will be created automatically.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var role role

crossAccountDestination := awscdk.Aws_logs.NewCrossAccountDestination(this, jsii.String("MyCrossAccountDestination"), &CrossAccountDestinationProps{
	Role: role,
	TargetArn: jsii.String("targetArn"),

	// the properties below are optional
	DestinationName: jsii.String("destinationName"),
})

func NewCrossAccountDestination

func NewCrossAccountDestination(scope constructs.Construct, id *string, props *CrossAccountDestinationProps) CrossAccountDestination

type CrossAccountDestinationProps

type CrossAccountDestinationProps struct {
	// The role to assume that grants permissions to write to 'target'.
	//
	// The role must be assumable by 'logs.{REGION}.amazonaws.com'.
	Role awsiam.IRole `field:"required" json:"role" yaml:"role"`
	// The log destination target's ARN.
	TargetArn *string `field:"required" json:"targetArn" yaml:"targetArn"`
	// The name of the log destination.
	// Default: Automatically generated.
	//
	DestinationName *string `field:"optional" json:"destinationName" yaml:"destinationName"`
}

Properties for a CrossAccountDestination.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var role role

crossAccountDestinationProps := &CrossAccountDestinationProps{
	Role: role,
	TargetArn: jsii.String("targetArn"),

	// the properties below are optional
	DestinationName: jsii.String("destinationName"),
}

type DataIdentifier added in v2.79.0

type DataIdentifier interface {
	ToString() *string
}

A data protection identifier.

If an identifier is supported but not in this class, it can be passed in the constructor instead.

Example:

import kinesisfirehose "github.com/aws/aws-cdk-go/awscdkkinesisfirehosealpha"
import destinations "github.com/aws/aws-cdk-go/awscdkkinesisfirehosedestinationsalpha"

logGroupDestination := logs.NewLogGroup(this, jsii.String("LogGroupLambdaAudit"), &LogGroupProps{
	LogGroupName: jsii.String("auditDestinationForCDK"),
})

bucket := s3.NewBucket(this, jsii.String("audit-bucket"))
s3Destination := destinations.NewS3Bucket(bucket)

deliveryStream := kinesisfirehose.NewDeliveryStream(this, jsii.String("Delivery Stream"), &DeliveryStreamProps{
	Destinations: []iDestination{
		s3Destination,
	},
})

dataProtectionPolicy := logs.NewDataProtectionPolicy(&DataProtectionPolicyProps{
	Name: jsii.String("data protection policy"),
	Description: jsii.String("policy description"),
	Identifiers: []dataIdentifier{
		logs.*dataIdentifier_DRIVERSLICENSE_US(),
		logs.NewDataIdentifier(jsii.String("EmailAddress")),
	},
	LogGroupAuditDestination: logGroupDestination,
	S3BucketAuditDestination: bucket,
	DeliveryStreamNameAuditDestination: deliveryStream.DeliveryStreamName,
})

logs.NewLogGroup(this, jsii.String("LogGroupLambda"), &LogGroupProps{
	LogGroupName: jsii.String("cdkIntegLogGroup"),
	DataProtectionPolicy: dataProtectionPolicy,
})

func DataIdentifier_ADDRESS added in v2.79.0

func DataIdentifier_ADDRESS() DataIdentifier

func DataIdentifier_AWSSECRETKEY added in v2.79.0

func DataIdentifier_AWSSECRETKEY() DataIdentifier

func DataIdentifier_BANKACCOUNTNUMBER_DE added in v2.79.0

func DataIdentifier_BANKACCOUNTNUMBER_DE() DataIdentifier

func DataIdentifier_BANKACCOUNTNUMBER_ES added in v2.79.0

func DataIdentifier_BANKACCOUNTNUMBER_ES() DataIdentifier

func DataIdentifier_BANKACCOUNTNUMBER_FR added in v2.79.0

func DataIdentifier_BANKACCOUNTNUMBER_FR() DataIdentifier

func DataIdentifier_BANKACCOUNTNUMBER_GB added in v2.79.0

func DataIdentifier_BANKACCOUNTNUMBER_GB() DataIdentifier

func DataIdentifier_BANKACCOUNTNUMBER_IT added in v2.79.0

func DataIdentifier_BANKACCOUNTNUMBER_IT() DataIdentifier

func DataIdentifier_BANKACCOUNTNUMBER_US added in v2.79.0

func DataIdentifier_BANKACCOUNTNUMBER_US() DataIdentifier

func DataIdentifier_CEPCODE_BR added in v2.79.0

func DataIdentifier_CEPCODE_BR() DataIdentifier

func DataIdentifier_CNPJ_BR added in v2.79.0

func DataIdentifier_CNPJ_BR() DataIdentifier

func DataIdentifier_CPFCODE_BR added in v2.79.0

func DataIdentifier_CPFCODE_BR() DataIdentifier

func DataIdentifier_CREDITCARDEXPIRATION added in v2.79.0

func DataIdentifier_CREDITCARDEXPIRATION() DataIdentifier

func DataIdentifier_CREDITCARDNUMBER added in v2.79.0

func DataIdentifier_CREDITCARDNUMBER() DataIdentifier

func DataIdentifier_CREDITCARDSECURITYCODE added in v2.79.0

func DataIdentifier_CREDITCARDSECURITYCODE() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_AT added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_AT() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_AU added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_AU() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_BE added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_BE() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_BG added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_BG() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_CA added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_CA() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_CY added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_CY() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_CZ added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_CZ() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_DE added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_DE() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_DK added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_DK() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_EE added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_EE() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_ES added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_ES() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_FI added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_FI() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_FR added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_FR() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_GB added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_GB() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_GR added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_GR() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_HR added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_HR() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_HU added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_HU() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_IE added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_IE() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_IT added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_IT() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_LT added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_LT() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_LU added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_LU() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_LV added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_LV() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_MT added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_MT() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_NL added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_NL() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_PL added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_PL() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_PT added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_PT() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_RO added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_RO() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_SE added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_SE() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_SI added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_SI() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_SK added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_SK() DataIdentifier

func DataIdentifier_DRIVERSLICENSE_US added in v2.79.0

func DataIdentifier_DRIVERSLICENSE_US() DataIdentifier

func DataIdentifier_DRUGENFORCEMENTAGENCYNUMBER_US added in v2.79.0

func DataIdentifier_DRUGENFORCEMENTAGENCYNUMBER_US() DataIdentifier

func DataIdentifier_ELECTORALROLLNUMBER_GB added in v2.79.0

func DataIdentifier_ELECTORALROLLNUMBER_GB() DataIdentifier

func DataIdentifier_EMAILADDRESS added in v2.79.0

func DataIdentifier_EMAILADDRESS() DataIdentifier

func DataIdentifier_HEALTHCAREPROCEDURECODE_US added in v2.79.0

func DataIdentifier_HEALTHCAREPROCEDURECODE_US() DataIdentifier

func DataIdentifier_HEALTHINSURANCECARDNUMBER_EU added in v2.79.0

func DataIdentifier_HEALTHINSURANCECARDNUMBER_EU() DataIdentifier

func DataIdentifier_HEALTHINSURANCECLAIMNUMBER_US added in v2.79.0

func DataIdentifier_HEALTHINSURANCECLAIMNUMBER_US() DataIdentifier

func DataIdentifier_HEALTHINSURANCENUMBER_FR added in v2.79.0

func DataIdentifier_HEALTHINSURANCENUMBER_FR() DataIdentifier

func DataIdentifier_INDIVIDUALTAXIDENTIFICATIONNUMBER_US added in v2.79.0

func DataIdentifier_INDIVIDUALTAXIDENTIFICATIONNUMBER_US() DataIdentifier

func DataIdentifier_INSEECODE_FR added in v2.79.0

func DataIdentifier_INSEECODE_FR() DataIdentifier

func DataIdentifier_IPADDRESS added in v2.79.0

func DataIdentifier_IPADDRESS() DataIdentifier

func DataIdentifier_LATLONG added in v2.79.0

func DataIdentifier_LATLONG() DataIdentifier

func DataIdentifier_MEDICAREBENEFICIARYNUMBER_US added in v2.79.0

func DataIdentifier_MEDICAREBENEFICIARYNUMBER_US() DataIdentifier

func DataIdentifier_NAME added in v2.79.0

func DataIdentifier_NAME() DataIdentifier

func DataIdentifier_NATIONALDRUGCODE_US added in v2.79.0

func DataIdentifier_NATIONALDRUGCODE_US() DataIdentifier

func DataIdentifier_NATIONALIDENTIFICATIONNUMBER_DE added in v2.79.0

func DataIdentifier_NATIONALIDENTIFICATIONNUMBER_DE() DataIdentifier

func DataIdentifier_NATIONALIDENTIFICATIONNUMBER_ES added in v2.79.0

func DataIdentifier_NATIONALIDENTIFICATIONNUMBER_ES() DataIdentifier

func DataIdentifier_NATIONALIDENTIFICATIONNUMBER_IT added in v2.79.0

func DataIdentifier_NATIONALIDENTIFICATIONNUMBER_IT() DataIdentifier

func DataIdentifier_NATIONALINSURANCENUMBER_GB added in v2.79.0

func DataIdentifier_NATIONALINSURANCENUMBER_GB() DataIdentifier

func DataIdentifier_NATIONALPROVIDERID_US added in v2.79.0

func DataIdentifier_NATIONALPROVIDERID_US() DataIdentifier

func DataIdentifier_NHSNUMBER_GB added in v2.79.0

func DataIdentifier_NHSNUMBER_GB() DataIdentifier

func DataIdentifier_NIENUMBER_ES added in v2.79.0

func DataIdentifier_NIENUMBER_ES() DataIdentifier

func DataIdentifier_NIFNUMBER_ES added in v2.79.0

func DataIdentifier_NIFNUMBER_ES() DataIdentifier

func DataIdentifier_OPENSSHPRIVATEKEY added in v2.79.0

func DataIdentifier_OPENSSHPRIVATEKEY() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_CA added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_CA() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_DE added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_DE() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_ES added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_ES() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_FR added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_FR() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_GB added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_GB() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_IT added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_IT() DataIdentifier

func DataIdentifier_PASSPORTNUMBER_US added in v2.79.0

func DataIdentifier_PASSPORTNUMBER_US() DataIdentifier

func DataIdentifier_PERMANENTRESIDENCENUMBER_CA added in v2.79.0

func DataIdentifier_PERMANENTRESIDENCENUMBER_CA() DataIdentifier

func DataIdentifier_PERSONALHEALTHNUMBER_CA added in v2.79.0

func DataIdentifier_PERSONALHEALTHNUMBER_CA() DataIdentifier

func DataIdentifier_PGPPRIVATEKEY added in v2.79.0

func DataIdentifier_PGPPRIVATEKEY() DataIdentifier

func DataIdentifier_PHONENUMBER_BR added in v2.79.0

func DataIdentifier_PHONENUMBER_BR() DataIdentifier

func DataIdentifier_PHONENUMBER_DE added in v2.79.0

func DataIdentifier_PHONENUMBER_DE() DataIdentifier

func DataIdentifier_PHONENUMBER_ES added in v2.79.0

func DataIdentifier_PHONENUMBER_ES() DataIdentifier

func DataIdentifier_PHONENUMBER_FR added in v2.79.0

func DataIdentifier_PHONENUMBER_FR() DataIdentifier

func DataIdentifier_PHONENUMBER_GB added in v2.79.0

func DataIdentifier_PHONENUMBER_GB() DataIdentifier

func DataIdentifier_PHONENUMBER_IT added in v2.79.0

func DataIdentifier_PHONENUMBER_IT() DataIdentifier

func DataIdentifier_PHONENUMBER_US added in v2.79.0

func DataIdentifier_PHONENUMBER_US() DataIdentifier

func DataIdentifier_PKCSPRIVATEKEY added in v2.79.0

func DataIdentifier_PKCSPRIVATEKEY() DataIdentifier

func DataIdentifier_POSTALCODE_CA added in v2.79.0

func DataIdentifier_POSTALCODE_CA() DataIdentifier

func DataIdentifier_PUTTYPRIVATEKEY added in v2.79.0

func DataIdentifier_PUTTYPRIVATEKEY() DataIdentifier

func DataIdentifier_RGNUMBER_BR added in v2.79.0

func DataIdentifier_RGNUMBER_BR() DataIdentifier

func DataIdentifier_SOCIALINSURANCENUMBER_CA added in v2.79.0

func DataIdentifier_SOCIALINSURANCENUMBER_CA() DataIdentifier

func DataIdentifier_SSN_ES added in v2.79.0

func DataIdentifier_SSN_ES() DataIdentifier

func DataIdentifier_SSN_US added in v2.79.0

func DataIdentifier_SSN_US() DataIdentifier

func DataIdentifier_TAXID_DE added in v2.79.0

func DataIdentifier_TAXID_DE() DataIdentifier

func DataIdentifier_TAXID_ES added in v2.79.0

func DataIdentifier_TAXID_ES() DataIdentifier

func DataIdentifier_TAXID_FR added in v2.79.0

func DataIdentifier_TAXID_FR() DataIdentifier

func DataIdentifier_TAXID_GB added in v2.79.0

func DataIdentifier_TAXID_GB() DataIdentifier

func DataIdentifier_VEHICLEIDENTIFICATIONNUMBER added in v2.79.0

func DataIdentifier_VEHICLEIDENTIFICATIONNUMBER() DataIdentifier

func DataIdentifier_ZIPCODE_US added in v2.79.0

func DataIdentifier_ZIPCODE_US() DataIdentifier

func NewDataIdentifier added in v2.79.0

func NewDataIdentifier(identifier *string) DataIdentifier

type DataProtectionPolicy added in v2.79.0

type DataProtectionPolicy interface {
}

Creates a data protection policy for CloudWatch Logs log groups.

Example:

import kinesisfirehose "github.com/aws/aws-cdk-go/awscdkkinesisfirehosealpha"
import destinations "github.com/aws/aws-cdk-go/awscdkkinesisfirehosedestinationsalpha"

logGroupDestination := logs.NewLogGroup(this, jsii.String("LogGroupLambdaAudit"), &LogGroupProps{
	LogGroupName: jsii.String("auditDestinationForCDK"),
})

bucket := s3.NewBucket(this, jsii.String("audit-bucket"))
s3Destination := destinations.NewS3Bucket(bucket)

deliveryStream := kinesisfirehose.NewDeliveryStream(this, jsii.String("Delivery Stream"), &DeliveryStreamProps{
	Destinations: []iDestination{
		s3Destination,
	},
})

dataProtectionPolicy := logs.NewDataProtectionPolicy(&DataProtectionPolicyProps{
	Name: jsii.String("data protection policy"),
	Description: jsii.String("policy description"),
	Identifiers: []dataIdentifier{
		logs.*dataIdentifier_DRIVERSLICENSE_US(),
		logs.NewDataIdentifier(jsii.String("EmailAddress")),
	},
	LogGroupAuditDestination: logGroupDestination,
	S3BucketAuditDestination: bucket,
	DeliveryStreamNameAuditDestination: deliveryStream.DeliveryStreamName,
})

logs.NewLogGroup(this, jsii.String("LogGroupLambda"), &LogGroupProps{
	LogGroupName: jsii.String("cdkIntegLogGroup"),
	DataProtectionPolicy: dataProtectionPolicy,
})

func NewDataProtectionPolicy added in v2.79.0

func NewDataProtectionPolicy(props *DataProtectionPolicyProps) DataProtectionPolicy

type DataProtectionPolicyConfig added in v2.79.0

type DataProtectionPolicyConfig struct {
	// Description of the data protection policy.
	// Default: - 'cdk generated data protection policy'.
	//
	Description *string `field:"required" json:"description" yaml:"description"`
	// Name of the data protection policy.
	// Default: - 'data-protection-policy-cdk'.
	//
	Name *string `field:"required" json:"name" yaml:"name"`
	// Statements within the data protection policy.
	//
	// Must contain one Audit and one Redact statement.
	Statement interface{} `field:"required" json:"statement" yaml:"statement"`
	// Version of the data protection policy.
	Version *string `field:"required" json:"version" yaml:"version"`
}

Interface representing a data protection policy.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var statement interface{}

dataProtectionPolicyConfig := &DataProtectionPolicyConfig{
	Description: jsii.String("description"),
	Name: jsii.String("name"),
	Statement: statement,
	Version: jsii.String("version"),
}

type DataProtectionPolicyProps added in v2.79.0

type DataProtectionPolicyProps struct {
	// List of data protection identifiers.
	//
	// Must be in the following list: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/protect-sensitive-log-data-types.html
	Identifiers *[]DataIdentifier `field:"required" json:"identifiers" yaml:"identifiers"`
	// Amazon Kinesis Data Firehose delivery stream to send audit findings to.
	//
	// The delivery stream must already exist.
	// Default: - no firehose delivery stream audit destination.
	//
	DeliveryStreamNameAuditDestination *string `field:"optional" json:"deliveryStreamNameAuditDestination" yaml:"deliveryStreamNameAuditDestination"`
	// Description of the data protection policy.
	// Default: - 'cdk generated data protection policy'.
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// CloudWatch Logs log group to send audit findings to.
	//
	// The log group must already exist prior to creating the data protection policy.
	// Default: - no CloudWatch Logs audit destination.
	//
	LogGroupAuditDestination ILogGroup `field:"optional" json:"logGroupAuditDestination" yaml:"logGroupAuditDestination"`
	// Name of the data protection policy.
	// Default: - 'data-protection-policy-cdk'.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// S3 bucket to send audit findings to.
	//
	// The bucket must already exist.
	// Default: - no S3 bucket audit destination.
	//
	S3BucketAuditDestination awss3.IBucket `field:"optional" json:"s3BucketAuditDestination" yaml:"s3BucketAuditDestination"`
}

Properties for creating a data protection policy.

Example:

import kinesisfirehose "github.com/aws/aws-cdk-go/awscdkkinesisfirehosealpha"
import destinations "github.com/aws/aws-cdk-go/awscdkkinesisfirehosedestinationsalpha"

logGroupDestination := logs.NewLogGroup(this, jsii.String("LogGroupLambdaAudit"), &LogGroupProps{
	LogGroupName: jsii.String("auditDestinationForCDK"),
})

bucket := s3.NewBucket(this, jsii.String("audit-bucket"))
s3Destination := destinations.NewS3Bucket(bucket)

deliveryStream := kinesisfirehose.NewDeliveryStream(this, jsii.String("Delivery Stream"), &DeliveryStreamProps{
	Destinations: []iDestination{
		s3Destination,
	},
})

dataProtectionPolicy := logs.NewDataProtectionPolicy(&DataProtectionPolicyProps{
	Name: jsii.String("data protection policy"),
	Description: jsii.String("policy description"),
	Identifiers: []dataIdentifier{
		logs.*dataIdentifier_DRIVERSLICENSE_US(),
		logs.NewDataIdentifier(jsii.String("EmailAddress")),
	},
	LogGroupAuditDestination: logGroupDestination,
	S3BucketAuditDestination: bucket,
	DeliveryStreamNameAuditDestination: deliveryStream.DeliveryStreamName,
})

logs.NewLogGroup(this, jsii.String("LogGroupLambda"), &LogGroupProps{
	LogGroupName: jsii.String("cdkIntegLogGroup"),
	DataProtectionPolicy: dataProtectionPolicy,
})

type FilterPattern

type FilterPattern interface {
}

A collection of static methods to generate appropriate ILogPatterns.

Example:

// Search for all events where the component field is equal to
// "HttpServer" and either error is true or the latency is higher
// than 1000.
pattern := logs.FilterPattern_All(logs.FilterPattern_StringValue(jsii.String("$.component"), jsii.String("="), jsii.String("HttpServer")), logs.FilterPattern_Any(logs.FilterPattern_BooleanValue(jsii.String("$.error"), jsii.Boolean(true)), logs.FilterPattern_NumberValue(jsii.String("$.latency"), jsii.String(">"), jsii.Number(1000))))

func NewFilterPattern

func NewFilterPattern() FilterPattern

type IFilterPattern

type IFilterPattern interface {
	LogPatternString() *string
}

Interface for objects that can render themselves to log patterns.

func FilterPattern_AllEvents

func FilterPattern_AllEvents() IFilterPattern

A log pattern that matches all events.

func FilterPattern_AllTerms

func FilterPattern_AllTerms(terms ...*string) IFilterPattern

A log pattern that matches if all the strings given appear in the event.

func FilterPattern_AnyTerm

func FilterPattern_AnyTerm(terms ...*string) IFilterPattern

A log pattern that matches if any of the strings given appear in the event.

func FilterPattern_AnyTermGroup

func FilterPattern_AnyTermGroup(termGroups ...*[]*string) IFilterPattern

A log pattern that matches if any of the given term groups matches the event.

A term group matches an event if all the terms in it appear in the event string.

func FilterPattern_Literal

func FilterPattern_Literal(logPatternString *string) IFilterPattern

Use the given string as log pattern.

See https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html for information on writing log patterns.

type ILogGroup

type ILogGroup interface {
	awsiam.IResourceWithPolicy
	// Create a new Metric Filter on this Log Group.
	AddMetricFilter(id *string, props *MetricFilterOptions) MetricFilter
	// Create a new Log Stream for this Log Group.
	AddStream(id *string, props *StreamOptions) LogStream
	// Create a new Subscription Filter on this Log Group.
	AddSubscriptionFilter(id *string, props *SubscriptionFilterOptions) SubscriptionFilter
	// Extract a metric from structured log events in the LogGroup.
	//
	// Creates a MetricFilter on this LogGroup that will extract the value
	// of the indicated JSON field in all records where it occurs.
	//
	// The metric will be available in CloudWatch Metrics under the
	// indicated namespace and name.
	//
	// Returns: A Metric object representing the extracted metric.
	ExtractMetric(jsonField *string, metricNamespace *string, metricName *string) awscloudwatch.Metric
	// Give the indicated permissions on this log group and all streams.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Give permissions to read from this log group and streams.
	GrantRead(grantee awsiam.IGrantable) awsiam.Grant
	// Give permissions to write to create and write to streams in this log group.
	GrantWrite(grantee awsiam.IGrantable) awsiam.Grant
	// Public method to get the physical name of this log group.
	LogGroupPhysicalName() *string
	// The ARN of this log group, with ':*' appended.
	LogGroupArn() *string
	// The name of this log group.
	LogGroupName() *string
}

func LogGroup_FromLogGroupArn

func LogGroup_FromLogGroupArn(scope constructs.Construct, id *string, logGroupArn *string) ILogGroup

Import an existing LogGroup given its ARN.

func LogGroup_FromLogGroupName

func LogGroup_FromLogGroupName(scope constructs.Construct, id *string, logGroupName *string) ILogGroup

Import an existing LogGroup given its name.

type ILogStream

type ILogStream interface {
	awscdk.IResource
	// The name of this log stream.
	LogStreamName() *string
}

func LogStream_FromLogStreamName

func LogStream_FromLogStreamName(scope constructs.Construct, id *string, logStreamName *string) ILogStream

Import an existing LogGroup.

type ILogSubscriptionDestination

type ILogSubscriptionDestination interface {
	// Return the properties required to send subscription events to this destination.
	//
	// If necessary, the destination can use the properties of the SubscriptionFilter
	// object itself to configure its permissions to allow the subscription to write
	// to it.
	//
	// The destination may reconfigure its own permissions in response to this
	// function call.
	Bind(scope constructs.Construct, sourceLogGroup ILogGroup) *LogSubscriptionDestinationConfig
}

Interface for classes that can be the destination of a log Subscription.

type JsonPattern

type JsonPattern interface {
	IFilterPattern
	JsonPatternString() *string
	LogPatternString() *string
}

Base class for patterns that only match JSON log events.

Example:

// Search for all events where the component field is equal to
// "HttpServer" and either error is true or the latency is higher
// than 1000.
pattern := logs.FilterPattern_All(logs.FilterPattern_StringValue(jsii.String("$.component"), jsii.String("="), jsii.String("HttpServer")), logs.FilterPattern_Any(logs.FilterPattern_BooleanValue(jsii.String("$.error"), jsii.Boolean(true)), logs.FilterPattern_NumberValue(jsii.String("$.latency"), jsii.String(">"), jsii.Number(1000))))

func FilterPattern_All

func FilterPattern_All(patterns ...JsonPattern) JsonPattern

A JSON log pattern that matches if all given JSON log patterns match.

func FilterPattern_Any

func FilterPattern_Any(patterns ...JsonPattern) JsonPattern

A JSON log pattern that matches if any of the given JSON log patterns match.

func FilterPattern_BooleanValue

func FilterPattern_BooleanValue(jsonField *string, value *bool) JsonPattern

A JSON log pattern that matches if the field exists and equals the boolean value.

func FilterPattern_Exists

func FilterPattern_Exists(jsonField *string) JsonPattern

A JSON log patter that matches if the field exists.

This is a readable convenience wrapper over 'field = *'.

func FilterPattern_IsNull

func FilterPattern_IsNull(jsonField *string) JsonPattern

A JSON log pattern that matches if the field exists and has the special value 'null'.

func FilterPattern_NotExists

func FilterPattern_NotExists(jsonField *string) JsonPattern

A JSON log pattern that matches if the field does not exist.

func FilterPattern_NumberValue

func FilterPattern_NumberValue(jsonField *string, comparison *string, value *float64) JsonPattern

A JSON log pattern that compares numerical values.

This pattern only matches if the event is a JSON event, and the indicated field inside compares with the value in the indicated way.

Use '$' to indicate the root of the JSON structure. The comparison operator can only compare equality or inequality. The '*' wildcard may appear in the value may at the start or at the end.

For more information, see:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html

func FilterPattern_StringValue

func FilterPattern_StringValue(jsonField *string, comparison *string, value *string) JsonPattern

A JSON log pattern that compares string values.

This pattern only matches if the event is a JSON event, and the indicated field inside compares with the string value.

Use '$' to indicate the root of the JSON structure. The comparison operator can only compare equality or inequality. The '*' wildcard may appear in the value may at the start or at the end.

For more information, see:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html

type LogGroup

type LogGroup interface {
	awscdk.Resource
	ILogGroup
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The ARN of this log group.
	LogGroupArn() *string
	// The name of this log group.
	LogGroupName() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Create a new Metric Filter on this Log Group.
	AddMetricFilter(id *string, props *MetricFilterOptions) MetricFilter
	// Create a new Log Stream for this Log Group.
	AddStream(id *string, props *StreamOptions) LogStream
	// Create a new Subscription Filter on this Log Group.
	AddSubscriptionFilter(id *string, props *SubscriptionFilterOptions) SubscriptionFilter
	// Adds a statement to the resource policy associated with this log group.
	//
	// A resource policy will be automatically created upon the first call to `addToResourcePolicy`.
	//
	// Any ARN Principals inside of the statement will be converted into AWS Account ID strings
	// because CloudWatch Logs Resource Policies do not accept ARN principals.
	AddToResourcePolicy(statement awsiam.PolicyStatement) *awsiam.AddToResourcePolicyResult
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Extract a metric from structured log events in the LogGroup.
	//
	// Creates a MetricFilter on this LogGroup that will extract the value
	// of the indicated JSON field in all records where it occurs.
	//
	// The metric will be available in CloudWatch Metrics under the
	// indicated namespace and name.
	//
	// Returns: A Metric object representing the extracted metric.
	ExtractMetric(jsonField *string, metricNamespace *string, metricName *string) awscloudwatch.Metric
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Give the indicated permissions on this log group and all streams.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Give permissions to read and filter events from this log group.
	GrantRead(grantee awsiam.IGrantable) awsiam.Grant
	// Give permissions to create and write to streams in this log group.
	GrantWrite(grantee awsiam.IGrantable) awsiam.Grant
	// Public method to get the physical name of this log group.
	//
	// Returns: Physical name of log group.
	LogGroupPhysicalName() *string
	// Returns a string representation of this construct.
	ToString() *string
}

Define a CloudWatch Log Group.

Example:

import logs "github.com/aws/aws-cdk-go/awscdk"

logGroup := logs.NewLogGroup(this, jsii.String("Log Group"))
logBucket := s3.NewBucket(this, jsii.String("S3 Bucket"))

tasks.NewEmrContainersStartJobRun(this, jsii.String("EMR Containers Start Job Run"), &EmrContainersStartJobRunProps{
	VirtualCluster: tasks.VirtualClusterInput_FromVirtualClusterId(jsii.String("de92jdei2910fwedz")),
	ReleaseLabel: tasks.ReleaseLabel_EMR_6_2_0(),
	JobDriver: &JobDriver{
		SparkSubmitJobDriver: &SparkSubmitJobDriver{
			EntryPoint: sfn.TaskInput_FromText(jsii.String("local:///usr/lib/spark/examples/src/main/python/pi.py")),
			SparkSubmitParameters: jsii.String("--conf spark.executor.instances=2 --conf spark.executor.memory=2G --conf spark.executor.cores=2 --conf spark.driver.cores=1"),
		},
	},
	Monitoring: &Monitoring{
		LogGroup: logGroup,
		LogBucket: logBucket,
	},
})

func NewLogGroup

func NewLogGroup(scope constructs.Construct, id *string, props *LogGroupProps) LogGroup

type LogGroupProps

type LogGroupProps struct {
	// Data Protection Policy for this log group.
	// Default: - no data protection policy.
	//
	DataProtectionPolicy DataProtectionPolicy `field:"optional" json:"dataProtectionPolicy" yaml:"dataProtectionPolicy"`
	// The KMS customer managed key to encrypt the log group with.
	// Default: Server-side encrpytion managed by the CloudWatch Logs service.
	//
	EncryptionKey awskms.IKey `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
	// Name of the log group.
	// Default: Automatically generated.
	//
	LogGroupName *string `field:"optional" json:"logGroupName" yaml:"logGroupName"`
	// Determine the removal policy of this log group.
	//
	// Normally you want to retain the log group so you can diagnose issues
	// from logs even after a deployment that no longer includes the log group.
	// In that case, use the normal date-based retention policy to age out your
	// logs.
	// Default: RemovalPolicy.Retain
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// How long, in days, the log contents will be retained.
	//
	// To retain all logs, set this value to RetentionDays.INFINITE.
	// Default: RetentionDays.TWO_YEARS
	//
	Retention RetentionDays `field:"optional" json:"retention" yaml:"retention"`
}

Properties for a LogGroup.

Example:

import kinesisfirehose "github.com/aws/aws-cdk-go/awscdkkinesisfirehosealpha"
import destinations "github.com/aws/aws-cdk-go/awscdkkinesisfirehosedestinationsalpha"

logGroupDestination := logs.NewLogGroup(this, jsii.String("LogGroupLambdaAudit"), &LogGroupProps{
	LogGroupName: jsii.String("auditDestinationForCDK"),
})

bucket := s3.NewBucket(this, jsii.String("audit-bucket"))
s3Destination := destinations.NewS3Bucket(bucket)

deliveryStream := kinesisfirehose.NewDeliveryStream(this, jsii.String("Delivery Stream"), &DeliveryStreamProps{
	Destinations: []iDestination{
		s3Destination,
	},
})

dataProtectionPolicy := logs.NewDataProtectionPolicy(&DataProtectionPolicyProps{
	Name: jsii.String("data protection policy"),
	Description: jsii.String("policy description"),
	Identifiers: []dataIdentifier{
		logs.*dataIdentifier_DRIVERSLICENSE_US(),
		logs.NewDataIdentifier(jsii.String("EmailAddress")),
	},
	LogGroupAuditDestination: logGroupDestination,
	S3BucketAuditDestination: bucket,
	DeliveryStreamNameAuditDestination: deliveryStream.DeliveryStreamName,
})

logs.NewLogGroup(this, jsii.String("LogGroupLambda"), &LogGroupProps{
	LogGroupName: jsii.String("cdkIntegLogGroup"),
	DataProtectionPolicy: dataProtectionPolicy,
})

type LogRetention

type LogRetention interface {
	constructs.Construct
	// The ARN of the LogGroup.
	LogGroupArn() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string representation of this construct.
	ToString() *string
}

Creates a custom resource to control the retention policy of a CloudWatch Logs log group.

The log group is created if it doesn't already exist. The policy is removed when `retentionDays` is `undefined` or equal to `Infinity`. Log group can be created in the region that is different from stack region by specifying `logGroupRegion`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var role role

logRetention := awscdk.Aws_logs.NewLogRetention(this, jsii.String("MyLogRetention"), &LogRetentionProps{
	LogGroupName: jsii.String("logGroupName"),
	Retention: awscdk.*Aws_logs.RetentionDays_ONE_DAY,

	// the properties below are optional
	LogGroupRegion: jsii.String("logGroupRegion"),
	LogRetentionRetryOptions: &LogRetentionRetryOptions{
		Base: cdk.Duration_Minutes(jsii.Number(30)),
		MaxRetries: jsii.Number(123),
	},
	RemovalPolicy: cdk.RemovalPolicy_DESTROY,
	Role: role,
})

func NewLogRetention

func NewLogRetention(scope constructs.Construct, id *string, props *LogRetentionProps) LogRetention

type LogRetentionProps

type LogRetentionProps struct {
	// The log group name.
	LogGroupName *string `field:"required" json:"logGroupName" yaml:"logGroupName"`
	// The number of days log events are kept in CloudWatch Logs.
	Retention RetentionDays `field:"required" json:"retention" yaml:"retention"`
	// The region where the log group should be created.
	// Default: - same region as the stack.
	//
	LogGroupRegion *string `field:"optional" json:"logGroupRegion" yaml:"logGroupRegion"`
	// Retry options for all AWS API calls.
	// Default: - AWS SDK default retry options.
	//
	LogRetentionRetryOptions *LogRetentionRetryOptions `field:"optional" json:"logRetentionRetryOptions" yaml:"logRetentionRetryOptions"`
	// The removalPolicy for the log group when the stack is deleted.
	// Default: RemovalPolicy.RETAIN
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// The IAM role for the Lambda function associated with the custom resource.
	// Default: - A new role is created.
	//
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
}

Construction properties for a LogRetention.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var role role

logRetentionProps := &LogRetentionProps{
	LogGroupName: jsii.String("logGroupName"),
	Retention: awscdk.Aws_logs.RetentionDays_ONE_DAY,

	// the properties below are optional
	LogGroupRegion: jsii.String("logGroupRegion"),
	LogRetentionRetryOptions: &LogRetentionRetryOptions{
		Base: cdk.Duration_Minutes(jsii.Number(30)),
		MaxRetries: jsii.Number(123),
	},
	RemovalPolicy: cdk.RemovalPolicy_DESTROY,
	Role: role,
}

type LogRetentionRetryOptions

type LogRetentionRetryOptions struct {
	// The base duration to use in the exponential backoff for operation retries.
	// Default: - none, not used anymore.
	//
	// Deprecated: Unused since the upgrade to AWS SDK v3, which uses a different retry strategy.
	Base awscdk.Duration `field:"optional" json:"base" yaml:"base"`
	// The maximum amount of retries.
	// Default: 5.
	//
	MaxRetries *float64 `field:"optional" json:"maxRetries" yaml:"maxRetries"`
}

Retry options for all AWS API calls.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

logRetentionRetryOptions := &LogRetentionRetryOptions{
	Base: cdk.Duration_Minutes(jsii.Number(30)),
	MaxRetries: jsii.Number(123),
}

type LogStream

type LogStream interface {
	awscdk.Resource
	ILogStream
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The name of this log stream.
	LogStreamName() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Define a Log Stream in a Log Group.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var logGroup logGroup

logStream := awscdk.Aws_logs.NewLogStream(this, jsii.String("MyLogStream"), &LogStreamProps{
	LogGroup: logGroup,

	// the properties below are optional
	LogStreamName: jsii.String("logStreamName"),
	RemovalPolicy: cdk.RemovalPolicy_DESTROY,
})

func NewLogStream

func NewLogStream(scope constructs.Construct, id *string, props *LogStreamProps) LogStream

type LogStreamProps

type LogStreamProps struct {
	// The log group to create a log stream for.
	LogGroup ILogGroup `field:"required" json:"logGroup" yaml:"logGroup"`
	// The name of the log stream to create.
	//
	// The name must be unique within the log group.
	// Default: Automatically generated.
	//
	LogStreamName *string `field:"optional" json:"logStreamName" yaml:"logStreamName"`
	// Determine what happens when the log stream resource is removed from the app.
	//
	// Normally you want to retain the log stream so you can diagnose issues from
	// logs even after a deployment that no longer includes the log stream.
	//
	// The date-based retention policy of your log group will age out the logs
	// after a certain time.
	// Default: RemovalPolicy.Retain
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
}

Properties for a LogStream.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var logGroup logGroup

logStreamProps := &LogStreamProps{
	LogGroup: logGroup,

	// the properties below are optional
	LogStreamName: jsii.String("logStreamName"),
	RemovalPolicy: cdk.RemovalPolicy_DESTROY,
}

type LogSubscriptionDestinationConfig

type LogSubscriptionDestinationConfig struct {
	// The ARN of the subscription's destination.
	Arn *string `field:"required" json:"arn" yaml:"arn"`
	// The role to assume to write log events to the destination.
	// Default: No role assumed.
	//
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
}

Properties returned by a Subscription destination.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var role role

logSubscriptionDestinationConfig := &LogSubscriptionDestinationConfig{
	Arn: jsii.String("arn"),

	// the properties below are optional
	Role: role,
}

type MetricFilter

type MetricFilter interface {
	awscdk.Resource
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Return the given named metric for this Metric Filter.
	// Default: avg over 5 minutes.
	//
	Metric(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Returns a string representation of this construct.
	ToString() *string
}

A filter that extracts information from CloudWatch Logs and emits to CloudWatch Metrics.

Example:

awscdk.NewMetricFilter(this, jsii.String("MetricFilter"), &MetricFilterProps{
	LogGroup: LogGroup,
	MetricNamespace: jsii.String("MyApp"),
	MetricName: jsii.String("Latency"),
	FilterPattern: awscdk.FilterPattern_Exists(jsii.String("$.latency")),
	MetricValue: jsii.String("$.latency"),
})

func NewMetricFilter

func NewMetricFilter(scope constructs.Construct, id *string, props *MetricFilterProps) MetricFilter

type MetricFilterOptions

type MetricFilterOptions struct {
	// Pattern to search for log events.
	FilterPattern IFilterPattern `field:"required" json:"filterPattern" yaml:"filterPattern"`
	// The name of the metric to emit.
	MetricName *string `field:"required" json:"metricName" yaml:"metricName"`
	// The namespace of the metric to emit.
	MetricNamespace *string `field:"required" json:"metricNamespace" yaml:"metricNamespace"`
	// The value to emit if the pattern does not match a particular event.
	// Default: No metric emitted.
	//
	DefaultValue *float64 `field:"optional" json:"defaultValue" yaml:"defaultValue"`
	// The fields to use as dimensions for the metric.
	//
	// One metric filter can include as many as three dimensions.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-dimensions
	//
	// Default: - No dimensions attached to metrics.
	//
	Dimensions *map[string]*string `field:"optional" json:"dimensions" yaml:"dimensions"`
	// The name of the metric filter.
	// Default: - Cloudformation generated name.
	//
	FilterName *string `field:"optional" json:"filterName" yaml:"filterName"`
	// The value to emit for the metric.
	//
	// Can either be a literal number (typically "1"), or the name of a field in the structure
	// to take the value from the matched event. If you are using a field value, the field
	// value must have been matched using the pattern.
	//
	// If you want to specify a field from a matched JSON structure, use '$.fieldName',
	// and make sure the field is in the pattern (if only as '$.fieldName = *').
	//
	// If you want to specify a field from a matched space-delimited structure,
	// use '$fieldName'.
	// Default: "1".
	//
	MetricValue *string `field:"optional" json:"metricValue" yaml:"metricValue"`
	// The unit to assign to the metric.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-unit
	//
	// Default: - No unit attached to metrics.
	//
	Unit awscloudwatch.Unit `field:"optional" json:"unit" yaml:"unit"`
}

Properties for a MetricFilter created from a LogGroup.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var filterPattern iFilterPattern

metricFilterOptions := &MetricFilterOptions{
	FilterPattern: filterPattern,
	MetricName: jsii.String("metricName"),
	MetricNamespace: jsii.String("metricNamespace"),

	// the properties below are optional
	DefaultValue: jsii.Number(123),
	Dimensions: map[string]*string{
		"dimensionsKey": jsii.String("dimensions"),
	},
	FilterName: jsii.String("filterName"),
	MetricValue: jsii.String("metricValue"),
	Unit: awscdk.Aws_cloudwatch.Unit_SECONDS,
}

type MetricFilterProps

type MetricFilterProps struct {
	// Pattern to search for log events.
	FilterPattern IFilterPattern `field:"required" json:"filterPattern" yaml:"filterPattern"`
	// The name of the metric to emit.
	MetricName *string `field:"required" json:"metricName" yaml:"metricName"`
	// The namespace of the metric to emit.
	MetricNamespace *string `field:"required" json:"metricNamespace" yaml:"metricNamespace"`
	// The value to emit if the pattern does not match a particular event.
	// Default: No metric emitted.
	//
	DefaultValue *float64 `field:"optional" json:"defaultValue" yaml:"defaultValue"`
	// The fields to use as dimensions for the metric.
	//
	// One metric filter can include as many as three dimensions.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-dimensions
	//
	// Default: - No dimensions attached to metrics.
	//
	Dimensions *map[string]*string `field:"optional" json:"dimensions" yaml:"dimensions"`
	// The name of the metric filter.
	// Default: - Cloudformation generated name.
	//
	FilterName *string `field:"optional" json:"filterName" yaml:"filterName"`
	// The value to emit for the metric.
	//
	// Can either be a literal number (typically "1"), or the name of a field in the structure
	// to take the value from the matched event. If you are using a field value, the field
	// value must have been matched using the pattern.
	//
	// If you want to specify a field from a matched JSON structure, use '$.fieldName',
	// and make sure the field is in the pattern (if only as '$.fieldName = *').
	//
	// If you want to specify a field from a matched space-delimited structure,
	// use '$fieldName'.
	// Default: "1".
	//
	MetricValue *string `field:"optional" json:"metricValue" yaml:"metricValue"`
	// The unit to assign to the metric.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-logs-metricfilter-metrictransformation.html#cfn-logs-metricfilter-metrictransformation-unit
	//
	// Default: - No unit attached to metrics.
	//
	Unit awscloudwatch.Unit `field:"optional" json:"unit" yaml:"unit"`
	// The log group to create the filter on.
	LogGroup ILogGroup `field:"required" json:"logGroup" yaml:"logGroup"`
}

Properties for a MetricFilter.

Example:

awscdk.NewMetricFilter(this, jsii.String("MetricFilter"), &MetricFilterProps{
	LogGroup: LogGroup,
	MetricNamespace: jsii.String("MyApp"),
	MetricName: jsii.String("Latency"),
	FilterPattern: awscdk.FilterPattern_Exists(jsii.String("$.latency")),
	MetricValue: jsii.String("$.latency"),
})

type QueryDefinition added in v2.21.0

type QueryDefinition interface {
	awscdk.Resource
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The ID of the query definition.
	QueryDefinitionId() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Define a query definition for CloudWatch Logs Insights.

Example:

logs.NewQueryDefinition(this, jsii.String("QueryDefinition"), &QueryDefinitionProps{
	QueryDefinitionName: jsii.String("MyQuery"),
	QueryString: logs.NewQueryString(&QueryStringProps{
		Fields: []*string{
			jsii.String("@timestamp"),
			jsii.String("@message"),
		},
		ParseStatements: []*string{
			jsii.String("@message \"[*] *\" as loggingType, loggingMessage"),
			jsii.String("@message \"<*>: *\" as differentLoggingType, differentLoggingMessage"),
		},
		FilterStatements: []*string{
			jsii.String("loggingType = \"ERROR\""),
			jsii.String("loggingMessage = \"A very strange error occurred!\""),
		},
		Sort: jsii.String("@timestamp desc"),
		Limit: jsii.Number(20),
	}),
})

func NewQueryDefinition added in v2.21.0

func NewQueryDefinition(scope constructs.Construct, id *string, props *QueryDefinitionProps) QueryDefinition

type QueryDefinitionProps added in v2.21.0

type QueryDefinitionProps struct {
	// Name of the query definition.
	QueryDefinitionName *string `field:"required" json:"queryDefinitionName" yaml:"queryDefinitionName"`
	// The query string to use for this query definition.
	QueryString QueryString `field:"required" json:"queryString" yaml:"queryString"`
	// Specify certain log groups for the query definition.
	// Default: - no specified log groups.
	//
	LogGroups *[]ILogGroup `field:"optional" json:"logGroups" yaml:"logGroups"`
}

Properties for a QueryDefinition.

Example:

logs.NewQueryDefinition(this, jsii.String("QueryDefinition"), &QueryDefinitionProps{
	QueryDefinitionName: jsii.String("MyQuery"),
	QueryString: logs.NewQueryString(&QueryStringProps{
		Fields: []*string{
			jsii.String("@timestamp"),
			jsii.String("@message"),
		},
		ParseStatements: []*string{
			jsii.String("@message \"[*] *\" as loggingType, loggingMessage"),
			jsii.String("@message \"<*>: *\" as differentLoggingType, differentLoggingMessage"),
		},
		FilterStatements: []*string{
			jsii.String("loggingType = \"ERROR\""),
			jsii.String("loggingMessage = \"A very strange error occurred!\""),
		},
		Sort: jsii.String("@timestamp desc"),
		Limit: jsii.Number(20),
	}),
})

type QueryString added in v2.21.0

type QueryString interface {
	// String representation of this QueryString.
	ToString() *string
}

Define a QueryString.

Example:

logs.NewQueryDefinition(this, jsii.String("QueryDefinition"), &QueryDefinitionProps{
	QueryDefinitionName: jsii.String("MyQuery"),
	QueryString: logs.NewQueryString(&QueryStringProps{
		Fields: []*string{
			jsii.String("@timestamp"),
			jsii.String("@message"),
		},
		ParseStatements: []*string{
			jsii.String("@message \"[*] *\" as loggingType, loggingMessage"),
			jsii.String("@message \"<*>: *\" as differentLoggingType, differentLoggingMessage"),
		},
		FilterStatements: []*string{
			jsii.String("loggingType = \"ERROR\""),
			jsii.String("loggingMessage = \"A very strange error occurred!\""),
		},
		Sort: jsii.String("@timestamp desc"),
		Limit: jsii.Number(20),
	}),
})

func NewQueryString added in v2.21.0

func NewQueryString(props *QueryStringProps) QueryString

type QueryStringProps added in v2.21.0

type QueryStringProps struct {
	// Specifies which fields to display in the query results.
	// Default: - no display in QueryString.
	//
	Display *string `field:"optional" json:"display" yaml:"display"`
	// Retrieves the specified fields from log events for display.
	// Default: - no fields in QueryString.
	//
	Fields *[]*string `field:"optional" json:"fields" yaml:"fields"`
	// A single statement for filtering the results of a query based on a boolean expression.
	// Default: - no filter in QueryString.
	//
	// Deprecated: Use `filterStatements` instead.
	Filter *string `field:"optional" json:"filter" yaml:"filter"`
	// An array of one or more statements for filtering the results of a query based on a boolean expression.
	//
	// Each provided statement generates a separate filter line in the query string.
	//
	// Note: If provided, this property overrides any value provided for the `filter` property.
	// Default: - no filter in QueryString.
	//
	FilterStatements *[]*string `field:"optional" json:"filterStatements" yaml:"filterStatements"`
	// Specifies the number of log events returned by the query.
	// Default: - no limit in QueryString.
	//
	Limit *float64 `field:"optional" json:"limit" yaml:"limit"`
	// A single statement for parsing data from a log field and creating ephemeral fields that can be processed further in the query.
	// Default: - no parse in QueryString.
	//
	// Deprecated: Use `parseStatements` instead.
	Parse *string `field:"optional" json:"parse" yaml:"parse"`
	// An array of one or more statements for parsing data from a log field and creating ephemeral fields that can be processed further in the query.
	//
	// Each provided statement generates a separate
	// parse line in the query string.
	//
	// Note: If provided, this property overrides any value provided for the `parse` property.
	// Default: - no parse in QueryString.
	//
	ParseStatements *[]*string `field:"optional" json:"parseStatements" yaml:"parseStatements"`
	// Sorts the retrieved log events.
	// Default: - no sort in QueryString.
	//
	Sort *string `field:"optional" json:"sort" yaml:"sort"`
	// Uses log field values to calculate aggregate statistics.
	// Default: - no stats in QueryString.
	//
	Stats *string `field:"optional" json:"stats" yaml:"stats"`
}

Properties for a QueryString.

Example:

logs.NewQueryDefinition(this, jsii.String("QueryDefinition"), &QueryDefinitionProps{
	QueryDefinitionName: jsii.String("MyQuery"),
	QueryString: logs.NewQueryString(&QueryStringProps{
		Fields: []*string{
			jsii.String("@timestamp"),
			jsii.String("@message"),
		},
		ParseStatements: []*string{
			jsii.String("@message \"[*] *\" as loggingType, loggingMessage"),
			jsii.String("@message \"<*>: *\" as differentLoggingType, differentLoggingMessage"),
		},
		FilterStatements: []*string{
			jsii.String("loggingType = \"ERROR\""),
			jsii.String("loggingMessage = \"A very strange error occurred!\""),
		},
		Sort: jsii.String("@timestamp desc"),
		Limit: jsii.Number(20),
	}),
})

type ResourcePolicy

type ResourcePolicy interface {
	awscdk.Resource
	// The IAM policy document for this resource policy.
	Document() awsiam.PolicyDocument
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Resource Policy for CloudWatch Log Groups.

Policies define the operations that are allowed on this resource.

You almost never need to define this construct directly.

All AWS resources that support resource policies have a method called `addToResourcePolicy()`, which will automatically create a new resource policy if one doesn't exist yet, otherwise it will add to the existing policy.

Prefer to use `addToResourcePolicy()` instead.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var policyStatement policyStatement

resourcePolicy := awscdk.Aws_logs.NewResourcePolicy(this, jsii.String("MyResourcePolicy"), &ResourcePolicyProps{
	PolicyStatements: []*policyStatement{
		policyStatement,
	},
	ResourcePolicyName: jsii.String("resourcePolicyName"),
})

func NewResourcePolicy

func NewResourcePolicy(scope constructs.Construct, id *string, props *ResourcePolicyProps) ResourcePolicy

type ResourcePolicyProps

type ResourcePolicyProps struct {
	// Initial statements to add to the resource policy.
	// Default: - No statements.
	//
	PolicyStatements *[]awsiam.PolicyStatement `field:"optional" json:"policyStatements" yaml:"policyStatements"`
	// Name of the log group resource policy.
	// Default: - Uses a unique id based on the construct path.
	//
	ResourcePolicyName *string `field:"optional" json:"resourcePolicyName" yaml:"resourcePolicyName"`
}

Properties to define Cloudwatch log group resource policy.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var policyStatement policyStatement

resourcePolicyProps := &ResourcePolicyProps{
	PolicyStatements: []*policyStatement{
		policyStatement,
	},
	ResourcePolicyName: jsii.String("resourcePolicyName"),
}

type RetentionDays

type RetentionDays string

How long, in days, the log contents will be retained.

Example:

import logs "github.com/aws/aws-cdk-go/awscdk"
var myLogsPublishingRole role
var vpc vpc

// Exporting logs from a cluster
cluster := rds.NewDatabaseCluster(this, jsii.String("Database"), &DatabaseClusterProps{
	Engine: rds.DatabaseClusterEngine_Aurora(&AuroraClusterEngineProps{
		Version: rds.AuroraEngineVersion_VER_1_17_9(),
	}),
	Writer: rds.ClusterInstance_Provisioned(jsii.String("writer")),
	Vpc: Vpc,
	CloudwatchLogsExports: []*string{
		jsii.String("error"),
		jsii.String("general"),
		jsii.String("slowquery"),
		jsii.String("audit"),
	},
	 // Export all available MySQL-based logs
	CloudwatchLogsRetention: logs.RetentionDays_THREE_MONTHS,
	 // Optional - default is to never expire logs
	CloudwatchLogsRetentionRole: myLogsPublishingRole,
})

// Exporting logs from an instance
instance := rds.NewDatabaseInstance(this, jsii.String("Instance"), &DatabaseInstanceProps{
	Engine: rds.DatabaseInstanceEngine_Postgres(&PostgresInstanceEngineProps{
		Version: rds.PostgresEngineVersion_VER_15_2(),
	}),
	Vpc: Vpc,
	CloudwatchLogsExports: []*string{
		jsii.String("postgresql"),
	},
})
const (
	// 1 day.
	RetentionDays_ONE_DAY RetentionDays = "ONE_DAY"
	// 3 days.
	RetentionDays_THREE_DAYS RetentionDays = "THREE_DAYS"
	// 5 days.
	RetentionDays_FIVE_DAYS RetentionDays = "FIVE_DAYS"
	// 1 week.
	RetentionDays_ONE_WEEK RetentionDays = "ONE_WEEK"
	// 2 weeks.
	RetentionDays_TWO_WEEKS RetentionDays = "TWO_WEEKS"
	// 1 month.
	RetentionDays_ONE_MONTH RetentionDays = "ONE_MONTH"
	// 2 months.
	RetentionDays_TWO_MONTHS RetentionDays = "TWO_MONTHS"
	// 3 months.
	RetentionDays_THREE_MONTHS RetentionDays = "THREE_MONTHS"
	// 4 months.
	RetentionDays_FOUR_MONTHS RetentionDays = "FOUR_MONTHS"
	// 5 months.
	RetentionDays_FIVE_MONTHS RetentionDays = "FIVE_MONTHS"
	// 6 months.
	RetentionDays_SIX_MONTHS RetentionDays = "SIX_MONTHS"
	// 1 year.
	RetentionDays_ONE_YEAR RetentionDays = "ONE_YEAR"
	// 13 months.
	RetentionDays_THIRTEEN_MONTHS RetentionDays = "THIRTEEN_MONTHS"
	// 18 months.
	RetentionDays_EIGHTEEN_MONTHS RetentionDays = "EIGHTEEN_MONTHS"
	// 2 years.
	RetentionDays_TWO_YEARS RetentionDays = "TWO_YEARS"
	// 3 years.
	RetentionDays_THREE_YEARS RetentionDays = "THREE_YEARS"
	// 5 years.
	RetentionDays_FIVE_YEARS RetentionDays = "FIVE_YEARS"
	// 6 years.
	RetentionDays_SIX_YEARS RetentionDays = "SIX_YEARS"
	// 7 years.
	RetentionDays_SEVEN_YEARS RetentionDays = "SEVEN_YEARS"
	// 8 years.
	RetentionDays_EIGHT_YEARS RetentionDays = "EIGHT_YEARS"
	// 9 years.
	RetentionDays_NINE_YEARS RetentionDays = "NINE_YEARS"
	// 10 years.
	RetentionDays_TEN_YEARS RetentionDays = "TEN_YEARS"
	// Retain logs forever.
	RetentionDays_INFINITE RetentionDays = "INFINITE"
)

type SpaceDelimitedTextPattern

type SpaceDelimitedTextPattern interface {
	IFilterPattern
	LogPatternString() *string
	// Restrict where the pattern applies.
	WhereNumber(columnName *string, comparison *string, value *float64) SpaceDelimitedTextPattern
	// Restrict where the pattern applies.
	WhereString(columnName *string, comparison *string, value *string) SpaceDelimitedTextPattern
}

Space delimited text pattern.

Example:

// Search for all events where the component is "HttpServer" and the
// result code is not equal to 200.
pattern := logs.FilterPattern_SpaceDelimited(jsii.String("time"), jsii.String("component"), jsii.String("..."), jsii.String("result_code"), jsii.String("latency")).WhereString(jsii.String("component"), jsii.String("="), jsii.String("HttpServer")).WhereNumber(jsii.String("result_code"), jsii.String("!="), jsii.Number(200))

func FilterPattern_SpaceDelimited

func FilterPattern_SpaceDelimited(columns ...*string) SpaceDelimitedTextPattern

A space delimited log pattern matcher.

The log event is divided into space-delimited columns (optionally enclosed by "" or [] to capture spaces into column values), and names are given to each column.

'...' may be specified once to match any number of columns.

Afterwards, conditions may be added to individual columns.

func NewSpaceDelimitedTextPattern

func NewSpaceDelimitedTextPattern(columns *[]*string, restrictions *map[string]*[]*ColumnRestriction) SpaceDelimitedTextPattern

func SpaceDelimitedTextPattern_Construct

func SpaceDelimitedTextPattern_Construct(columns *[]*string) SpaceDelimitedTextPattern

Construct a new instance of a space delimited text pattern.

Since this class must be public, we can't rely on the user only creating it through the `LogPattern.spaceDelimited()` factory function. We must therefore validate the argument in the constructor. Since we're returning a copy on every mutation, and we don't want to re-validate the same things on every construction, we provide a limited set of mutator functions and only validate the new data every time.

type StreamOptions

type StreamOptions struct {
	// The name of the log stream to create.
	//
	// The name must be unique within the log group.
	// Default: Automatically generated.
	//
	LogStreamName *string `field:"optional" json:"logStreamName" yaml:"logStreamName"`
}

Properties for a new LogStream created from a LogGroup.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

streamOptions := &StreamOptions{
	LogStreamName: jsii.String("logStreamName"),
}

type SubscriptionFilter

type SubscriptionFilter interface {
	awscdk.Resource
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A new Subscription on a CloudWatch log group.

Example:

import destinations "github.com/aws/aws-cdk-go/awscdk"

var fn function
var logGroup logGroup

logs.NewSubscriptionFilter(this, jsii.String("Subscription"), &SubscriptionFilterProps{
	LogGroup: LogGroup,
	Destination: destinations.NewLambdaDestination(fn),
	FilterPattern: logs.FilterPattern_AllTerms(jsii.String("ERROR"), jsii.String("MainThread")),
	FilterName: jsii.String("ErrorInMainThread"),
})

func NewSubscriptionFilter

func NewSubscriptionFilter(scope constructs.Construct, id *string, props *SubscriptionFilterProps) SubscriptionFilter

type SubscriptionFilterOptions

type SubscriptionFilterOptions struct {
	// The destination to send the filtered events to.
	//
	// For example, a Kinesis stream or a Lambda function.
	Destination ILogSubscriptionDestination `field:"required" json:"destination" yaml:"destination"`
	// Log events matching this pattern will be sent to the destination.
	FilterPattern IFilterPattern `field:"required" json:"filterPattern" yaml:"filterPattern"`
	// The name of the subscription filter.
	// Default: Automatically generated.
	//
	FilterName *string `field:"optional" json:"filterName" yaml:"filterName"`
}

Properties for a new SubscriptionFilter created from a LogGroup.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var filterPattern iFilterPattern
var logSubscriptionDestination iLogSubscriptionDestination

subscriptionFilterOptions := &SubscriptionFilterOptions{
	Destination: logSubscriptionDestination,
	FilterPattern: filterPattern,

	// the properties below are optional
	FilterName: jsii.String("filterName"),
}

type SubscriptionFilterProps

type SubscriptionFilterProps struct {
	// The destination to send the filtered events to.
	//
	// For example, a Kinesis stream or a Lambda function.
	Destination ILogSubscriptionDestination `field:"required" json:"destination" yaml:"destination"`
	// Log events matching this pattern will be sent to the destination.
	FilterPattern IFilterPattern `field:"required" json:"filterPattern" yaml:"filterPattern"`
	// The name of the subscription filter.
	// Default: Automatically generated.
	//
	FilterName *string `field:"optional" json:"filterName" yaml:"filterName"`
	// The log group to create the subscription on.
	LogGroup ILogGroup `field:"required" json:"logGroup" yaml:"logGroup"`
}

Properties for a SubscriptionFilter.

Example:

import destinations "github.com/aws/aws-cdk-go/awscdk"

var fn function
var logGroup logGroup

logs.NewSubscriptionFilter(this, jsii.String("Subscription"), &SubscriptionFilterProps{
	LogGroup: LogGroup,
	Destination: destinations.NewLambdaDestination(fn),
	FilterPattern: logs.FilterPattern_AllTerms(jsii.String("ERROR"), jsii.String("MainThread")),
	FilterName: jsii.String("ErrorInMainThread"),
})

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL