k8saws

package
v0.0.36 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2023 License: Apache-2.0 Imports: 18 Imported by: 0

README

K8S AWS Construct Library

Provides Kubernetes resources for integrating with AWS services.

Fargate Logging

Fargate logging causes the output of pods running on EKS Farget to be sent to a logging service for storage and review.

By default, logs are written to CloudWatch Logs.

Enable Fargate logging on an EKS cluster:

declare const cluster: eks.FargateCluster;

const logger = new k8s_aws.FargateLogger(this, 'logger', {
    cluster: cluster,
    fargateProfiles: [
        cluster.defaultProfile
    ]
});

Permissions for sending logs to their configured destination are added to the Fargate profiles associated with the logger.

When adding new Fargate Profiles be sure to associate them with the logger to ensure they have sufficient permissions to write logs.

declare const profile: eks.FargateProfile;
declare const logger: k8s_aws.FargateLogger;

logger.addFargateProfile(profile);

Configure logging to write to a Kinesis Firehose delivery stream:

declare const cluster: eks.FargateCluster;
declare const deliveryStream: kinesis_hirehose.DeliveryStream;

const logger = new k8s_aws.FargateLogger(this, 'logger', {
    cluster: cluster,
    fargateProfiles: [
        cluster.defaultProfile
    ],
    outputs: [
        k8s_aws.FluentBitOutput.kinesisFirehose(k8s_aws.FluentBitMatch.ALL, deliveryStream);
    ]
});

Configure logging to write to a Kinesis data stream:

declare const cluster: eks.FargateCluster;
declare const stream: kinesis.Stream;

const logger = new k8s_aws.FargateLogger(this, 'logger', {
    cluster: cluster,
    fargateProfiles: [
        cluster.defaultProfile
    ],
    outputs: [
        k8s_aws.FluentBitOutput.kinesis(k8s_aws.FluentBitMatch.ALL, stream);
    ]
});

Configure logging to write to an OpenSearch domain:

declare const cluster: eks.FargateCluster;
declare const domain: opensearch.Domain;

const logger = new k8s_aws.FargateLogger(this, 'logger', {
    cluster: cluster,
    fargateProfiles: [
        cluster.defaultProfile
    ],
    outputs: [
        k8s_aws.FluentBitOutput.opensearch(k8s_aws.FluentBitMatch.ALL, domain);
    ]
});

Filter out log messages matching the AWS load balancer health check user agent:

declare const logger: k8s_aws.FargateLogger;

logger.addFilter(k8s_aws.FluentBitFilter.grep(k8s_aws.FluentBitMatch.ALL, {
    exclude: true,
    key: 'log',
    regex: 'ELB-HealthChecker'
}));

Container Insights

AWS Container Insights provides advanced diagnostic and performance metrics for your containerized applications running on AWS. For EKS cluster, Container Insights is provided by using AWS Distro for OpenTelemetry.

To enable Container Insights for pods running on your EKS cluster:

declare const cluster: eks.Cluster;

const collector = new k8s_aws.AdotCollector(this, 'adot-collector', {
    cluster: cluster
});

Route 53

Enable management of Route 53 hosted zones for ingress and service hosts:

declare const cluster: eks.Cluster;

const manager = new k8s_aws.Route53Dns(this, 'route53-dns', {
    cluster: cluster
});

Only enable managment of Route 53 DNS to only records that end with example.com:

declare const manager: k8s_aws.Route53Dns;

manager.addDomainFilter('example.com');

Only allow management for hosted zones that are tagged with managed-dns=enabled:

declare const manager: k8s_aws.Route53Dns;

manager.addZoneTag({
    key: 'managed-dns',
    value: 'enabled'
});

Only allow creates and updates of DNS records and not deletes:

declare const cluster: eks.Cluster;

const manager = new k8s_aws.Route53Dns(this, 'route53-dns', {
    cluster: cluster,
    syncPolicy: ExternalDnsSyncPolicy.UPSERT_ONLY
});

Secrets Manager

Enable synchronization of specific secret between Secrets Manager and Kubernetes:

declare const cluster: eks.Cluster;

const operator = new k8s_aws.ExternalSecretsOperator(this, 'external-secrets', {
    cluster: cluster
});

To tell the external secrets operator to synchronise a secret:

declase const operator: k8s_aws.ExternalSecretsOperator;
declare const secret: secretsmanager.Secret;

operator.registerSecretsManagerSecret('sychronized-secret', secret);

Give the secret a human friendly name in Kubernetes:

declase const operator: k8s_aws.ExternalSecretsOperator;
declare const secret: secretsmanager.Secret;

operator.registerSecretsManagerSecret('sychronized-secret', secret, {
    name: 'database-secret'
});

Only import specific JSON keys from a secret:

declase const operator: k8s_aws.ExternalSecretsOperator;
declare const secret: secretsmanager.Secret;

operator.registerSecretsManagerSecret('sychronized-secret', secret, {
    fields: [
        { kubernetesKey: 'username' },
        { kubernetesKey: 'password' },
    ]
});

Map secret fields that need to be different between Secrets Manager and Kubernetes.

declase const operator: k8s_aws.ExternalSecretsOperator;
declare const secret: secretsmanager.Secret;

operator.registerSecretsManagerSecret('sychronized-secret', secret, {
    fields: [
        {
            kubernetesKey: 'user',
            remoteKey: 'username',
        },
        {
            kubernetesKey: 'pass',
            remoteKey: 'password'
        },
    ]
});

Echoserver

A basic Kubernetes test service that can be used for testing Kubernetes cluster integrations.

This is a simple HTTP service that listens for incoming requests and echo details of requests back to the user.

Log messages are produced for each request and provide a convenient way to test logging filter and output configurations.

To create an echoserver service:

declare const cluster: eks.Cluster;

const echoserver = new k8s_aws.Echoserver(this, 'echoserver', {
    cluster: cluster
});

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdotCollector_DEFAULT_NAMESPACE added in v0.0.33 

func AdotCollector_DEFAULT_NAMESPACE() *string

func AdotCollector_IsConstruct added in v0.0.33 

func AdotCollector_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func AdotCollector_IsOwnedResource added in v0.0.33 

func AdotCollector_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func AdotCollector_IsResource added in v0.0.33 

func AdotCollector_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func AwsSecretStore_IsConstruct 

func AwsSecretStore_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func AwsSecretStore_IsOwnedResource 

func AwsSecretStore_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func AwsSecretStore_IsResource 

func AwsSecretStore_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func AwsSecretStore_NAME_VALIDATOR_REGEX 

func AwsSecretStore_NAME_VALIDATOR_REGEX() *string

func Echoserver_DEFAULT_DOMAIN_DISCOVERY added in v0.0.33 

func Echoserver_DEFAULT_DOMAIN_DISCOVERY() route53.DomainDiscovery

func Echoserver_DEFAULT_LOAD_BALANCER_SUBNETS added in v0.0.33 

func Echoserver_DEFAULT_LOAD_BALANCER_SUBNETS() *awsec2.SubnetSelection

func Echoserver_DEFAULT_NAME added in v0.0.33 

func Echoserver_DEFAULT_NAME() *string

func Echoserver_DEFAULT_NAMESPACE added in v0.0.33 

func Echoserver_DEFAULT_NAMESPACE() *string

func Echoserver_DEFAULT_PORT added in v0.0.33 

func Echoserver_DEFAULT_PORT() *float64

func Echoserver_DEFAULT_REPLICAS added in v0.0.33 

func Echoserver_DEFAULT_REPLICAS() *float64

func Echoserver_DEFAULT_REPOSITORY added in v0.0.33 

func Echoserver_DEFAULT_REPOSITORY() *string

func Echoserver_DEFAULT_TAG added in v0.0.33 

func Echoserver_DEFAULT_TAG() *string

func Echoserver_IsConstruct added in v0.0.33 

func Echoserver_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func Echoserver_IsOwnedResource added in v0.0.33 

func Echoserver_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func Echoserver_IsResource added in v0.0.33 

func Echoserver_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func ExternalSecret_IsConstruct 

func ExternalSecret_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func ExternalSecret_IsOwnedResource 

func ExternalSecret_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func ExternalSecret_IsResource 

func ExternalSecret_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func ExternalSecretsOperator_CHART_NAME added in v0.0.33 

func ExternalSecretsOperator_CHART_NAME() *string

func ExternalSecretsOperator_CHART_REPOSITORY added in v0.0.33 

func ExternalSecretsOperator_CHART_REPOSITORY() *string

func ExternalSecretsOperator_DEFAULT_NAMESPACE 

func ExternalSecretsOperator_DEFAULT_NAMESPACE() *string

func ExternalSecretsOperator_IsConstruct 

func ExternalSecretsOperator_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func ExternalSecretsOperator_IsOwnedResource 

func ExternalSecretsOperator_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func ExternalSecretsOperator_IsResource 

func ExternalSecretsOperator_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func FargateLogger_IsConstruct 

func FargateLogger_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func FargateLogger_IsOwnedResource 

func FargateLogger_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func FargateLogger_IsResource 

func FargateLogger_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func FluentBitKubernetesFilter_PLUGIN_NAME added in v0.0.33 

func FluentBitKubernetesFilter_PLUGIN_NAME() *string

func FluentBitRewriteTagFilter_PLUGIN_NAME added in v0.0.33 

func FluentBitRewriteTagFilter_PLUGIN_NAME() *string

func NewAdotCollector_Override added in v0.0.33 

func NewAdotCollector_Override(a AdotCollector, scope constructs.Construct, id *string, props *AdotCollectorProps)

Creates a new instance of the AdotCollector class.

func NewAwsSecretStore_Override 

func NewAwsSecretStore_Override(a AwsSecretStore, scope constructs.Construct, id *string, props *AwsSecretStoreProps)

Creates a new instance of the AwsSecretStore class.

func NewAwsServiceDiscoveryRegistry_Override added in v0.0.33 

func NewAwsServiceDiscoveryRegistry_Override(a AwsServiceDiscoveryRegistry)

Creates a new instance of the AwsServiceDiscoveryRegistry class.

func NewEchoserver_Override added in v0.0.33 

func NewEchoserver_Override(e Echoserver, scope constructs.Construct, id *string, props *EchoserverProps)

Creates a new instance of the Echoserver class.

func NewExternalDnsRegistry_Override added in v0.0.33 

func NewExternalDnsRegistry_Override(e ExternalDnsRegistry)

func NewExternalSecret_Override 

func NewExternalSecret_Override(e ExternalSecret, scope constructs.Construct, id *string, props *ExternalSecretProps)

Creates a new instance of the ExternalSecret class.

func NewExternalSecretsOperator_Override 

func NewExternalSecretsOperator_Override(e ExternalSecretsOperator, scope constructs.Construct, id *string, props *ExternalSecretsOperatorProps)

Creates a new instance of the ExternalSecretsOperator class.

func NewFargateLogger_Override 

func NewFargateLogger_Override(f FargateLogger, scope constructs.Construct, id *string, props *FargateLoggerProps)

Creates a new instance of the FargateLogger class.

func NewFluentBitCloudWatchLogsOutput_Override added in v0.0.33 

func NewFluentBitCloudWatchLogsOutput_Override(f FluentBitCloudWatchLogsOutput, options *FluentBitCloudWatchLogsOutputOptions)

Creates a new instance of the FluentBitCloudWatchLogsOutput class.

func NewFluentBitElasticsearchOutput_Override added in v0.0.33 

func NewFluentBitElasticsearchOutput_Override(f FluentBitElasticsearchOutput, options *FluentBitElasticsearchOutputOptions)

Creates a new instance of the FluentBitKinesisFirehoseOutput class.

func NewFluentBitFilterPluginBase_Override added in v0.0.33 

func NewFluentBitFilterPluginBase_Override(f FluentBitFilterPluginBase, name *string, options *FluentBitFilterPluginCommonOptions)

Creates a new instance of the FluentBitOutputPlugin class.

func NewFluentBitFilter_Override added in v0.0.33 

func NewFluentBitFilter_Override(f FluentBitFilter)

func NewFluentBitGrepFilter_Override added in v0.0.33 

func NewFluentBitGrepFilter_Override(f FluentBitGrepFilter, options *FluentBitGrepFilterOptions)

Creates a new instance of the FluentBitKinesisFirehoseOutput class.

func NewFluentBitJsonParser_Override added in v0.0.33 

func NewFluentBitJsonParser_Override(f FluentBitJsonParser, name *string, options *FluentBitJsonParserOptions)

Creates a new instance of the FluentBitJsonParser class.

func NewFluentBitKinesisFirehoseOutput_Override added in v0.0.33 

func NewFluentBitKinesisFirehoseOutput_Override(f FluentBitKinesisFirehoseOutput, options *FluentBitKinesisFirehoseOutputOptions)

Creates a new instance of the FluentBitKinesisFirehoseOutput class.

func NewFluentBitKinesisOutput_Override added in v0.0.33 

func NewFluentBitKinesisOutput_Override(f FluentBitKinesisOutput, options *FluentBitKinesisOutputOptions)

Creates a new instance of the FluentBitKinesisOutput class.

func NewFluentBitKubernetesFilter_Override added in v0.0.33 

func NewFluentBitKubernetesFilter_Override(f FluentBitKubernetesFilter, options *FluentBitKubernetesFilterOptions)

Creates a new instance of the FluentBitKubernetesFilter class.

func NewFluentBitLogfmtParser_Override added in v0.0.33 

func NewFluentBitLogfmtParser_Override(f FluentBitLogfmtParser, name *string, options *FluentBitLogfmtParserOptions)

Creates a new instance of the FluentBitLogfmtParser class.

func NewFluentBitLtsvParser_Override added in v0.0.33 

func NewFluentBitLtsvParser_Override(f FluentBitLtsvParser, name *string, options *FluentBitLtsvParserOptions)

Creates a new instance of the FluentBitLtsvParser class.

func NewFluentBitModifyFilter_Override added in v0.0.33 

func NewFluentBitModifyFilter_Override(f FluentBitModifyFilter, options *FluentBitModifyFilterOptions)

Creates a new instance of the FluentBitModifyFilter class.

func NewFluentBitNestFilter_Override added in v0.0.33 

func NewFluentBitNestFilter_Override(f FluentBitNestFilter, options *FluentBitNestFilterOptions)

Creates a new instance of the FluentBitNestFilter class.

func NewFluentBitOpenSearchOutput_Override added in v0.0.33 

func NewFluentBitOpenSearchOutput_Override(f FluentBitOpenSearchOutput, options *FluentBitOpenSearchOutputOptions)

Creates a new instance of the FluentBitOpenSearchOutput class.

func NewFluentBitOutputPluginBase_Override added in v0.0.33 

func NewFluentBitOutputPluginBase_Override(f FluentBitOutputPluginBase, name *string, options *FluentBitOutputPluginCommonOptions)

Creates a new instance of the FluentBitOutputPlugin class.

func NewFluentBitOutput_Override added in v0.0.33 

func NewFluentBitOutput_Override(f FluentBitOutput)

func NewFluentBitParserFilter_Override added in v0.0.33 

func NewFluentBitParserFilter_Override(f FluentBitParserFilter, options *FluentBitParserFilterOptions)

Creates a new instance of the FluentBitParserFilter class.

func NewFluentBitParserPluginBase_Override added in v0.0.33 

func NewFluentBitParserPluginBase_Override(f FluentBitParserPluginBase, name *string, format *string, _options *FluentBitParserPluginCommonOptions)

Creates a new instance of the FluentBitParserPlugin class.

func NewFluentBitParser_Override added in v0.0.33 

func NewFluentBitParser_Override(f FluentBitParser)

func NewFluentBitPlugin_Override added in v0.0.33 

func NewFluentBitPlugin_Override(f FluentBitPlugin, options *FluentBitPluginCommonOptions)

Creates a new instance of the FluentBitPlugin class.

func NewFluentBitRecordModifierFilter_Override added in v0.0.33 

func NewFluentBitRecordModifierFilter_Override(f FluentBitRecordModifierFilter, options *FluentBitRecordModifierFilterOptions)

Creates a new instance of the FluentBitRecordModifierFilter class.

func NewFluentBitRegexParser_Override added in v0.0.33 

func NewFluentBitRegexParser_Override(f FluentBitRegexParser, name *string, options *FluentBitRegexParserOptions)

Creates a new instance of the FluentBitLtsvParser class.

func NewFluentBitRewriteTagFilter_Override added in v0.0.33 

func NewFluentBitRewriteTagFilter_Override(f FluentBitRewriteTagFilter, options *FluentBitRewriteTagFilterOptions)

Creates a new instance of the FluentBitRewriteTagFilter class.

func NewFluentBitThrottleFilter_Override added in v0.0.33 

func NewFluentBitThrottleFilter_Override(f FluentBitThrottleFilter, options *FluentBitThrottleFilterOptions)

Creates a new instance of the FluentBitThrottleFilter class.

func NewNoopRegistry_Override added in v0.0.33 

func NewNoopRegistry_Override(n NoopRegistry)

Creates a new instance of the NoopRegistry class.

func NewRoute53Dns_Override added in v0.0.33 

func NewRoute53Dns_Override(r Route53Dns, scope constructs.Construct, id *string, props *Route53DnsProps)

Creates a new instance of the Route53Dns class.

func NewSecretsManagerReference_Override 

func NewSecretsManagerReference_Override(s SecretsManagerReference, secret awssecretsmanager.ISecret, options *SecretsManagerReferenceOptions)

Creates a new instance of the SecretsManagerReference class.

func NewSecretsManagerSecretStore_Override 

func NewSecretsManagerSecretStore_Override(s SecretsManagerSecretStore, scope constructs.Construct, id *string, props *SecretsManagerSecretStoreProps)

Creates a new instance of the SecretsManagerSecretStore class.

func NewSsmParameterReference_Override 

func NewSsmParameterReference_Override(s SsmParameterReference, parameter awsssm.IParameter, options *SsmParameterReferenceOptions)

Creates a new instance of the SsmParameterReference class.

func NewSsmParameterSecretStore_Override 

func NewSsmParameterSecretStore_Override(s SsmParameterSecretStore, scope constructs.Construct, id *string, props *SsmParameterSecretStoreProps)

Creates a new instance of the SsmParameterSecretStore class.

func NewTxtRegistry_Override added in v0.0.33 

func NewTxtRegistry_Override(t TxtRegistry, options *TxtRegistryOptions)

Creates a new instance of the NoopRegistry class.

func Route53Dns_CHART_NAME added in v0.0.33 

func Route53Dns_CHART_NAME() *string

func Route53Dns_CHART_REPOSITORY added in v0.0.33 

func Route53Dns_CHART_REPOSITORY() *string

func Route53Dns_DEFAULT_NAMESPACE added in v0.0.33 

func Route53Dns_DEFAULT_NAMESPACE() *string

func Route53Dns_IsConstruct added in v0.0.33 

func Route53Dns_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func Route53Dns_IsOwnedResource added in v0.0.33 

func Route53Dns_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func Route53Dns_IsResource added in v0.0.33 

func Route53Dns_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func SecretsManagerSecretStore_IsConstruct 

func SecretsManagerSecretStore_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func SecretsManagerSecretStore_IsOwnedResource 

func SecretsManagerSecretStore_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func SecretsManagerSecretStore_IsResource 

func SecretsManagerSecretStore_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func SecretsManagerSecretStore_NAME_VALIDATOR_REGEX 

func SecretsManagerSecretStore_NAME_VALIDATOR_REGEX() *string

func SsmParameterSecretStore_IsConstruct 

func SsmParameterSecretStore_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.

func SsmParameterSecretStore_IsOwnedResource 

func SsmParameterSecretStore_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func SsmParameterSecretStore_IsResource 

func SsmParameterSecretStore_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func SsmParameterSecretStore_NAME_VALIDATOR_REGEX 

func SsmParameterSecretStore_NAME_VALIDATOR_REGEX() *string

func TxtRegistry_DEFAULT_PREFIX added in v0.0.33 

func TxtRegistry_DEFAULT_PREFIX() *string

func TxtRegistry_NO_PREFIX added in v0.0.33 

func TxtRegistry_NO_PREFIX() *string

Types

type AdotCollector added in v0.0.33 

type AdotCollector interface {
	awscdk.Resource
	// The EKS cluster where the ADOT Collector will be deployed.
	Cluster() awseks.ICluster
	// Flag wich sets whether the deploy of the ADOT collector should include creating the Kubernetes namespace the service will be deployed to.
	CreateNamespace() *bool
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Kubernetes manifest used to deploy the ADOT Collector.
	Manifest() awseks.KubernetesManifest
	// The Kubernetes namespace where resources related to the ADOT collector will be created.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The Kubernetes service account that allows the ADOT collector to gather metric information and publish it to CloudWatch.
	ServiceAccount() awseks.ServiceAccount
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

func NewAdotCollector added in v0.0.33 

func NewAdotCollector(scope constructs.Construct, id *string, props *AdotCollectorProps) AdotCollector

Creates a new instance of the AdotCollector class.

type AdotCollectorProps added in v0.0.33 

type AdotCollectorProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS cluster where the ADOT Collector will be deployed.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
	// Flag wich sets whether the deploy of the ADOT collector should include creating the Kubernetes namespace the service will be deployed to.
	CreateNamespace *bool `field:"optional" json:"createNamespace" yaml:"createNamespace"`
	// The Kubernetes namespace where resources related to the ADOT collector will be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Condifuration for the AdorCollector resource.

type AppendedRecord added in v0.0.33 

type AppendedRecord struct {
	// The name of the field to be added.
	FieldName *string `field:"required" json:"fieldName" yaml:"fieldName"`
	// The value that the added field should be set to.
	Value *string `field:"required" json:"value" yaml:"value"`
}

Represents a record field to be added by the record modifier Fluent Bit filter plugin.

type AwsSecretStore 

type AwsSecretStore interface {
	awscdk.Resource
	ISecretStore
	// The EKS cluster where the secret store should be created.
	Cluster() awseks.ICluster
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Kubernetes manifest that defines the secret store.
	Manifest() awseks.KubernetesManifest
	// A human friendly name for the secret store.
	Name() *string
	// The Kubernetes namespace where the secret store should be created.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The name of the secret store as it appears in Kubernetes.
	SecretStoreName() *string
	// The name of the service provider backing the secret store.
	Service() *string
	// A Kubernetes service account mapped to an IAM role that provides the necessary permissions to sychronize secrets from an AWS rpvoder.
	ServiceAccount() awseks.ServiceAccount
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A generic class representing secret store that is backed by an AWS service.

func NewAwsSecretStore 

func NewAwsSecretStore(scope constructs.Construct, id *string, props *AwsSecretStoreProps) AwsSecretStore

Creates a new instance of the AwsSecretStore class.

type AwsSecretStoreProps 

type AwsSecretStoreProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS cluster where the secret store should be created.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
	// The name of the service provider backing the secret store.
	Service *string `field:"required" json:"service" yaml:"service"`
	// A human friendly name for the secret store.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The Kubernetes namespace where the secret store should be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Configuration options for adding a new secret store resource.

type AwsServiceDiscoveryRegistry added in v0.0.33 

type AwsServiceDiscoveryRegistry interface {
	IExternalDnsRegistry
	// The type name of ExternalDNS registry.
	RegistryType() *string
	// Generates an object with all the information needed to use the registry in a given CDK scope.
	//
	// Returns: A configuration object representing the implementation of this
	// registry.
	Bind(scope constructs.IConstruct) *ExternalDnsRegistryConfiguration
}

An ExternalDNS registry that tracks DNS record ownership information using AWS Service Discovery. See: [AWS Cloud Map](https://docs.aws.amazon.com/cloud-map/latest/dg/what-is-cloud-map.html)

func ExternalDnsRegistry_AwsServiceDiscovery added in v0.0.33 

func ExternalDnsRegistry_AwsServiceDiscovery() AwsServiceDiscoveryRegistry

An ExternalDNS registry that tracks DNS record ownership information using AWS Service Discovery.

Returns: A ExternalDNS registry object configured to use AWS Cloud Map for ownership information. See: [AWS Cloud Map](https://docs.aws.amazon.com/cloud-map/latest/dg/what-is-cloud-map.html)

func NewAwsServiceDiscoveryRegistry added in v0.0.33 

func NewAwsServiceDiscoveryRegistry() AwsServiceDiscoveryRegistry

Creates a new instance of the AwsServiceDiscoveryRegistry class.

type Echoserver added in v0.0.33 

type Echoserver interface {
	awscdk.Resource
	awsec2.IConnectable
	route53.IDnsResolvable
	// The EKS Cluster where the service should be deployed.
	Cluster() awseks.ICluster
	// Access for network connections.
	Connections() awsec2.Connections
	// Determines the behavior of automatic DNS discovery and configuration.
	DomainDiscovery() route53.DomainDiscovery
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The subnets where the load balancer should be created..
	LoadBalancerSubnets() *awsec2.SubnetSelection
	// The Kubernetes manifest that creates the ConfigMap that Fargate uses to configure logging.
	Manifest() awseks.KubernetesManifest
	// The name of the Kubernetes service to be created.
	Name() *string
	// The Kubernetes namespace where the service should be created.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The port which netcat should listen on.
	Port() *float64
	// The number of replicas that should exist.
	Replicas() *float64
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// A subdomain that should be prefixed to the beginning of all registered domains.
	Subdomain() *string
	// The Docker tag specifying the version of echoserver to use.
	// See: [Google echoserver image repository](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/echoserver)
	//
	Tag() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	RegisterDomain(domain route53.Domain)
	// Returns a string representation of this construct.
	ToString() *string
}

Creates a simple Kubernetes test service using the Google echoserver test image.

The server listens for incoming web requests and echos the details of the request back to the user. Each request results in output being written to the Docker log providing a convenient way to test logging setup. See: [Google echoserver image repository](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/echoserver)

func NewEchoserver added in v0.0.33 

func NewEchoserver(scope constructs.Construct, id *string, props *EchoserverProps) Echoserver

Creates a new instance of the Echoserver class.

type EchoserverProps added in v0.0.33 

type EchoserverProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS Cluster where the service should be deployed.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
	// Determines the behavior of automatic DNS discovery and configuration.
	DomainDiscovery route53.DomainDiscovery `field:"optional" json:"domainDiscovery" yaml:"domainDiscovery"`
	// The subnets where the load balancer should be created.
	LoadBalancerSubnets *awsec2.SubnetSelection `field:"optional" json:"loadBalancerSubnets" yaml:"loadBalancerSubnets"`
	// The name of the Kubernetes service to be created.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The Kubernetes namespace where the service should be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
	// The port which netcat should listen on.
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The number of replicas that should exist.
	Replicas *float64 `field:"optional" json:"replicas" yaml:"replicas"`
	// The Security groups which should be applied to the service.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// A subdomain that should be prefixed to the beginning of all registered domains.
	Subdomain *string `field:"optional" json:"subdomain" yaml:"subdomain"`
	// The Docker tag specifying the version of echoserver to use.
	// See: [Google echoserver image repository](https://console.cloud.google.com/gcr/images/google-containers/GLOBAL/echoserver)
	//
	Tag *string `field:"optional" json:"tag" yaml:"tag"`
}

Configuration for the Echoserver resource.

type ElasticsearchCompressionFormat added in v0.0.33 

type ElasticsearchCompressionFormat string
const (
	// Gzip compression format.
	ElasticsearchCompressionFormat_GZIP ElasticsearchCompressionFormat = "GZIP"
)

type ElasticsearchOutputBufferSize added in v0.0.33 

type ElasticsearchOutputBufferSize interface {
	// The value to use for the Elasticsearch buffer output property.
	Value() *string
}

Represents the size of the Elasticsearch output buffer to be used by Fluent Bit.

func ElasticsearchOutputBufferSize_Bytes added in v0.0.33 

func ElasticsearchOutputBufferSize_Bytes(size core.DataSize) ElasticsearchOutputBufferSize

Set the output buffer to a specified data size.

Returns: An output buffer size object representing the specified buffer size.

func ElasticsearchOutputBufferSize_Of added in v0.0.33 

func ElasticsearchOutputBufferSize_Of(value *string) ElasticsearchOutputBufferSize

An escape hatch that allows an arbitrary value to be set for the Elasticsearch buffer output property.

Returns: A `ElasticsearchOutputBufferSize` object representing the passed value.

func ElasticsearchOutputBufferSize_UNLIMITED added in v0.0.33 

func ElasticsearchOutputBufferSize_UNLIMITED() ElasticsearchOutputBufferSize

type EmitterStorageType added in v0.0.33 

type EmitterStorageType interface {
	// The name of the emitter storage type as it should appear in the plugin configuration file.
	Name() *string
}

Define a buffering mechanism for the new records created by the rewrite tag Fluent Bit filter plugin.

func EmitterStorageType_FILESYSTEM added in v0.0.33 

func EmitterStorageType_FILESYSTEM() EmitterStorageType

func EmitterStorageType_MEMORY added in v0.0.33 

func EmitterStorageType_MEMORY() EmitterStorageType

func EmitterStorageType_Of added in v0.0.33 

func EmitterStorageType_Of(name *string) EmitterStorageType

An escape hatch that allows for specifying a custom value for the rewrite tag plugin's `Emitter_Storage.type` field.

type ExternalDnsLogFormat added in v0.0.33 

type ExternalDnsLogFormat string

The format external dns should use to output logs. 

const (
	// Output logs will be written as JSON objects.
	ExternalDnsLogFormat_JSON ExternalDnsLogFormat = "JSON"
	// Output logs will be written in plain text.
	ExternalDnsLogFormat_TEXT ExternalDnsLogFormat = "TEXT"
)

type ExternalDnsLogLevel added in v0.0.33 

type ExternalDnsLogLevel string

Verbosity of the logs generated by the external-dns service. 

const (
	// Set log level to 'panic'.
	ExternalDnsLogLevel_PANIC ExternalDnsLogLevel = "PANIC"
	// Set log level to 'debug'.
	ExternalDnsLogLevel_DEBUG ExternalDnsLogLevel = "DEBUG"
	// Set log level to 'info'.
	ExternalDnsLogLevel_INFO ExternalDnsLogLevel = "INFO"
	// Set log level to 'warning'.
	ExternalDnsLogLevel_WARNING ExternalDnsLogLevel = "WARNING"
	// Set log level to 'error'.
	ExternalDnsLogLevel_ERROR ExternalDnsLogLevel = "ERROR"
	// Set log level to 'fatal'.
	ExternalDnsLogLevel_FATAL ExternalDnsLogLevel = "FATAL"
	// Set log level to 'trace'.
	ExternalDnsLogLevel_TRACE ExternalDnsLogLevel = "TRACE"
)

type ExternalDnsRegistry added in v0.0.33 

type ExternalDnsRegistry interface {
}

Helper class that provides access to the available ExternalDns registry options.

func NewExternalDnsRegistry added in v0.0.33 

func NewExternalDnsRegistry() ExternalDnsRegistry

type ExternalDnsRegistryConfiguration added in v0.0.33 

type ExternalDnsRegistryConfiguration struct {
	RegistryType *string                   `field:"required" json:"registryType" yaml:"registryType"`
	Permissions  *[]awsiam.PolicyStatement `field:"optional" json:"permissions" yaml:"permissions"`
	Properties   *map[string]interface{}   `field:"optional" json:"properties" yaml:"properties"`
}

type ExternalDnsSyncPolicy added in v0.0.33 

type ExternalDnsSyncPolicy string

Controls the operations ExternalDNS will perform on the records it manages. 

const (
	// Full sync mode.
	//
	// Records will be created, updated, and deleted based on the
	// statis of their backing resources on the Kubernetes cluster.
	ExternalDnsSyncPolicy_SYNC ExternalDnsSyncPolicy = "SYNC"
	// Only allow create and update operations.
	//
	// Records will have their values
	// set based on the status of their backing Kubernetes resources, however if
	// those resources are removed the DNS records will be retained, set to their
	// last configured value.
	ExternalDnsSyncPolicy_UPSERT_ONLY ExternalDnsSyncPolicy = "UPSERT_ONLY"
)

type ExternalDnsZoneTag added in v0.0.33 

type ExternalDnsZoneTag struct {
	// The name of the tag to filter on.
	Key *string `field:"required" json:"key" yaml:"key"`
	// The value of the tag to filter on.
	Value *string `field:"required" json:"value" yaml:"value"`
}

Specifies a tag that can be used to restrict which Hosted Zone external-dns will have access to.

type ExternalDnsZoneType added in v0.0.33 

type ExternalDnsZoneType string

Controls the types of Hosted Zones external DNS will create records for. 

const (
	// Create DNS records for both public and private hosted zones.
	ExternalDnsZoneType_ALL ExternalDnsZoneType = "ALL"
	// Only create DNS records for private hosted zones.
	ExternalDnsZoneType_PRIVATE ExternalDnsZoneType = "PRIVATE"
	// Only create DNS records for public hosted zones.
	ExternalDnsZoneType_PUBLIC ExternalDnsZoneType = "PUBLIC"
)

type ExternalSecret 

type ExternalSecret interface {
	awscdk.Resource
	// The EKS cluster where the secret should be created.
	Cluster() awseks.ICluster
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Kubernetes manifest defining the configuration of how to synchronize the Kubernetes secret from the provider secrets.
	Manifest() awseks.KubernetesManifest
	// The name to use for the Kubernetes secret resource when it is synchronized into the cluster.
	Name() *string
	// The name where the synchronized secret should be created.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The frequency at which synchronization should occur.
	RefreshInterval() awscdk.Duration
	// The name of the Kubernetes secret.
	SecretName() *string
	// The collection of referenced provider secrets that are referenced in the Kubernetes secret.
	Secrets() *[]ISecretReference
	// The Kubernetes secret store resource that provides details and permissions to use for importing secrets from the provider.
	SecretStore() ISecretStore
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Adds a provider secret reference to the synchronized Kubernetes secret.
	//
	// For external secrets that reference multiple provider secrets the keys of
	// all provider secrets will be merged into the single Kubernetes secret.
	//
	// Returns: The external secret resoiurce where the reference was added.
	AddSecret(secret ISecretReference) ExternalSecret
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents a Kubernetes secret that is being synchronized from an external provider.

On a technical level, provides the configuration for how the external secrets operator service should manage the synchronization of the Kubernetes secret.

func NewExternalSecret 

func NewExternalSecret(scope constructs.Construct, id *string, props *ExternalSecretProps) ExternalSecret

Creates a new instance of the ExternalSecret class.

type ExternalSecretOptions 

type ExternalSecretOptions struct {
	// A collection of field mappings that tells the external secrets operator the structure of the Kubernetes secret to create and which how fields in the Kubernetes secret should map to fields in the secret from the external secret provider.
	Fields *[]*SecretFieldReference `field:"optional" json:"fields" yaml:"fields"`
	// The name of the Kubernetes secret that will be created, as it will appear from within the Kubernetes cluster.
	Name *string `field:"optional" json:"name" yaml:"name"`
}

Configuration options for adding a Kubernetes secret synced from an external provider to Kubernetes.

type ExternalSecretProps 

type ExternalSecretProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS cluster where the secret should be created.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
	// The Kubernetes secret store resource that provides details and permissions to use for importing secrets from the provider.
	SecretStore ISecretStore `field:"required" json:"secretStore" yaml:"secretStore"`
	// The name to use for the Kubernetes secret resource when it is synchronized into the cluster.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The name where the synchronized secret should be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
	// The frequency at which synchronization should occur.
	RefreshInterval awscdk.Duration `field:"optional" json:"refreshInterval" yaml:"refreshInterval"`
	// The secrets to synchronize into this Kubernetes secret.
	//
	// If multiple secrets are provided their fields will be merged.
	Secrets *[]ISecretReference `field:"optional" json:"secrets" yaml:"secrets"`
}

Configuration for the ExternalSecret resource.

type ExternalSecretsOperator 

type ExternalSecretsOperator interface {
	awscdk.Resource
	// The EKS cluster where the external secrets operator service should be installed and configured.
	Cluster() awseks.Cluster
	// Determines the behavior when the service is deployed to a namespace that doesn't already exist on the EKS cluster.
	//
	// When this flag is `true` and the namespace doesn't exist, the namespace
	// will be created automatically.
	//
	// When this flag is `false` and the namespace doesn't exist, an error will
	// occur and resource creation will fail.
	CreateNamespace() *bool
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Helm chart the manages the installation and configuration of the external secrets operator service.
	HelmChart() awseks.HelmChart
	// The Kubernetes namespace where the external secrets operator service should be installed and configured.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Registers a Secrets Manager secret with the external secrets operator, enabling syncing from the Secrets Manager secret into Kubernetes.
	//
	// Returns: The external secret object that was created.
	RegisterSecretsManagerSecret(id *string, secret awssecretsmanager.ISecret, options *NamespacedExternalSecretOptions) ExternalSecret
	// Registers a Systems Manager parameter with the external secrets operator, enabling syncing from the Systems Manager parameter into Kubernetes.
	//
	// Returns: The external secret object that was created.
	RegisterSsmParameterSecret(id *string, parameter awsssm.IParameter, options *NamespacedExternalSecretOptions) ExternalSecret
	// Returns a string representation of this construct.
	ToString() *string
}

External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault and many more.

The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret. See: [External Secrets Website](https://external-secrets.io/)

func NewExternalSecretsOperator 

func NewExternalSecretsOperator(scope constructs.Construct, id *string, props *ExternalSecretsOperatorProps) ExternalSecretsOperator

Creates a new instance of the ExternalSecretsOperator class.

type ExternalSecretsOperatorProps 

type ExternalSecretsOperatorProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS cluster where the external secrets operator should be installed.
	Cluster awseks.Cluster `field:"required" json:"cluster" yaml:"cluster"`
	// Determines the behavior when the service is deployed to a namespace that doesn't already exist on the EKS cluster.
	//
	// When this flag is `true` and the namespace doesn't exist, the namespace
	// will be created automatically.
	//
	// When this flag is `false` and the namespace doesn't exist, an error will
	// occur and resource creation will fail.
	CreateNamespace *bool `field:"optional" json:"createNamespace" yaml:"createNamespace"`
	// The Kubernetes namespace where the external secrets operator service should be installed and configured.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Configuration for the ExternalSecretsOperator resource.

type FargateLogger 

type FargateLogger interface {
	awscdk.Resource
	// The EKS cluster where Fargate logging is being configured.
	Cluster() awseks.ICluster
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// Collection of Fluent Bit filter plugins being configured for logging.
	Filters() *[]IFluentBitFilterPlugin
	// The Kubernetes manifest that creates the ConfigMap that Fargate uses to configure logging.
	Manifest() awseks.KubernetesManifest
	// The tree node.
	Node() constructs.Node
	// Collection of Fluent Bit output plugins being configured for logging.
	Outputs() *[]IFluentBitOutputPlugin
	// Collection of Fluent Bit parser plugins being configured for logging.
	Parsers() *[]IFluentBitParserPlugin
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	AddFargateProfile(profile awseks.FargateProfile) FargateLogger
	AddFilter(filter IFluentBitFilterPlugin) FargateLogger
	AddOutput(output IFluentBitOutputPlugin) FargateLogger
	AddParser(parser IFluentBitParserPlugin) FargateLogger
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Creates a ConfigMap that configures logging for containers running in EKS on Fargate.

func NewFargateLogger 

func NewFargateLogger(scope constructs.Construct, id *string, props *FargateLoggerProps) FargateLogger

Creates a new instance of the FargateLogger class.

type FargateLoggerOptions added in v0.0.33 

type FargateLoggerOptions struct {
	// A default list of Fargate profiles that should have permissions configured.
	//
	// Alternatively profiles can be added at any time by calling
	// `addProfile`.
	FargateProfiles *[]awseks.FargateProfile `field:"optional" json:"fargateProfiles" yaml:"fargateProfiles"`
	// The filters that should be applied to logs being processed.
	Filters *[]IFluentBitFilterPlugin `field:"optional" json:"filters" yaml:"filters"`
	// The CloudWatch log group where Farget container logs will be sent.
	LogGroup awslogs.ILogGroup `field:"optional" json:"logGroup" yaml:"logGroup"`
	// The output destinations where logs should be written.
	Outputs *[]IFluentBitOutputPlugin `field:"optional" json:"outputs" yaml:"outputs"`
	// The parsers to be used when reading log files.
	Parsers *[]IFluentBitParserPlugin `field:"optional" json:"parsers" yaml:"parsers"`
}

Optional configuration for the FargateLogger resource.

type FargateLoggerProps 

type FargateLoggerProps struct {
	// A default list of Fargate profiles that should have permissions configured.
	//
	// Alternatively profiles can be added at any time by calling
	// `addProfile`.
	FargateProfiles *[]awseks.FargateProfile `field:"optional" json:"fargateProfiles" yaml:"fargateProfiles"`
	// The filters that should be applied to logs being processed.
	Filters *[]IFluentBitFilterPlugin `field:"optional" json:"filters" yaml:"filters"`
	// The CloudWatch log group where Farget container logs will be sent.
	LogGroup awslogs.ILogGroup `field:"optional" json:"logGroup" yaml:"logGroup"`
	// The output destinations where logs should be written.
	Outputs *[]IFluentBitOutputPlugin `field:"optional" json:"outputs" yaml:"outputs"`
	// The parsers to be used when reading log files.
	Parsers *[]IFluentBitParserPlugin `field:"optional" json:"parsers" yaml:"parsers"`
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS Cluster to configure Fargate logging for.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
}

Required configuration for the Fargate logger resource.

type FluentBitCloudWatchLogsOutput added in v0.0.33 

type FluentBitCloudWatchLogsOutput interface {
	FluentBitOutputPluginBase
	// Automatically create the log group.
	AutoCreateGroup() *bool
	// Immediately retry failed requests to AWS services once.
	//
	// This option does
	// not affect the normal Fluent Bit retry mechanism with backoff. Instead,
	// it enables an immediate retry with no delay for networking errors, which
	// may help improve throughput when there are transient/random networking
	// issues.
	AutoRetryRequests() *bool
	// Specify a custom endpoint for the CloudWatch Logs API.
	Endpoint() *string
	// An optional parameter that can be used to tell CloudWatch the format of the data.
	//
	// A value of json/emf enables CloudWatch to extract custom
	// metrics embedded in a JSON payload.
	// See: [Embedded Metric Format](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Embedded_Metric_Format_Specification.html)
	//
	LogFormat() *string
	// The CloudWatch Log Group configuration for output records.
	LogGroup() FluentBitLogGroupOutput
	// Template for Log Group name using Fluent Bit record_accessor syntax.
	//
	// This field is optional and if configured it overrides the configured Log
	// Group.
	//
	// If the template translation fails, an error is logged and the provided
	// Log Group (which is still required) is used instead.
	// See: [Fluent Bit record accessor snytax](https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/record-accessor)
	//
	LogGroupTemplate() *string
	// By default, the whole log record will be sent to CloudWatch.
	//
	// If you
	// specify a key name with this option, then only the value of that key
	// will be sent to CloudWatch.
	LogKey() *string
	// If set to a number greater than zero, and newly create log group's retention policy is set to this many days.
	LogRetention() awslogs.RetentionDays
	// The CloudWatch LogStream configuration for outbound records.
	LogStream() FluentBitLogStreamOutput
	// Template for Log Stream name using Fluent Bit record accessor syntax.
	//
	// This field is optional and if configured it overrides the other log
	// stream options. If the template translation fails, an error is logged
	// and the logStream or logStreamPrefix are used instead (and thus one of
	// those fields is still required to be configured).
	// See: [Fluent Bit record accessor snytax](https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/record-accessor)
	//
	LogStreamTemplate() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// A list of lists containing the dimension keys that will be applied to all metrics.
	//
	// The values within a dimension set MUST also be members on
	// the root-node.
	// See: [Dimensions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Dimension)
	//
	MetricDimensions() *[]*string
	// An optional string representing the CloudWatch namespace for the metrics.
	// See: [Metric Tutorial](https://docs.fluentbit.io/manual/pipeline/outputs/cloudwatch#metrics-tutorial)
	//
	MetricNamespace() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// The AWS region.
	Region() *string
	// ARN of an IAM role to assume (for cross account access).
	Role() awsiam.IRole
	// Specify a custom STS endpoint for the AWS STS API.
	StsEndpoint() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

Represents configuration for outputing logs from Fluent Bit to CloudWatch Logs.

func NewFluentBitCloudWatchLogsOutput added in v0.0.33 

func NewFluentBitCloudWatchLogsOutput(options *FluentBitCloudWatchLogsOutputOptions) FluentBitCloudWatchLogsOutput

Creates a new instance of the FluentBitCloudWatchLogsOutput class.

type FluentBitCloudWatchLogsOutputOptions added in v0.0.33 

type FluentBitCloudWatchLogsOutputOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Automatically create the log group.
	AutoCreateGroup *bool `field:"optional" json:"autoCreateGroup" yaml:"autoCreateGroup"`
	// Immediately retry failed requests to AWS services once.
	//
	// This option does
	// not affect the normal Fluent Bit retry mechanism with backoff. Instead,
	// it enables an immediate retry with no delay for networking errors, which
	// may help improve throughput when there are transient/random networking
	// issues.
	AutoRetryRequests *bool `field:"optional" json:"autoRetryRequests" yaml:"autoRetryRequests"`
	// Specify a custom endpoint for the CloudWatch Logs API.
	Endpoint *string `field:"optional" json:"endpoint" yaml:"endpoint"`
	// An optional parameter that can be used to tell CloudWatch the format of the data.
	//
	// A value of json/emf enables CloudWatch to extract custom
	// metrics embedded in a JSON payload.
	// See: [Embedded Metric Format](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Embedded_Metric_Format_Specification.html)
	//
	LogFormat *string `field:"optional" json:"logFormat" yaml:"logFormat"`
	// The CloudWatch Log Group configuration for output records.
	LogGroup FluentBitLogGroupOutput `field:"optional" json:"logGroup" yaml:"logGroup"`
	// Template for Log Group name using Fluent Bit record_accessor syntax.
	//
	// This field is optional and if configured it overrides the configured Log
	// Group.
	//
	// If the template translation fails, an error is logged and the provided
	// Log Group (which is still required) is used instead.
	// See: [Fluent Bit record accessor snytax](https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/record-accessor)
	//
	LogGroupTemplate *string `field:"optional" json:"logGroupTemplate" yaml:"logGroupTemplate"`
	// By default, the whole log record will be sent to CloudWatch.
	//
	// If you
	// specify a key name with this option, then only the value of that key
	// will be sent to CloudWatch.
	LogKey *string `field:"optional" json:"logKey" yaml:"logKey"`
	// If set to a number greater than zero, and newly create log group's retention policy is set to this many days.
	LogRetention awslogs.RetentionDays `field:"optional" json:"logRetention" yaml:"logRetention"`
	// The CloudWatch LogStream configuration for outbound records.
	LogStream FluentBitLogStreamOutput `field:"optional" json:"logStream" yaml:"logStream"`
	// Template for Log Stream name using Fluent Bit record accessor syntax.
	//
	// This field is optional and if configured it overrides the other log
	// stream options. If the template translation fails, an error is logged
	// and the logStream or logStreamPrefix are used instead (and thus one of
	// those fields is still required to be configured).
	// See: [Fluent Bit record accessor snytax](https://docs.fluentbit.io/manual/administration/configuring-fluent-bit/classic-mode/record-accessor)
	//
	LogStreamTemplate *string `field:"optional" json:"logStreamTemplate" yaml:"logStreamTemplate"`
	// A list of lists containing the dimension keys that will be applied to all metrics.
	//
	// The values within a dimension set MUST also be members on
	// the root-node.
	// See: [Dimensions](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Dimension)
	//
	MetricDimensions *[]*string `field:"optional" json:"metricDimensions" yaml:"metricDimensions"`
	// An optional string representing the CloudWatch namespace for the metrics.
	// See: [Metric Tutorial](https://docs.fluentbit.io/manual/pipeline/outputs/cloudwatch#metrics-tutorial)
	//
	MetricNamespace *string `field:"optional" json:"metricNamespace" yaml:"metricNamespace"`
	// The AWS region.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// ARN of an IAM role to assume (for cross account access).
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
	// Specify a custom STS endpoint for the AWS STS API.
	StsEndpoint *string `field:"optional" json:"stsEndpoint" yaml:"stsEndpoint"`
}

Options for configuring the CloudWatch Logs Fluent Bit output plugin. See: [CloudWatch Logs Plugin Documention](https://docs.fluentbit.io/manual/pipeline/outputs/cloudwatch)

type FluentBitElasticsearchOutput added in v0.0.33 

type FluentBitElasticsearchOutput interface {
	FluentBitOutputPluginBase
	// Enable AWS Sigv4 Authentication for Amazon Elasticsearch Service.
	AwsAuth() *bool
	// External ID for the AWS IAM Role specified with `awsRole`.
	AwsExternalId() *string
	// Specify the AWS region for Elasticsearch Service.
	AwsRegion() *string
	// AWS IAM Role to assume to put records to your Amazon cluster.
	AwsRole() awsiam.IRole
	// Specify the custom sts endpoint to be used with STS API for Amazon Elasticsearch Service.
	AwsStsEndpoint() *string
	// Specify the buffer size used to read the response from the Elasticsearch HTTP service.
	//
	// This option is useful for debugging purposes where is
	// required to read full responses, note that response size grows depending
	// of the number of records inserted.
	BufferSize() ElasticsearchOutputBufferSize
	// Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.
	CloudAuth() *string
	// If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running.
	CloudId() *string
	// Set payload compression mechanism.
	Compress() ElasticsearchCompressionFormat
	// Use current time for index generation instead of message record.
	CurrentTimeIndex() *bool
	// When enabled, generate `_id` for outgoing records.
	//
	// This prevents duplicate
	// records when retrying.
	GenerateId() *bool
	// IP address or hostname of the target Elasticsearch instance.
	Host() *string
	// Password for user defined in `httpUser`.
	HttpPasswd() *string
	// Optional username credential for access.
	HttpUser() *string
	// If set, `_id` will be the value of the key from incoming record and `generateId` option is ignored.
	IdKey() *string
	// When enabled, it append the Tag name to the record.
	IncludeTagKey() *bool
	// Index name.
	Index() *string
	// Time format (based on strftime) to generate the second part of the Index name.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	LogstashDateFormat() *string
	// Enable Logstash format compatibility.
	LogstashFormat() *bool
	// When `logstashFormat` is enabled, the Index name is composed using a prefix and the date, e.g: If `logstashPrefix` is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'.
	//
	// The last string appended belongs to the date when the data is being
	// generated.
	LogstashPrefix() *string
	// When included: the value in the record that belongs to the key will be looked up and over-write the `logstashPrefix` for index generation.
	//
	// If
	// the key/value is not found in the record then the `logstashPrefix` option
	// will act as a fallback.
	//
	// Nested keys are not supported (if desired, you can use the nest filter
	// plugin to remove nesting).
	LogstashPrefixKey() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// Elasticsearch accepts new data on HTTP query path "/_bulk".
	//
	// But it is
	// also possible to serve Elasticsearch behind a reverse proxy on a
	// subpath. This option defines such path on the fluent-bit side. It
	// simply adds a path prefix in the indexing HTTP POST URI.
	Path() *string
	// Elasticsearch allows to setup filters called pipelines.
	//
	// This option
	// allows to define which pipeline the database should use.
	Pipeline() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// TCP port of the target Elasticsearch instance.
	Port() *float64
	// When enabled, replace field name dots with underscore.
	ReplaceDots() *bool
	// When enabled, mapping types is removed and `type` option is ignored.
	SuppressTypeName() *bool
	// When `includeTagKey` is enabled, this property defines the key name for the tag.
	TagKey() *string
	// When `logstashFormat` is enabled, each record will get a new timestamp field.
	//
	// The`timeKey` property defines the name of that field.
	TimeKey() *string
	// When `logstashFormat` is enabled, this property defines the format of the timestamp.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeKeyFormat() *string
	// When `logstashFormat` is enabled, enabling this property sends nanosecond precision timestamps.
	TimeKeyNanos() *bool
	// When enabled print the Elasticsearch API calls to stdout when Elasticsearch returns an error (for diag only).
	TraceError() *bool
	// When enabled print the Elasticsearch API calls to stdout (for diag only).
	TraceOutput() *bool
	// Type name.
	Type() *string
	// Enables dedicated thread(s) for this output.
	Workers() *float64
	// Operation to use to write in bulk requests.
	WriteOperation() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

func NewFluentBitElasticsearchOutput added in v0.0.33 

func NewFluentBitElasticsearchOutput(options *FluentBitElasticsearchOutputOptions) FluentBitElasticsearchOutput

Creates a new instance of the FluentBitKinesisFirehoseOutput class.

type FluentBitElasticsearchOutputOptions added in v0.0.33 

type FluentBitElasticsearchOutputOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// IP address or hostname of the target Elasticsearch instance.
	Host *string `field:"required" json:"host" yaml:"host"`
	// Enable AWS Sigv4 Authentication for Amazon Elasticsearch Service.
	AwsAuth *bool `field:"optional" json:"awsAuth" yaml:"awsAuth"`
	// External ID for the AWS IAM Role specified with `awsRole`.
	AwsExternalId *string `field:"optional" json:"awsExternalId" yaml:"awsExternalId"`
	// Specify the AWS region for Elasticsearch Service.
	AwsRegion *string `field:"optional" json:"awsRegion" yaml:"awsRegion"`
	// AWS IAM Role to assume to put records to your Amazon cluster.
	AwsRole awsiam.IRole `field:"optional" json:"awsRole" yaml:"awsRole"`
	// Specify the custom sts endpoint to be used with STS API for Amazon Elasticsearch Service.
	AwsStsEndpoint *string `field:"optional" json:"awsStsEndpoint" yaml:"awsStsEndpoint"`
	// Specify the buffer size used to read the response from the Elasticsearch HTTP service.
	//
	// This option is useful for debugging purposes where is
	// required to read full responses, note that response size grows depending
	// of the number of records inserted.
	BufferSize ElasticsearchOutputBufferSize `field:"optional" json:"bufferSize" yaml:"bufferSize"`
	// Specify the credentials to use to connect to Elastic's Elasticsearch Service running on Elastic Cloud.
	CloudAuth *string `field:"optional" json:"cloudAuth" yaml:"cloudAuth"`
	// If you are using Elastic's Elasticsearch Service you can specify the cloud_id of the cluster running.
	CloudId *string `field:"optional" json:"cloudId" yaml:"cloudId"`
	// Set payload compression mechanism.
	Compress ElasticsearchCompressionFormat `field:"optional" json:"compress" yaml:"compress"`
	// Use current time for index generation instead of message record.
	CurrentTimeIndex *bool `field:"optional" json:"currentTimeIndex" yaml:"currentTimeIndex"`
	// When enabled, generate `_id` for outgoing records.
	//
	// This prevents duplicate
	// records when retrying.
	GenerateId *bool `field:"optional" json:"generateId" yaml:"generateId"`
	// Password for user defined in `httpUser`.
	HttpPasswd *string `field:"optional" json:"httpPasswd" yaml:"httpPasswd"`
	// Optional username credential for access.
	HttpUser *string `field:"optional" json:"httpUser" yaml:"httpUser"`
	// If set, `_id` will be the value of the key from incoming record and `generateId` option is ignored.
	IdKey *string `field:"optional" json:"idKey" yaml:"idKey"`
	// When enabled, it append the Tag name to the record.
	IncludeTagKey *bool `field:"optional" json:"includeTagKey" yaml:"includeTagKey"`
	// Index name.
	Index *string `field:"optional" json:"index" yaml:"index"`
	// Time format (based on strftime) to generate the second part of the Index name.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	LogstashDateFormat *string `field:"optional" json:"logstashDateFormat" yaml:"logstashDateFormat"`
	// Enable Logstash format compatibility.
	LogstashFormat *bool `field:"optional" json:"logstashFormat" yaml:"logstashFormat"`
	// When `logstashFormat` is enabled, the Index name is composed using a prefix and the date, e.g: If `logstashPrefix` is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'.
	//
	// The last string appended belongs to the date when the data is being
	// generated.
	LogstashPrefix *string `field:"optional" json:"logstashPrefix" yaml:"logstashPrefix"`
	// When included: the value in the record that belongs to the key will be looked up and over-write the `logstashPrefix` for index generation.
	//
	// If
	// the key/value is not found in the record then the `logstashPrefix` option
	// will act as a fallback.
	//
	// Nested keys are not supported (if desired, you can use the nest filter
	// plugin to remove nesting).
	LogstashPrefixKey *string `field:"optional" json:"logstashPrefixKey" yaml:"logstashPrefixKey"`
	// Elasticsearch accepts new data on HTTP query path "/_bulk".
	//
	// But it is
	// also possible to serve Elasticsearch behind a reverse proxy on a
	// subpath. This option defines such path on the fluent-bit side. It
	// simply adds a path prefix in the indexing HTTP POST URI..
	Path *string `field:"optional" json:"path" yaml:"path"`
	// Elasticsearch allows to setup filters called pipelines.
	//
	// This option
	// allows to define which pipeline the database should use.
	Pipeline *string `field:"optional" json:"pipeline" yaml:"pipeline"`
	// TCP port of the target Elasticsearch instance.
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// When enabled, replace field name dots with underscore.
	ReplaceDots *bool `field:"optional" json:"replaceDots" yaml:"replaceDots"`
	// When enabled, mapping types is removed and `type` option is ignored.
	SuppressTypeName *bool `field:"optional" json:"suppressTypeName" yaml:"suppressTypeName"`
	// When `includeTagKey` is enabled, this property defines the key name for the tag.
	TagKey *string `field:"optional" json:"tagKey" yaml:"tagKey"`
	// When `logstashFormat` is enabled, each record will get a new timestamp field.
	//
	// The`timeKey` property defines the name of that field.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// When `logstashFormat` is enabled, this property defines the format of the timestamp.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeKeyFormat *string `field:"optional" json:"timeKeyFormat" yaml:"timeKeyFormat"`
	// When `logstashFormat` is enabled, enabling this property sends nanosecond precision timestamps.
	TimeKeyNanos *bool `field:"optional" json:"timeKeyNanos" yaml:"timeKeyNanos"`
	// When enabled print the Elasticsearch API calls to stdout when Elasticsearch returns an error (for diag only).
	TraceError *bool `field:"optional" json:"traceError" yaml:"traceError"`
	// When enabled print the Elasticsearch API calls to stdout (for diag only).
	TraceOutput *bool `field:"optional" json:"traceOutput" yaml:"traceOutput"`
	// Type name.
	Type *string `field:"optional" json:"type" yaml:"type"`
	// Enables dedicated thread(s) for this output.
	Workers *float64 `field:"optional" json:"workers" yaml:"workers"`
	// Operation to use to write in bulk requests.
	WriteOperation *string `field:"optional" json:"writeOperation" yaml:"writeOperation"`
}

Options for configuring the Elasticsearch Fluent Bit output plugin. See: [Opensearch Plugin Documention](https://docs.fluentbit.io/manual/pipeline/outputs/elasticsearch)

type FluentBitFilter added in v0.0.33 

type FluentBitFilter interface {
}

Standard filter options which can be applied to Fluent Bit to control the output and formatting of logs.

Filters change the structure of log records by doing things like adding metadata to a record, restructuring a record, or adding and removing fields.

func NewFluentBitFilter added in v0.0.33 

func NewFluentBitFilter() FluentBitFilter

type FluentBitFilterPluginBase added in v0.0.33 

type FluentBitFilterPluginBase interface {
	FluentBitPlugin
	IFluentBitFilterPlugin
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

type FluentBitFilterPluginCommonOptions added in v0.0.33 

type FluentBitFilterPluginCommonOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
}

Configuration options that apply to all Fluent Bit output plugins.

type FluentBitGrepFilter added in v0.0.33 

type FluentBitGrepFilter interface {
	FluentBitFilterPluginBase
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The pattern to use for filtering records processed by the plugin.
	Pattern() *FluentBitGrepRegex
	// The type of fluent bit plugin.
	PluginType() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows log records to be kept or discarded based on whether they match a given regular expression or not.

func NewFluentBitGrepFilter added in v0.0.33 

func NewFluentBitGrepFilter(options *FluentBitGrepFilterOptions) FluentBitGrepFilter

Creates a new instance of the FluentBitKinesisFirehoseOutput class.

type FluentBitGrepFilterOptions added in v0.0.33 

type FluentBitGrepFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// The pattern to use for filtering records processed by the plugin.
	Pattern *FluentBitGrepRegex `field:"required" json:"pattern" yaml:"pattern"`
}

Options for configuring the Grep Fluent Bit filter plugin. See: [Grep Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/grep)

type FluentBitGrepRegex added in v0.0.33 

type FluentBitGrepRegex struct {
	// The key of the fields which you want to filter using the regex.
	Key *string `field:"required" json:"key" yaml:"key"`
	// The regular expression to apply to the specified field.
	Regex *string `field:"required" json:"regex" yaml:"regex"`
	// Whether the matched expression should exclude or include records from being output.
	//
	// When this is true, only records that match the given expression will be
	// output.
	//
	// When this is false, only records that do not match the given expression
	// will be output.
	Exclude *bool `field:"optional" json:"exclude" yaml:"exclude"`
}

Configures a pattern to match against a Fluent Bit record.

type FluentBitJsonParser added in v0.0.33 

type FluentBitJsonParser interface {
	FluentBitParserPluginBase
	// The data format that the parser extracts records from.
	Format() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat() *string
	// The key under which timestamp information for the inbound record is given.
	TimeKey() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that parsed inbound messages in JSON format.

func NewFluentBitJsonParser added in v0.0.33 

func NewFluentBitJsonParser(name *string, options *FluentBitJsonParserOptions) FluentBitJsonParser

Creates a new instance of the FluentBitJsonParser class.

type FluentBitJsonParserOptions added in v0.0.33 

type FluentBitJsonParserOptions struct {
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat *string `field:"optional" json:"timeFormat" yaml:"timeFormat"`
	// The key under which timestamp information for the inbound record is given.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
}

Options for configuring the JSON Fluent Bit parser plugin. See: [JSON Plugin Documention](https://docs.fluentbit.io/manual/pipeline/parsers/json)

type FluentBitKinesisFirehoseOutput added in v0.0.33 

type FluentBitKinesisFirehoseOutput interface {
	FluentBitOutputPluginBase
	// Immediately retry failed requests to AWS services once.
	//
	// This option does
	// not affect the normal Fluent Bit retry mechanism with backoff. Instead,
	// it enables an immediate retry with no delay for networking errors, which
	// may help improve throughput when there are transient/random networking
	// issues.
	AutoRetryRequests() *bool
	// Compression type for Firehose records.
	//
	// Each log record is individually
	// compressed and sent to Firehose.
	Compression() KinesisFirehoseCompressionFormat
	// The Kinesis Firehose Delivery stream that you want log records sent to.
	DeliveryStream() kinesisfirehose.IDeliveryStream
	// Specify a custom endpoint for the Firehose API.
	Endpoint() *string
	// By default, the whole log record will be sent to Firehose.
	//
	// If you
	// specify a key name with this option, then only the value of that key
	// will be sent to Firehose.
	LogKey() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// The AWS region.
	Region() *string
	// ARN of an IAM role to assume (for cross account access).
	Role() awsiam.IRole
	// Specify a custom STS endpoint for the AWS STS API.
	StsEndpoint() *string
	// Add the timestamp to the record under this key.
	TimeKey() *string
	// A strftime compliant format string for the timestamp.
	TimeKeyFormat() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

Represents configuration for outputing logs from Fluent Bit to Kinesis Firehose.

func NewFluentBitKinesisFirehoseOutput added in v0.0.33 

func NewFluentBitKinesisFirehoseOutput(options *FluentBitKinesisFirehoseOutputOptions) FluentBitKinesisFirehoseOutput

Creates a new instance of the FluentBitKinesisFirehoseOutput class.

type FluentBitKinesisFirehoseOutputOptions added in v0.0.33 

type FluentBitKinesisFirehoseOutputOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Immediately retry failed requests to AWS services once.
	//
	// This option does
	// not affect the normal Fluent Bit retry mechanism with backoff. Instead,
	// it enables an immediate retry with no delay for networking errors, which
	// may help improve throughput when there are transient/random networking
	// issues.
	AutoRetryRequests *bool `field:"optional" json:"autoRetryRequests" yaml:"autoRetryRequests"`
	// Compression type for Firehose records.
	//
	// Each log record is individually
	// compressed and sent to Firehose.
	Compression KinesisFirehoseCompressionFormat `field:"optional" json:"compression" yaml:"compression"`
	// The Kinesis Firehose Delivery stream that you want log records sent to.
	DeliveryStream kinesisfirehose.IDeliveryStream `field:"optional" json:"deliveryStream" yaml:"deliveryStream"`
	// Specify a custom endpoint for the Firehose API.
	Endpoint *string `field:"optional" json:"endpoint" yaml:"endpoint"`
	// By default, the whole log record will be sent to Firehose.
	//
	// If you
	// specify a key name with this option, then only the value of that key
	// will be sent to Firehose.
	LogKey *string `field:"optional" json:"logKey" yaml:"logKey"`
	// The AWS region.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// ARN of an IAM role to assume (for cross account access).
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
	// Specify a custom STS endpoint for the AWS STS API.
	StsEndpoint *string `field:"optional" json:"stsEndpoint" yaml:"stsEndpoint"`
	// Add the timestamp to the record under this key.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// A strftime compliant format string for the timestamp.
	TimeKeyFormat *string `field:"optional" json:"timeKeyFormat" yaml:"timeKeyFormat"`
}

Options for configuring the Kinesis Firehose Fluent Bit output plugin. See: [Kinesis Firehose Plugin Documention](https://docs.fluentbit.io/manual/pipeline/outputs/firehose)

type FluentBitKinesisOutput added in v0.0.33 

type FluentBitKinesisOutput interface {
	FluentBitOutputPluginBase
	// Immediately retry failed requests to AWS services once.
	//
	// This option does
	// not affect the normal Fluent Bit retry mechanism with backoff. Instead,
	// it enables an immediate retry with no delay for networking errors, which
	// may help improve throughput when there are transient/random networking
	// issues.
	AutoRetryRequests() *bool
	// Specify a custom endpoint for the Firehose API.
	Endpoint() *string
	// By default, the whole log record will be sent to Firehose.
	//
	// If you
	// specify a key name with this option, then only the value of that key
	// will be sent to Firehose.
	LogKey() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// The AWS region.
	Region() *string
	// ARN of an IAM role to assume (for cross account access).
	Role() awsiam.IRole
	// The name of the Kinesis Streams Delivery stream that you want log records sent to.
	Stream() awskinesis.IStream
	// Specify a custom STS endpoint for the AWS STS API.
	StsEndpoint() *string
	// Add the timestamp to the record under this key.
	TimeKey() *string
	// A strftime compliant format string for the timestamp.
	TimeKeyFormat() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

Represents configuration for outputing logs from Fluent Bit to Kinesis Data Streams.

func NewFluentBitKinesisOutput added in v0.0.33 

func NewFluentBitKinesisOutput(options *FluentBitKinesisOutputOptions) FluentBitKinesisOutput

Creates a new instance of the FluentBitKinesisOutput class.

type FluentBitKinesisOutputOptions added in v0.0.33 

type FluentBitKinesisOutputOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Immediately retry failed requests to AWS services once.
	//
	// This option does
	// not affect the normal Fluent Bit retry mechanism with backoff. Instead,
	// it enables an immediate retry with no delay for networking errors, which
	// may help improve throughput when there are transient/random networking
	// issues.
	AutoRetryRequests *bool `field:"optional" json:"autoRetryRequests" yaml:"autoRetryRequests"`
	// Specify a custom endpoint for the Firehose API.
	Endpoint *string `field:"optional" json:"endpoint" yaml:"endpoint"`
	// By default, the whole log record will be sent to Firehose.
	//
	// If you
	// specify a key name with this option, then only the value of that key
	// will be sent to Firehose.
	LogKey *string `field:"optional" json:"logKey" yaml:"logKey"`
	// The AWS region.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// ARN of an IAM role to assume (for cross account access).
	Role awsiam.IRole `field:"optional" json:"role" yaml:"role"`
	// The name of the Kinesis Streams Delivery stream that you want log records sent to.
	Stream awskinesis.IStream `field:"optional" json:"stream" yaml:"stream"`
	// Specify a custom STS endpoint for the AWS STS API.
	StsEndpoint *string `field:"optional" json:"stsEndpoint" yaml:"stsEndpoint"`
	// Add the timestamp to the record under this key.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// A strftime compliant format string for the timestamp.
	TimeKeyFormat *string `field:"optional" json:"timeKeyFormat" yaml:"timeKeyFormat"`
}

Options for configuring the Kinesis Data Streams Fluent Bit output plugin. See: [Kinesis Streams Plugin Documention](https://docs.fluentbit.io/manual/pipeline/outputs/kinesis)

type FluentBitKubernetesFilter added in v0.0.33 

type FluentBitKubernetesFilter interface {
	FluentBitFilterPluginBase
	// Include Kubernetes resource annotations in the extra metadata.
	Annotations() *bool
	// Set the buffer size for HTTP client when reading responses from Kubernetes API server.
	//
	// A value of 0 results in no limit, and the buffer will expand as-needed.
	//
	// Note that if pod specifications exceed the buffer limit, the API
	// response will be discarded when retrieving metadata, and some kubernetes
	// metadata will fail to be injected to the logs.
	BufferSize() core.DataSize
	// When enabled, metadata will be fetched from K8s when docker_id is changed.
	CacheUseDockerId() *bool
	// DNS lookup retries N times until the network starts working.
	DnsRetries() *float64
	// DNS lookup interval between network status checks.
	DnsWaitTime() awscdk.Duration
	// If set, use dummy-meta data (for test/dev purposes).
	DummyMeta() *bool
	// Allow Kubernetes Pods to exclude their logs from the log processor.
	K8sLoggingExclude() *bool
	// Allow Kubernetes Pods to suggest a pre-defined Parser.
	K8sLoggingParser() *bool
	// When `keepLog` is disabled, the log field is removed from the incoming message once it has been successfully merged (`mergeLog` must be enabled as well).
	KeepLog() *bool
	// CA certificate file.
	KubeCaFile() *string
	// Absolute path to scan for certificate files.
	KubeCaPath() *string
	// Kubelet host using for HTTP request, this only works when `useKubelet` is enabled.
	KubeletHost() *string
	// Kubelet port using for HTTP request, this only works when `useKubelet` is enabled.
	KubeletPort() *float64
	// Configurable TTL for K8s cached metadata.
	//
	// By default, it is set to 0 which means TTL for cache entries is disabled
	// and cache entries are evicted at random when capacity is reached.
	//
	// In order to enable this option, you should set the number to a time
	// interval.
	KubeMetaCacheTtl() awscdk.Duration
	// If set, Kubernetes meta-data can be cached/pre-loaded from files in JSON format in this directory, named as namespace-pod.meta.
	KubeMetaPreloadCacheDir() *string
	// When the source records comes from Tail input plugin, this option allows to specify what's the prefix used in Tail configuration.
	KubeTagPrefix() *string
	// Command to get Kubernetes authorization token.
	//
	// If you want to manually choose a command to get it, you can set the
	// command here.
	//
	// For example, run running the following to get the token using aws-cli:
	//
	// “`
	// aws-iam-authenticator -i your-cluster-name token --token-only
	// “`
	//
	// This option is currently Linux-only.
	KubeTokenCommand() *string
	// Token file.
	KubeTokenFile() *string
	// Configurable 'time to live' for the K8s token.
	//
	// After this time, the token is reloaded from `kubeTokenFile` or the
	// `kubeTokenCommand`.
	KubeTokenTtl() awscdk.Duration
	// API Server end-point.
	KubeUrl() *string
	// Include Kubernetes resource labels in the extra metadata.
	Labels() *bool
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// When enabled, it checks if the `log` field content is a JSON string map, if so, it append the map fields as part of the log structure.
	MergeLog() *bool
	// When `mergeLog` is enabled, the filter tries to assume the `log` field from the incoming message is a JSON string message and make a structured representation of it at the same level of the `log` field in the map.
	//
	// Now if `mergeLogKey` is set (a string name), all the new structured
	// fields taken from the original `log` content are inserted under the new
	// key.
	MergeLogKey() *string
	// When Merge_Log is enabled, trim (remove possible \n or \r) field values.
	MergeLogTrim() *bool
	// Optional parser name to specify how to parse the data contained in the log key.
	//
	// Recommended use is for developers or testing only.
	MergeParser() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Set an alternative Parser to process record Tag and extract pod_name, namespace_name, container_name and docker_id.
	//
	// The parser must be registered in a parsers file.
	// See: [Parsers File](https://github.com/fluent/fluent-bit/blob/master/conf/parsers.conf)
	//
	RegexParser() *string
	// Debug level between 0 (nothing) and 4 (every detail).
	TlsDebug() *float64
	// When enabled, turns on certificate validation when connecting to the Kubernetes API server.
	TlsVerify() *bool
	// When enabled, the filter reads logs coming in Journald format.
	UseJournal() *bool
	// This is an optional feature flag to get metadata information from kubelet instead of calling Kube Server API to enhance the log.
	// See: [Kube API heavy traffic issue for large cluster](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#optional-feature-using-kubelet-to-get-metadata)
	//
	UseKubelet() *bool
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows log records to be annotated with Kubernetes metadata based on the containers that generated them.

func NewFluentBitKubernetesFilter added in v0.0.33 

func NewFluentBitKubernetesFilter(options *FluentBitKubernetesFilterOptions) FluentBitKubernetesFilter

Creates a new instance of the FluentBitKubernetesFilter class.

type FluentBitKubernetesFilterOptions added in v0.0.33 

type FluentBitKubernetesFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Include Kubernetes resource annotations in the extra metadata.
	Annotations *bool `field:"optional" json:"annotations" yaml:"annotations"`
	// Set the buffer size for HTTP client when reading responses from Kubernetes API server.
	//
	// A value of 0 results in no limit, and the buffer will expand as-needed.
	//
	// Note that if pod specifications exceed the buffer limit, the API
	// response will be discarded when retrieving metadata, and some kubernetes
	// metadata will fail to be injected to the logs.
	BufferSize core.DataSize `field:"optional" json:"bufferSize" yaml:"bufferSize"`
	// When enabled, metadata will be fetched from K8s when docker_id is changed.
	CacheUseDockerId *bool `field:"optional" json:"cacheUseDockerId" yaml:"cacheUseDockerId"`
	// DNS lookup retries N times until the network starts working.
	DnsRetries *float64 `field:"optional" json:"dnsRetries" yaml:"dnsRetries"`
	// DNS lookup interval between network status checks.
	DnsWaitTime awscdk.Duration `field:"optional" json:"dnsWaitTime" yaml:"dnsWaitTime"`
	// If set, use dummy-meta data (for test/dev purposes).
	DummyMeta *bool `field:"optional" json:"dummyMeta" yaml:"dummyMeta"`
	// Allow Kubernetes Pods to exclude their logs from the log processor.
	K8sLoggingExclude *bool `field:"optional" json:"k8sLoggingExclude" yaml:"k8sLoggingExclude"`
	// Allow Kubernetes Pods to suggest a pre-defined Parser.
	K8sLoggingParser *bool `field:"optional" json:"k8sLoggingParser" yaml:"k8sLoggingParser"`
	// When `keepLog` is disabled, the log field is removed from the incoming message once it has been successfully merged (`mergeLog` must be enabled as well).
	KeepLog *bool `field:"optional" json:"keepLog" yaml:"keepLog"`
	// CA certificate file.
	KubeCaFile *string `field:"optional" json:"kubeCaFile" yaml:"kubeCaFile"`
	// Absolute path to scan for certificate files.
	KubeCaPath *string `field:"optional" json:"kubeCaPath" yaml:"kubeCaPath"`
	// Kubelet host using for HTTP request, this only works when `useKubelet` is enabled.
	KubeletHost *string `field:"optional" json:"kubeletHost" yaml:"kubeletHost"`
	// Kubelet port using for HTTP request, this only works when `useKubelet` is enabled.
	KubeletPort *float64 `field:"optional" json:"kubeletPort" yaml:"kubeletPort"`
	// Configurable TTL for K8s cached metadata.
	//
	// By default, it is set to 0 which means TTL for cache entries is disabled
	// and cache entries are evicted at random when capacity is reached.
	//
	// In order to enable this option, you should set the number to a time
	// interval.
	KubeMetaCacheTtl awscdk.Duration `field:"optional" json:"kubeMetaCacheTtl" yaml:"kubeMetaCacheTtl"`
	// If set, Kubernetes meta-data can be cached/pre-loaded from files in JSON format in this directory, named as namespace-pod.meta.
	KubeMetaPreloadCacheDir *string `field:"optional" json:"kubeMetaPreloadCacheDir" yaml:"kubeMetaPreloadCacheDir"`
	// When the source records comes from Tail input plugin, this option allows to specify what's the prefix used in Tail configuration.
	KubeTagPrefix *string `field:"optional" json:"kubeTagPrefix" yaml:"kubeTagPrefix"`
	// Command to get Kubernetes authorization token.
	//
	// If you want to manually choose a command to get it, you can set the
	// command here.
	//
	// For example, run running the following to get the token using aws-cli:
	//
	// “`
	// aws-iam-authenticator -i your-cluster-name token --token-only
	// “`
	//
	// This option is currently Linux-only.
	KubeTokenCommand *string `field:"optional" json:"kubeTokenCommand" yaml:"kubeTokenCommand"`
	// Token file.
	KubeTokenFile *string `field:"optional" json:"kubeTokenFile" yaml:"kubeTokenFile"`
	// Configurable 'time to live' for the K8s token.
	//
	// After this time, the token is reloaded from `kubeTokenFile` or the
	// `kubeTokenCommand`.
	KubeTokenTtl awscdk.Duration `field:"optional" json:"kubeTokenTtl" yaml:"kubeTokenTtl"`
	// API Server end-point.
	KubeUrl *string `field:"optional" json:"kubeUrl" yaml:"kubeUrl"`
	// Include Kubernetes resource labels in the extra metadata.
	Labels *bool `field:"optional" json:"labels" yaml:"labels"`
	// When enabled, it checks if the `log` field content is a JSON string map, if so, it append the map fields as part of the log structure.
	MergeLog *bool `field:"optional" json:"mergeLog" yaml:"mergeLog"`
	// When `mergeLog` is enabled, the filter tries to assume the `log` field from the incoming message is a JSON string message and make a structured representation of it at the same level of the `log` field in the map.
	//
	// Now if `mergeLogKey` is set (a string name), all the new structured
	// fields taken from the original `log` content are inserted under the new
	// key.
	MergeLogKey *string `field:"optional" json:"mergeLogKey" yaml:"mergeLogKey"`
	// When Merge_Log is enabled, trim (remove possible \n or \r) field values.
	MergeLogTrim *bool `field:"optional" json:"mergeLogTrim" yaml:"mergeLogTrim"`
	// Optional parser name to specify how to parse the data contained in the log key.
	//
	// Recommended use is for developers or testing only.
	MergeParser *string `field:"optional" json:"mergeParser" yaml:"mergeParser"`
	// Set an alternative Parser to process record Tag and extract pod_name, namespace_name, container_name and docker_id.
	//
	// The parser must be registered in a parsers file.
	// See: [Parsers File](https://github.com/fluent/fluent-bit/blob/master/conf/parsers.conf)
	//
	RegexParser *string `field:"optional" json:"regexParser" yaml:"regexParser"`
	// Debug level between 0 (nothing) and 4 (every detail).
	TlsDebug *float64 `field:"optional" json:"tlsDebug" yaml:"tlsDebug"`
	// When enabled, turns on certificate validation when connecting to the Kubernetes API server.
	TlsVerify *bool `field:"optional" json:"tlsVerify" yaml:"tlsVerify"`
	// When enabled, the filter reads logs coming in Journald format.
	UseJournal *bool `field:"optional" json:"useJournal" yaml:"useJournal"`
	// This is an optional feature flag to get metadata information from kubelet instead of calling Kube Server API to enhance the log.
	// See: [Kube API heavy traffic issue for large cluster](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes#optional-feature-using-kubelet-to-get-metadata)
	//
	UseKubelet *bool `field:"optional" json:"useKubelet" yaml:"useKubelet"`
}

Options for configuring the Kubernetes Fluent Bit filter plugin. See: [Kubernetes Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/kubernetes)

type FluentBitLogGroupOutput added in v0.0.33 

type FluentBitLogGroupOutput interface {
	// Flag that determines whether or not a log group should be automatically created.
	AutoCreate() *bool
	// A log group resource object to use as the destination.
	LogGroup() awslogs.ILogGroup
	// The name for the log group that should be used for output records.
	LogGroupName() *string
}

Represents valid log group output configuration options to be used by Fluent Bit when writing to CloudWatch Logs.

func FluentBitLogGroupOutput_Create added in v0.0.33 

func FluentBitLogGroupOutput_Create() FluentBitLogGroupOutput

Sets a flag saying that a log group should be created automatically.

Depending on the configuration of the plugin, this flag will either cause permissions to be granted for Fluent Bit to create the log group itself or the plugin CDK resource will create a Log Group and use that as the destination.

Returns: A FluentBitLogGroupOutput object representing the configured log group destination.

func FluentBitLogGroupOutput_FromLogGroup added in v0.0.33 

func FluentBitLogGroupOutput_FromLogGroup(logGroup awslogs.ILogGroup) FluentBitLogGroupOutput

Sets the destination log group to a LogGroup CDK resource.

Returns: A FluentBitLogGroupOutput object representing the configured log group destination.

func FluentBitLogGroupOutput_FromName added in v0.0.33 

func FluentBitLogGroupOutput_FromName(name *string, create *bool) FluentBitLogGroupOutput

Sets the destination for logs to the named log group.

Returns: A FluentBitLogGroupOutput object representing the configured log group destination.

type FluentBitLogStreamOutput added in v0.0.33 

type FluentBitLogStreamOutput interface {
	// The name of the log stream where records should be created.
	LogStreamName() *string
	// The prefix for log streams that will be created on a per-pod basis.
	LogStreamPrefix() *string
}

Represents valid log stream output configuration options to be used by Fluent Bit when writing to CloudWatch Logs.

func FluentBitLogStreamOutput_FromLogStream added in v0.0.33 

func FluentBitLogStreamOutput_FromLogStream(logStream awslogs.ILogStream) FluentBitLogStreamOutput

Sets output to be a log stream resource object.

Returns: A FluentBitLogStreamOutput object representing the configured log stream destination.

func FluentBitLogStreamOutput_FromName added in v0.0.33 

func FluentBitLogStreamOutput_FromName(name *string) FluentBitLogStreamOutput

Sets output to a named log stream.

If a log stream with the given name doesn't exist in the configured log group a log stream with the given name will be created.

Returns: A FluentBitLogStreamOutput object representing the configured log stream destination.

func FluentBitLogStreamOutput_FromPrefix added in v0.0.33 

func FluentBitLogStreamOutput_FromPrefix(prefix *string) FluentBitLogStreamOutput

Sets output to a prefixed log stream.

Log streams will be created on a per-pod basis with the name oof the log streams starting with the provided prefix.

Returns: A FluentBitLogStreamOutput object representing the configured log stream destination.

type FluentBitLogfmtParser added in v0.0.33 

type FluentBitLogfmtParser interface {
	FluentBitParserPluginBase
	// The data format that the parser extracts records from.
	Format() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat() *string
	// The key under which timestamp information for the inbound record is given.
	TimeKey() *string
	// Maps group names matched by the regex to the data types they should be interpreted as.
	Types() *map[string]ParserPluginDataType
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that parsed inbound messages in LTSV format.

func NewFluentBitLogfmtParser added in v0.0.33 

func NewFluentBitLogfmtParser(name *string, options *FluentBitLogfmtParserOptions) FluentBitLogfmtParser

Creates a new instance of the FluentBitLogfmtParser class.

type FluentBitLogfmtParserOptions added in v0.0.33 

type FluentBitLogfmtParserOptions struct {
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat *string `field:"optional" json:"timeFormat" yaml:"timeFormat"`
	// The key under which timestamp information for the inbound record is given.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// Maps group names matched by the regex to the data types they should be interpreted as.
	Types *map[string]ParserPluginDataType `field:"optional" json:"types" yaml:"types"`
}

Options for configuring the logfmt Fluent Bit parser plugin. See: [Logfmt Plugin Documention](https://docs.fluentbit.io/manual/pipeline/parsers/logfmt)

type FluentBitLtsvParser added in v0.0.33 

type FluentBitLtsvParser interface {
	FluentBitParserPluginBase
	// The data format that the parser extracts records from.
	Format() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat() *string
	// The key under which timestamp information for the inbound record is given.
	TimeKey() *string
	// Maps group names matched by the regex to the data types they should be interpreted as.
	Types() *map[string]ParserPluginDataType
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that parsed inbound messages in LTSV format.

func NewFluentBitLtsvParser added in v0.0.33 

func NewFluentBitLtsvParser(name *string, options *FluentBitLtsvParserOptions) FluentBitLtsvParser

Creates a new instance of the FluentBitLtsvParser class.

type FluentBitLtsvParserOptions added in v0.0.33 

type FluentBitLtsvParserOptions struct {
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat *string `field:"optional" json:"timeFormat" yaml:"timeFormat"`
	// The key under which timestamp information for the inbound record is given.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// Maps group names matched by the regex to the data types they should be interpreted as.
	Types *map[string]ParserPluginDataType `field:"optional" json:"types" yaml:"types"`
}

Options for configuring the LTSV Fluent Bit parser plugin. See: [LTSV Plugin Documention](https://docs.fluentbit.io/manual/pipeline/parsers/ltsv)

type FluentBitMatch added in v0.0.33 

type FluentBitMatch interface {
	// The pattern matching syntax to use when evaluating incoming tags.
	Evaluator() FluentBitMatchEvaluator
	// The pattern to compare against the tags of incoming records.
	Pattern() *string
	// Creates a record object that can be used to represent the match in Fluent Bit configuration files.
	//
	// Returns: The object that can be used to represent this match object.
	ToObject() *map[string]*string
	// Creates a string representation of this match object that reflects how it will appear in a Fluent Bit configuration file.
	//
	// Returns: A string representation of this match.
	ToString() *string
}

Represents a filter that can be applied to Filter and Output plugins that scopes down what records the given filter should apply to.

func FluentBitMatch_ALL added in v0.0.33 

func FluentBitMatch_ALL() FluentBitMatch

func FluentBitMatch_Glob added in v0.0.33 

func FluentBitMatch_Glob(pattern *string) FluentBitMatch

Creates a match pattern that supports basic wildcard matching using the star character (`*`).

Returns: A match object representing the given pattern.

func FluentBitMatch_Regex added in v0.0.33 

func FluentBitMatch_Regex(pattern *string) FluentBitMatch

Creates a match pattern that supports full regex matching.

Returns: A match object representing the given pattern.

type FluentBitMatchEvaluator added in v0.0.33 

type FluentBitMatchEvaluator string

Matching patterns supported by Fluent Bit plugins for scoping down incoming records. 

const (
	// A basic pattern match supporting the star (`*`) character as a wildcard.
	FluentBitMatchEvaluator_GLOB FluentBitMatchEvaluator = "GLOB"
	// Full pattern matching using regular expressions.
	FluentBitMatchEvaluator_REGEX FluentBitMatchEvaluator = "REGEX"
)

type FluentBitModifyFilter added in v0.0.33 

type FluentBitModifyFilter interface {
	FluentBitFilterPluginBase
	// Collection of conditions to apply for the filter.
	Conditions() *[]ModifyCondition
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// Collection of operations to apply for the filter.
	Operations() *[]ModifyOperation
	// The type of fluent bit plugin.
	PluginType() *string
	// Adds a new condition to the modify filter.
	//
	// All conditions must evaluate to `true` in order for operations are
	// performed.
	//
	// If one or more conditions do not evaluate to true, no conditions are
	// performed.
	//
	// Returns: The modify filter to which the condition was added.
	AddCondition(condition ModifyCondition) FluentBitModifyFilter
	// Adds a new operation to the modify filter.
	//
	// Returns: The modify filter to which the operation was added.
	AddOperation(operation ModifyOperation) FluentBitModifyFilter
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows changing records using rules and conditions.

func NewFluentBitModifyFilter added in v0.0.33 

func NewFluentBitModifyFilter(options *FluentBitModifyFilterOptions) FluentBitModifyFilter

Creates a new instance of the FluentBitModifyFilter class.

type FluentBitModifyFilterOptions added in v0.0.33 

type FluentBitModifyFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match      FluentBitMatch     `field:"optional" json:"match" yaml:"match"`
	Conditions *[]ModifyCondition `field:"optional" json:"conditions" yaml:"conditions"`
	Operations *[]ModifyOperation `field:"optional" json:"operations" yaml:"operations"`
}

Options for configuring the Modify Fluent Bit filter plugin. See: [Modify Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/modify)

type FluentBitNestFilter added in v0.0.33 

type FluentBitNestFilter interface {
	FluentBitFilterPluginBase
	// Prefix affected keys with this string.
	AddPrefix() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// Operation specific details for the plugin.
	Operation() NestFilterOperation
	// The type of fluent bit plugin.
	PluginType() *string
	// Remove prefix from affected keys if it matches this string.
	RemovePrefix() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows operating on or with nested data.

func NewFluentBitNestFilter added in v0.0.33 

func NewFluentBitNestFilter(options *FluentBitNestFilterOptions) FluentBitNestFilter

Creates a new instance of the FluentBitNestFilter class.

type FluentBitNestFilterOptions added in v0.0.33 

type FluentBitNestFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// The operation the filter will perform.
	Operation NestFilterOperation `field:"required" json:"operation" yaml:"operation"`
	// Prefix affected keys with this string.
	AddPrefix *string `field:"optional" json:"addPrefix" yaml:"addPrefix"`
	// Remove prefix from affected keys if it matches this string.
	RemovePrefix *string `field:"optional" json:"removePrefix" yaml:"removePrefix"`
}

Options for configuring the Nest Fluent Bit filter plugin. See: [Nest Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/nest)

type FluentBitOpenSearchOutput added in v0.0.33 

type FluentBitOpenSearchOutput interface {
	FluentBitOutputPluginBase
	// Enable AWS Sigv4 Authentication for Amazon OpenSearch Service.
	AwsAuth() *bool
	// External ID for the AWS IAM Role specified with `awsRole`.
	AwsExternalId() *string
	// Specify the AWS region for Amazon OpenSearch Service.
	AwsRegion() *string
	// AWS IAM Role to assume to put records to your Amazon cluster.
	AwsRole() awsiam.IRole
	// Specify the custom sts endpoint to be used with STS API for Amazon OpenSearch Service.
	AwsStsEndpoint() *string
	// Specify the buffer size used to read the response from the OpenSearch HTTP service.
	//
	// This option is useful for debugging purposes where is
	// required to read full responses, note that response size grows depending
	// of the number of records inserted.
	BufferSize() OpenSearchOutputBufferSize
	// Use current time for index generation instead of message record.
	CurrentTimeIndex() *bool
	// The Opensearch domain to which logs should be shipped.
	Domain() awsopensearchservice.IDomain
	// When enabled, generate `_id` for outgoing records.
	//
	// This prevents duplicate
	// records when retrying.
	GenerateId() *bool
	// Password for user defined in `httpUser`.
	HttpPasswd() *string
	// Optional username credential for access.
	HttpUser() *string
	// If set, `_id` will be the value of the key from incoming record and `generateId` option is ignored.
	IdKey() *string
	// When enabled, it append the Tag name to the record.
	IncludeTagKey() *bool
	// Index name.
	Index() *string
	// Time format (based on strftime) to generate the second part of the Index name.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	LogstashDateFormat() *string
	// Enable Logstash format compatibility.
	LogstashFormat() *bool
	// When `logstashFormat` is enabled, the Index name is composed using a prefix and the date, e.g: If `logstashPrefix` is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'.
	//
	// The last string appended belongs to the date when the data is being
	// generated.
	LogstashPrefix() *string
	// When included: the value in the record that belongs to the key will be looked up and over-write the `logstashPrefix` for index generation.
	//
	// If
	// the key/value is not found in the record then the `logstashPrefix` option
	// will act as a fallback.
	//
	// Nested keys are not supported (if desired, you can use the nest filter
	// plugin to remove nesting).
	LogstashPrefixKey() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// OpenSearch accepts new data on HTTP query path "/_bulk".
	//
	// But it is also
	// possible to serve OpenSearch behind a reverse proxy on a subpath. This
	// option defines such path on the fluent-bit side. It simply adds a path
	// prefix in the indexing HTTP POST URI.
	Path() *string
	// OpenSearch allows to setup filters called pipelines.
	//
	// This option allows
	// to define which pipeline the database should use.
	Pipeline() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// TCP port of the target OpenSearch instance.
	Port() *float64
	// When enabled, replace field name dots with underscore.
	ReplaceDots() *bool
	// When enabled, mapping types is removed and `type` option is ignored.
	SuppressTypeName() *bool
	// When `includeTagKey` is enabled, this property defines the key name for the tag.
	TagKey() *string
	// When `logstashFormat` is enabled, each record will get a new timestamp field.
	//
	// The`timeKey` property defines the name of that field.
	TimeKey() *string
	// When `logstashFormat` is enabled, this property defines the format of the timestamp.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeKeyFormat() *string
	// When `logstashFormat` is enabled, enabling this property sends nanosecond precision timestamps.
	TimeKeyNanos() *bool
	// When enabled print the OpenSearch API calls to stdout when OpenSearch returns an error (for diag only).
	TraceError() *bool
	// When enabled print the OpenSearch API calls to stdout (for diag only).
	TraceOutput() *bool
	// Type name.
	Type() *string
	// Enables dedicated thread(s) for this output.
	Workers() *float64
	// Operation to use to write in bulk requests.
	WriteOperation() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

func NewFluentBitOpenSearchOutput added in v0.0.33 

func NewFluentBitOpenSearchOutput(options *FluentBitOpenSearchOutputOptions) FluentBitOpenSearchOutput

Creates a new instance of the FluentBitOpenSearchOutput class.

type FluentBitOpenSearchOutputOptions added in v0.0.33 

type FluentBitOpenSearchOutputOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// The Opensearch domain to which logs should be shipped.
	Domain awsopensearchservice.IDomain `field:"required" json:"domain" yaml:"domain"`
	// Enable AWS Sigv4 Authentication for Amazon OpenSearch Service.
	AwsAuth *bool `field:"optional" json:"awsAuth" yaml:"awsAuth"`
	// External ID for the AWS IAM Role specified with `awsRole`.
	AwsExternalId *string `field:"optional" json:"awsExternalId" yaml:"awsExternalId"`
	// Specify the AWS region for Amazon OpenSearch Service.
	AwsRegion *string `field:"optional" json:"awsRegion" yaml:"awsRegion"`
	// AWS IAM Role to assume to put records to your Amazon cluster.
	AwsRole awsiam.IRole `field:"optional" json:"awsRole" yaml:"awsRole"`
	// Specify the custom sts endpoint to be used with STS API for Amazon OpenSearch Service.
	AwsStsEndpoint *string `field:"optional" json:"awsStsEndpoint" yaml:"awsStsEndpoint"`
	// Specify the buffer size used to read the response from the OpenSearch HTTP service.
	//
	// This option is useful for debugging purposes where is
	// required to read full responses, note that response size grows depending
	// of the number of records inserted.
	BufferSize OpenSearchOutputBufferSize `field:"optional" json:"bufferSize" yaml:"bufferSize"`
	// Use current time for index generation instead of message record.
	CurrentTimeIndex *bool `field:"optional" json:"currentTimeIndex" yaml:"currentTimeIndex"`
	// When enabled, generate `_id` for outgoing records.
	//
	// This prevents duplicate
	// records when retrying.
	GenerateId *bool `field:"optional" json:"generateId" yaml:"generateId"`
	// IP address or hostname of the target OpenSearch instance.
	Host *string `field:"optional" json:"host" yaml:"host"`
	// Password for user defined in `httpUser`.
	HttpPasswd *string `field:"optional" json:"httpPasswd" yaml:"httpPasswd"`
	// Optional username credential for access.
	HttpUser *string `field:"optional" json:"httpUser" yaml:"httpUser"`
	// If set, `_id` will be the value of the key from incoming record and `generateId` option is ignored.
	IdKey *string `field:"optional" json:"idKey" yaml:"idKey"`
	// When enabled, it append the Tag name to the record.
	IncludeTagKey *bool `field:"optional" json:"includeTagKey" yaml:"includeTagKey"`
	// Index name.
	Index *string `field:"optional" json:"index" yaml:"index"`
	// Time format (based on strftime) to generate the second part of the Index name.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	LogstashDateFormat *string `field:"optional" json:"logstashDateFormat" yaml:"logstashDateFormat"`
	// Enable Logstash format compatibility.
	LogstashFormat *bool `field:"optional" json:"logstashFormat" yaml:"logstashFormat"`
	// When `logstashFormat` is enabled, the Index name is composed using a prefix and the date, e.g: If `logstashPrefix` is equals to 'mydata' your index will become 'mydata-YYYY.MM.DD'.
	//
	// The last string appended belongs to the date when the data is being
	// generated.
	LogstashPrefix *string `field:"optional" json:"logstashPrefix" yaml:"logstashPrefix"`
	// When included: the value in the record that belongs to the key will be looked up and over-write the `logstashPrefix` for index generation.
	//
	// If
	// the key/value is not found in the record then the `logstashPrefix` option
	// will act as a fallback.
	//
	// Nested keys are not supported (if desired, you can use the nest filter
	// plugin to remove nesting).
	LogstashPrefixKey *string `field:"optional" json:"logstashPrefixKey" yaml:"logstashPrefixKey"`
	// OpenSearch accepts new data on HTTP query path "/_bulk".
	//
	// But it is also
	// possible to serve OpenSearch behind a reverse proxy on a subpath. This
	// option defines such path on the fluent-bit side. It simply adds a path
	// prefix in the indexing HTTP POST URI..
	Path *string `field:"optional" json:"path" yaml:"path"`
	// OpenSearch allows to setup filters called pipelines.
	//
	// This option allows
	// to define which pipeline the database should use.
	Pipeline *string `field:"optional" json:"pipeline" yaml:"pipeline"`
	// TCP port of the target OpenSearch instance.
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// When enabled, replace field name dots with underscore.
	ReplaceDots *bool `field:"optional" json:"replaceDots" yaml:"replaceDots"`
	// When enabled, mapping types is removed and `type` option is ignored.
	SuppressTypeName *bool `field:"optional" json:"suppressTypeName" yaml:"suppressTypeName"`
	// When `includeTagKey` is enabled, this property defines the key name for the tag.
	TagKey *string `field:"optional" json:"tagKey" yaml:"tagKey"`
	// When `logstashFormat` is enabled, each record will get a new timestamp field.
	//
	// The`timeKey` property defines the name of that field.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// When `logstashFormat` is enabled, this property defines the format of the timestamp.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeKeyFormat *string `field:"optional" json:"timeKeyFormat" yaml:"timeKeyFormat"`
	// When `logstashFormat` is enabled, enabling this property sends nanosecond precision timestamps.
	TimeKeyNanos *bool `field:"optional" json:"timeKeyNanos" yaml:"timeKeyNanos"`
	// When enabled print the OpenSearch API calls to stdout when OpenSearch returns an error (for diag only).
	TraceError *bool `field:"optional" json:"traceError" yaml:"traceError"`
	// When enabled print the OpenSearch API calls to stdout (for diag only).
	TraceOutput *bool `field:"optional" json:"traceOutput" yaml:"traceOutput"`
	// Type name.
	Type *string `field:"optional" json:"type" yaml:"type"`
	// Enables dedicated thread(s) for this output.
	Workers *float64 `field:"optional" json:"workers" yaml:"workers"`
	// Operation to use to write in bulk requests.
	WriteOperation *string `field:"optional" json:"writeOperation" yaml:"writeOperation"`
}

Options for configuring the OpenSearch Fluent Bit output plugin. See: [OpenSearch Plugin Documention](https://docs.fluentbit.io/manual/pipeline/outputs/opensearch)

type FluentBitOutput added in v0.0.33 

type FluentBitOutput interface {
}

Common options that allow configuration of destinations where Fluent Bit should send records after processing.

func NewFluentBitOutput added in v0.0.33 

func NewFluentBitOutput() FluentBitOutput

type FluentBitOutputPluginBase added in v0.0.33 

type FluentBitOutputPluginBase interface {
	FluentBitPlugin
	IFluentBitOutputPlugin
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

Represents a Fluent Bit plugin that controls log output to a given destination.

type FluentBitOutputPluginCommonOptions added in v0.0.33 

type FluentBitOutputPluginCommonOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
}

Configuration options that apply to all Fluent Bit output plugins.

type FluentBitParser added in v0.0.33 

type FluentBitParser interface {
}

Standard parse comfigurations which can be applied to Fluent Bit to allow for parsing data from incoming records.

The records to which parsers are applied is controlled using the parser filter. See: {@link FluentBitParserFilter}.

func NewFluentBitParser added in v0.0.33 

func NewFluentBitParser() FluentBitParser

type FluentBitParserFilter added in v0.0.33 

type FluentBitParserFilter interface {
	FluentBitFilterPluginBase
	// Specify field name in record to parse.
	KeyName() *string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// Collection of the parsers that should be used to evaluate the filter.
	Parsers() *[]IFluentBitParserPlugin
	// The type of fluent bit plugin.
	PluginType() *string
	// Keep original `keyName` field in the parsed result.
	//
	// If `false`, the field will be removed.
	PreserveKey() *bool
	// Keep all other original fields in the parsed result.
	//
	// If `false`, all other original fields will be removed.
	ReserveData() *bool
	// Adds a new parser to apply to matched log entries.
	//
	// Returns: The parser filter that the parser plugin was registered with.
	AddParser(parser IFluentBitParserPlugin) FluentBitParserFilter
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows parsing of fields in event records.

func NewFluentBitParserFilter added in v0.0.33 

func NewFluentBitParserFilter(options *FluentBitParserFilterOptions) FluentBitParserFilter

Creates a new instance of the FluentBitParserFilter class.

type FluentBitParserFilterOptions added in v0.0.33 

type FluentBitParserFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Specify field name in record to parse.
	KeyName *string `field:"required" json:"keyName" yaml:"keyName"`
	// The parsers to use to interpret the field.
	Parsers *[]IFluentBitParserPlugin `field:"optional" json:"parsers" yaml:"parsers"`
	// Keep original `keyName` field in the parsed result.
	//
	// If `false`, the field will be removed.
	PreserveKey *bool `field:"optional" json:"preserveKey" yaml:"preserveKey"`
	// Keep all other original fields in the parsed result.
	//
	// If `false`, all other original fields will be removed.
	ReserveData *bool `field:"optional" json:"reserveData" yaml:"reserveData"`
}

Options for configuring the Parser Fluent Bit filter plugin. See: [Parser Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/parser)

type FluentBitParserPluginBase added in v0.0.33 

type FluentBitParserPluginBase interface {
	FluentBitPlugin
	IFluentBitParserPlugin
	// The data format that the parser extracts records from.
	Format() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

Represents a Fluent Bit plugin that parses inbound records to populate fields.

type FluentBitParserPluginCommonOptions added in v0.0.33 

type FluentBitParserPluginCommonOptions struct {
}

Configuration options that apply to all Fluent Bit parser plugins.

type FluentBitPlugin added in v0.0.33 

type FluentBitPlugin interface {
	IFluentBitPlugin
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Returns: A fluent bit config file representation of the passed properties.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit plugin that allows for configuration of options and can be used to configure logging from containers.

type FluentBitPluginCommonOptions added in v0.0.33 

type FluentBitPluginCommonOptions struct {
	// The name of the fluent bit plugin.
	Name *string `field:"required" json:"name" yaml:"name"`
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	PluginType FluentBitPluginType `field:"required" json:"pluginType" yaml:"pluginType"`
}

Options that are applicable to all Fluent Bit Plugins regardless of type.

type FluentBitPluginType added in v0.0.33 

type FluentBitPluginType string

The types of Fluent Bit plugins that can be configured. 

const (
	// A plugin that transforms or filters records.
	FluentBitPluginType_FILTER FluentBitPluginType = "FILTER"
	// A plugin that configures where output should be sent.
	FluentBitPluginType_OUTPUT FluentBitPluginType = "OUTPUT"
	// A plugin that read data from input objects into structured objects.
	FluentBitPluginType_PARSER FluentBitPluginType = "PARSER"
)

type FluentBitRecordModifierFilter added in v0.0.33 

type FluentBitRecordModifierFilter interface {
	FluentBitFilterPluginBase
	// Collection of tags that are allowed on a matched input record.
	//
	// If a tag is not matched it is removed.
	Allow() *[]*string
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Collection of the records to be appending to matched input.
	Records() *[]*AppendedRecord
	// Collection of tags to exclude from a matched input record.
	//
	// If a tag is matched it is removed.
	Remove() *[]*string
	// Adds a tag to be allowed on a matched input record.
	//
	// If a tag is not matched it is removed.
	//
	// Returns: The record modifier filter that the tag plugin was registered
	// with.
	AddAllow(tag *string) FluentBitRecordModifierFilter
	// Add a record to be appended to matched events.
	//
	// Returns: The record modifier filter that the tag plugin was registered
	// with.
	AddRecord(record *AppendedRecord) FluentBitRecordModifierFilter
	// Adds a tag to be removed on a matched input record.
	//
	// If a tag is matched it is removed.
	//
	// Returns: The record modifier filter that the tag plugin was registered
	// with.
	AddRemove(tag *string) FluentBitRecordModifierFilter
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows appending fields or excluding specific fields.

func NewFluentBitRecordModifierFilter added in v0.0.33 

func NewFluentBitRecordModifierFilter(options *FluentBitRecordModifierFilterOptions) FluentBitRecordModifierFilter

Creates a new instance of the FluentBitRecordModifierFilter class.

type FluentBitRecordModifierFilterOptions added in v0.0.33 

type FluentBitRecordModifierFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// If a tag is not match, that field is removed.
	Allow *[]*string `field:"optional" json:"allow" yaml:"allow"`
	// Add fields to the output.
	Records *[]*AppendedRecord `field:"optional" json:"records" yaml:"records"`
	// If a tag is match, that field is removed.
	Remove *[]*string `field:"optional" json:"remove" yaml:"remove"`
}

Options for configuring the Record Modifier Fluent Bit filter plugin. See: [Record Modifier Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/record-modifier)

type FluentBitRegexParser added in v0.0.33 

type FluentBitRegexParser interface {
	FluentBitParserPluginBase
	// The data format that the parser extracts records from.
	Format() *string
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// The regular expression to use to parse the incoming records.
	//
	// Use regex group names to define the name of fields being captured.
	Regex() *string
	// If enabled, the parser ignores empty value of the record.
	SkipEmptyValues() *bool
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat() *string
	// The key under which timestamp information for the inbound record is given.
	TimeKey() *string
	// Maps group names matched by the regex to the data types they should be interpreted as.
	Types() *map[string]ParserPluginDataType
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that parsed inbound messages using regular expressions.

func NewFluentBitRegexParser added in v0.0.33 

func NewFluentBitRegexParser(name *string, options *FluentBitRegexParserOptions) FluentBitRegexParser

Creates a new instance of the FluentBitLtsvParser class.

type FluentBitRegexParserOptions added in v0.0.33 

type FluentBitRegexParserOptions struct {
	// The regular expression to use to parse the incoming records.
	//
	// Use regex group names to define the name of fields being captured.
	Regex *string `field:"required" json:"regex" yaml:"regex"`
	// If enabled, the parser ignores empty value of the record.
	SkipEmptyValues *bool `field:"optional" json:"skipEmptyValues" yaml:"skipEmptyValues"`
	// Defines the format of the timestamp on the inbound record.
	// See: [strftime](http://man7.org/linux/man-pages/man3/strftime.3.html)
	//
	TimeFormat *string `field:"optional" json:"timeFormat" yaml:"timeFormat"`
	// The key under which timestamp information for the inbound record is given.
	TimeKey *string `field:"optional" json:"timeKey" yaml:"timeKey"`
	// Maps group names matched by the regex to the data types they should be interpreted as.
	Types *map[string]ParserPluginDataType `field:"optional" json:"types" yaml:"types"`
}

Options for configuring the Regex Fluent Bit parser plugin. See: [Regex Plugin Documention](https://docs.fluentbit.io/manual/pipeline/parsers/regular-expression)

type FluentBitRewriteTagFilter added in v0.0.33 

type FluentBitRewriteTagFilter interface {
	FluentBitFilterPluginBase
	// Set a limit on the amount of memory the tag rewrite emitter can consume if the outputs provide backpressure.
	EmitterMemBufLimit() core.DataSize
	// When the filter emits a record under the new Tag, there is an internal emitter plugin that takes care of the job.
	//
	// Since this emitter expose
	// metrics as any other component of the pipeline, you can use this
	// property to configure an optional name for it.
	EmitterName() *string
	// Define a buffering mechanism for the new records created.
	//
	// Note these records are part of the emitter plugin.
	EmitterStorageType() EmitterStorageType
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Collection of rules defining matching criteria and the format of the tag for the matching record.
	Rules() *[]*RewriteTagRule
	// Adds a new rule to apply to matched log entries.
	//
	// Returns: The parser filter that the parser plugin was registered with.
	AddRule(rule *RewriteTagRule) FluentBitRewriteTagFilter
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that allows parsing of fields in event records.

func NewFluentBitRewriteTagFilter added in v0.0.33 

func NewFluentBitRewriteTagFilter(options *FluentBitRewriteTagFilterOptions) FluentBitRewriteTagFilter

Creates a new instance of the FluentBitRewriteTagFilter class.

type FluentBitRewriteTagFilterOptions added in v0.0.33 

type FluentBitRewriteTagFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Set a limit on the amount of memory the tag rewrite emitter can consume if the outputs provide backpressure.
	EmitterMemBufLimit core.DataSize `field:"optional" json:"emitterMemBufLimit" yaml:"emitterMemBufLimit"`
	// When the filter emits a record under the new Tag, there is an internal emitter plugin that takes care of the job.
	//
	// Since this emitter expose
	// metrics as any other component of the pipeline, you can use this
	// property to configure an optional name for it.
	EmitterName *string `field:"optional" json:"emitterName" yaml:"emitterName"`
	// Define a buffering mechanism for the new records created.
	//
	// Note these records are part of the emitter plugin.
	EmitterStorageType EmitterStorageType `field:"optional" json:"emitterStorageType" yaml:"emitterStorageType"`
	// Defines the matching criteria and the format of the Tag for the matching record.
	Rules *[]*RewriteTagRule `field:"optional" json:"rules" yaml:"rules"`
}

Options for configuring the Parser Fluent Bit filter plugin. See: [Parser Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/parser)

type FluentBitThrottleFilter added in v0.0.33 

type FluentBitThrottleFilter interface {
	FluentBitFilterPluginBase
	// Time interval.
	Interval() awscdk.Duration
	// The pattern to match for records that this output should apply to.
	Match() FluentBitMatch
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
	// Whether to print status messages with current rate and the limits to information logs.
	PrintStatus() *bool
	// Amount of messages for the time.
	Rate() *float64
	// Amount of intervals to calculate average over.
	Window() *float64
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	//
	// Returns: A configuration for the plugin that con be used by the resource
	// configuring logging.
	Bind(_scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// Renders a Fluent Bit configuration file for the plugin.
	//
	// Returns: A rendered plugin configuration file.
	RenderConfigFile(config *map[string]interface{}) *string
}

A Fluent Bit filter that sets the average *Rate* of messages per *Interval*, based on leaky bucket and sliding window algorithm.

In case of overflood, it will leak within certain rate.

func NewFluentBitThrottleFilter added in v0.0.33 

func NewFluentBitThrottleFilter(options *FluentBitThrottleFilterOptions) FluentBitThrottleFilter

Creates a new instance of the FluentBitThrottleFilter class.

type FluentBitThrottleFilterOptions added in v0.0.33 

type FluentBitThrottleFilterOptions struct {
	// The pattern to match for records that this output should apply to.
	Match FluentBitMatch `field:"optional" json:"match" yaml:"match"`
	// Time interval.
	Interval awscdk.Duration `field:"optional" json:"interval" yaml:"interval"`
	// Whether to print status messages with current rate and the limits to information logs.
	PrintStatus *bool `field:"optional" json:"printStatus" yaml:"printStatus"`
	// Amount of messages for the time.
	Rate *float64 `field:"optional" json:"rate" yaml:"rate"`
	// Amount of intervals to calculate average over.
	Window *float64 `field:"optional" json:"window" yaml:"window"`
}

Options for configuring the Throttle Fluent Bit filter plugin. See: [Throttle Plugin Documention](https://docs.fluentbit.io/manual/pipeline/filters/throttle)

type IExternalDnsRegistry added in v0.0.33 

type IExternalDnsRegistry interface {
	Bind(scope constructs.IConstruct) *ExternalDnsRegistryConfiguration
	RegistryType() *string
}

type IFluentBitFilterPlugin added in v0.0.33 

type IFluentBitFilterPlugin interface {
	IFluentBitPlugin
}

Represents a Fluent Bit plugin that controls log filtering and metadata.

func FluentBitFilter_AppendFields added in v0.0.33 

func FluentBitFilter_AppendFields(match FluentBitMatch, records ...*AppendedRecord) IFluentBitFilterPlugin

Creates a filter that adds fields to a record that matches the given pattern.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_BlacklistFields added in v0.0.33 

func FluentBitFilter_BlacklistFields(match FluentBitMatch, fields ...*string) IFluentBitFilterPlugin

Creates a filter that removes a set of fields from any records that match a given pattern.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Grep added in v0.0.33 

func FluentBitFilter_Grep(match FluentBitMatch, pattern *FluentBitGrepRegex) IFluentBitFilterPlugin

Filters log entries based on a pattern.

Log entries can be removed and not forwarded based on whether they match or do not match the given pattern.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Kubernetes added in v0.0.33 

func FluentBitFilter_Kubernetes(match FluentBitMatch) IFluentBitFilterPlugin

Adds Kubernetes metadata to output records including pod information, labels, etc..

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Lift added in v0.0.33 

func FluentBitFilter_Lift(match FluentBitMatch, nestedUnder *string) IFluentBitFilterPlugin

Lifts nested fields in a record up to their parent object.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Modify added in v0.0.33 

func FluentBitFilter_Modify(match FluentBitMatch, operations ...ModifyOperation) IFluentBitFilterPlugin

Applies various transformations to matched records including adding, removing, copying, and renaming fields.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Nest added in v0.0.33 

func FluentBitFilter_Nest(match FluentBitMatch, nestUnder *string, fields ...*string) IFluentBitFilterPlugin

Nests a set of fields in a record under into a specified object.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Parser added in v0.0.33 

func FluentBitFilter_Parser(match FluentBitMatch, key *string, parsers ...IFluentBitParserPlugin) IFluentBitFilterPlugin

Applies a set of parsers to matched records.

The parser is used to read the input record and set structured fields in the output.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_RewriteTag added in v0.0.33 

func FluentBitFilter_RewriteTag(match FluentBitMatch, rules ...*RewriteTagRule) IFluentBitFilterPlugin

Allows modification of tags set by the input configuration to affect the routing of when records are output.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_Throttle added in v0.0.33 

func FluentBitFilter_Throttle(match FluentBitMatch, interval awscdk.Duration, rate *float64, window *float64) IFluentBitFilterPlugin

Sets an average rate of messages that are allowed to be output over a configured period of time.

When the rate of messages surpasses the configured limits messages will be dropped.

Returns: A filter object that can be applied to the Fluent Bit configuration.

func FluentBitFilter_WhitelistFields added in v0.0.33 

func FluentBitFilter_WhitelistFields(match FluentBitMatch, fields ...*string) IFluentBitFilterPlugin

Creates a filter that removes all fields in a record that are not approved.

Returns: A filter object that can be applied to the Fluent Bit configuration.

type IFluentBitOutputPlugin added in v0.0.33 

type IFluentBitOutputPlugin interface {
	IFluentBitPlugin
}

Represents a Fluent Bit plugin that controls log output to a given destination.

func FluentBitOutput_CloudwatchLogs added in v0.0.33 

func FluentBitOutput_CloudwatchLogs(match FluentBitMatch, logGroup awslogs.ILogGroup) IFluentBitOutputPlugin

Sends matched records to a CloudWatch Logs log group.

Returns: An output filter object that can be applied to the Fluent Bit configuration.

func FluentBitOutput_Kinesis added in v0.0.33 

func FluentBitOutput_Kinesis(match FluentBitMatch, stream awskinesis.IStream) IFluentBitOutputPlugin

Sends matched records to a Kinesis data stream.

Returns: An output filter object that can be applied to the Fluent Bit configuration.

func FluentBitOutput_KinesisFirehose added in v0.0.33 

func FluentBitOutput_KinesisFirehose(match FluentBitMatch, deliveryStream kinesisfirehose.IDeliveryStream) IFluentBitOutputPlugin

Sends matched records to a Kinesis Firehose delivery stream.

Returns: An output filter object that can be applied to the Fluent Bit configuration.

func FluentBitOutput_Opensearch added in v0.0.33 

func FluentBitOutput_Opensearch(match FluentBitMatch, domain awsopensearchservice.IDomain) IFluentBitOutputPlugin

Sends matched records to an OpenSearch domain.

Returns: An output filter object that can be applied to the Fluent Bit configuration.

type IFluentBitParserPlugin added in v0.0.33 

type IFluentBitParserPlugin interface {
	IFluentBitPlugin
	Format() *string
}

Represents a Fluent Bit plugin that parses inbound records to populate fields.

func FluentBitParser_Json added in v0.0.33 

func FluentBitParser_Json(name *string) IFluentBitParserPlugin

Creates a parser that processes records that are formatted in JSON.

Returns: A parser object that can be applied to the Fluent Bit configuration.

func FluentBitParser_Logfmt added in v0.0.33 

func FluentBitParser_Logfmt(name *string) IFluentBitParserPlugin

Creates a parser that processes records that are formatted using the `logfmt` standard.

Returns: A parser object that can be applied to the Fluent Bit configuration. See: [Golang logfmt documentation](https://pkg.go.dev/github.com/kr/logfmt)

func FluentBitParser_Ltsv added in v0.0.33 

func FluentBitParser_Ltsv(name *string) IFluentBitParserPlugin

Creates a parser that processes records that are formatted using the `ltsv` standard.

Returns: A parser object that can be applied to the Fluent Bit configuration. See: [LTSV](http://ltsv.org/)

func FluentBitParser_Regex added in v0.0.33 

func FluentBitParser_Regex(name *string, regex *string) IFluentBitParserPlugin

Creates a parser that uses regular expressions to parse incoming records.

Returns: A parser object that can be applied to the Fluent Bit configuration.

type IFluentBitPlugin added in v0.0.33 

type IFluentBitPlugin interface {
	// Builds a configuration for this plugin and returns the details for consumtion by a resource that is configuring logging.
	Bind(scope constructs.IConstruct) *ResolvedFluentBitConfiguration
	// The name of the fluent bit plugin.
	Name() *string
	// The type of fluent bit plugin.
	PluginType() *string
}

Represents a Fluent Bit plugin that allows for configuration of options and can be used to configure logging from containers.

type INestFilterOperation added in v0.0.33 

type INestFilterOperation interface {
	Fields() *map[string]*[]*string
	Operation() NestFilterOperationType
}

Represents an operation with excludive options that can be performed by the Fluent Bit Nest filter plugin.

func NestFilterOperation_Lift added in v0.0.33 

func NestFilterOperation_Lift(options *LiftOptions) INestFilterOperation

func NestFilterOperation_Nest added in v0.0.33 

func NestFilterOperation_Nest(options *NestOptions) INestFilterOperation

type ISecretReference 

type ISecretReference interface {
	// Gets the configuration details for the resource being sychronized in a form that can be universally used to create the synchronization configuration.
	Bind(scope constructs.IConstruct) *SecretReferenceConfiguration
}

Represents a resource the can be synchronized into a Kubernetes secret.

type ISecretStore 

type ISecretStore interface {
	constructs.IDependable
	// The name of the secret store as it appears in Kubernetes.
	SecretStoreName() *string
}

Represents a Kubernetes secret store resource.

type KinesisFirehoseCompressionFormat added in v0.0.33 

type KinesisFirehoseCompressionFormat string
const (
	// The Apache Arrow compression format.
	//
	// Only available if the Fluent Fit service being used to send logs to
	// Firehose had Apache Arrow enabled at compile time.
	KinesisFirehoseCompressionFormat_ARROW KinesisFirehoseCompressionFormat = "ARROW"
	// Gzip compression format.
	KinesisFirehoseCompressionFormat_GZIP KinesisFirehoseCompressionFormat = "GZIP"
)

type LiftOptions added in v0.0.33 

type LiftOptions struct {
	// Lift records nested under the this key.
	NestedUnder *string `field:"required" json:"nestedUnder" yaml:"nestedUnder"`
}

type MetadataPolicy 

type MetadataPolicy string

Options for fetching tags/labels from provider secrets. 

const (
	// Fetch tags/labels from provider secrets.
	MetadataPolicy_FETCH MetadataPolicy = "FETCH"
	// Do not fetch tags/labels from provider secrets.
	MetadataPolicy_NONE MetadataPolicy = "NONE"
)

type ModifyCondition added in v0.0.33 

type ModifyCondition interface {
	// Collection of arguments that apply to the condition.
	Args() *[]*string
	// The name of the condition being evaluated.
	Condition() *string
	// Gets a string representation of the arguments of this condition for use in a Fluent Bit plugin field.
	//
	// Returns: A fluent bit value string.
	ToString() *string
}

func ModifyCondition_AKeyMatches added in v0.0.33 

func ModifyCondition_AKeyMatches(regex *string) ModifyCondition

Condition that returns true if any key matches a specified regular expression.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_KeyDoesNotExists added in v0.0.33 

func ModifyCondition_KeyDoesNotExists(key *string) ModifyCondition

Condition that returns true if a specified key does not exist.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_KeyExists added in v0.0.33 

func ModifyCondition_KeyExists(key *string) ModifyCondition

Condition that returns true if a specified key exists.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_KeyValueDoesNotEqual added in v0.0.33 

func ModifyCondition_KeyValueDoesNotEqual(key *string, value *string) ModifyCondition

Condition that returns true if a specified key exists and its value does not match the specified value.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_KeyValueDoesNotMatch added in v0.0.33 

func ModifyCondition_KeyValueDoesNotMatch(key *string, value *string) ModifyCondition

Condition that returns true if a specified key exists and its value does not match the specified regular expression.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_KeyValueEquals added in v0.0.33 

func ModifyCondition_KeyValueEquals(key *string, value *string) ModifyCondition

Condition that returns true if a specified key exists and its value matches the specified value.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_KeyValueMatches added in v0.0.33 

func ModifyCondition_KeyValueMatches(key *string, value *string) ModifyCondition

Condition that returns true if a specified key exists and its value matches the specified regular expression.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_MatchingKeysDoNotHaveMatchingValues added in v0.0.33 

func ModifyCondition_MatchingKeysDoNotHaveMatchingValues(key *string, value *string) ModifyCondition

Condition that returns true if all keys matching a specified regular expression have values that do not match another regular expression.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_MatchingKeysHaveMatchingValues added in v0.0.33 

func ModifyCondition_MatchingKeysHaveMatchingValues(key *string, value *string) ModifyCondition

Condition that returns true if all keys matching a specified regular expression have values that match another regular expression.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_NoKeyMatches added in v0.0.33 

func ModifyCondition_NoKeyMatches(regex *string) ModifyCondition

Condition that returns true if no key matches a specified regular expression.

Returns: A ModifyCondition object representing the condition.

func ModifyCondition_Of added in v0.0.33 

func ModifyCondition_Of(condition *string, args *[]*string) ModifyCondition

An escape hatch method that allows fo defining custom conditions to be evaluated by the modify Fluent Bit filter plugin.

Returns: A ModifyCondition object representing the options provided.

type ModifyOperation added in v0.0.33 

type ModifyOperation interface {
	// Collection of arguments that apply to the operation.
	Args() *[]*string
	// The name of the operation being performed.
	Operation() *string
	// Gets a string representation of the arguments of this operation for use in a Fluent Bit plugin field.
	//
	// Returns: A fluent bit value string.
	ToString() *string
}

func ModifyOperation_Add added in v0.0.33 

func ModifyOperation_Add(key *string, value *string) ModifyOperation

Sets a field in the output to a specific value.

If a field with the same name already exists it will be kept as is.

Returns: A ModifyOperation object representing the add operation.

func ModifyOperation_Copy added in v0.0.33 

func ModifyOperation_Copy(originalKey *string, newKey *string) ModifyOperation

Copies a field from the input to a field with a new name if the field exists and a field with the new name does not exist.

If a field with the new name already exists it is overwritten.

Returns: A ModifyOperation object representing the copy operation.

func ModifyOperation_HardCopy added in v0.0.33 

func ModifyOperation_HardCopy(originalKey *string, newKey *string) ModifyOperation

Copies a field from the input to a field with a new name if the field exists and a field with the new name does not exist.

Returns: A ModifyOperation object representing the copy operation.

func ModifyOperation_HardRename added in v0.0.33 

func ModifyOperation_HardRename(originalKey *string, renamedKey *string) ModifyOperation

Renames a field from the input if the field exists.

If a field with the desired name already exists it is overwritten.

Returns: A ModifyOperation object representing the rename operation.

func ModifyOperation_MoveToEnd added in v0.0.33 

func ModifyOperation_MoveToEnd(key *string) ModifyOperation

Moves fiels matching the given wildcard key to the end of the message.

Returns: A ModifyOperation object representing the move operation.

func ModifyOperation_MoveToStart added in v0.0.33 

func ModifyOperation_MoveToStart(key *string) ModifyOperation

Moves fiels matching the given wildcard key to the start of the message.

Returns: A ModifyOperation object representing the move operation.

func ModifyOperation_Of added in v0.0.33 

func ModifyOperation_Of(operation *string, args *[]*string) ModifyOperation

An escape hatch method that allows fo defining custom operations to be performed by the modify Fluent Bit filter plugin.

Returns: A ModifyOperation object representing the options provided.

func ModifyOperation_Remove added in v0.0.33 

func ModifyOperation_Remove(key *string) ModifyOperation

Removes a field in the output with a specific key.

Returns: A ModifyOperation object representing the remove operation.

func ModifyOperation_RemoveRegex added in v0.0.33 

func ModifyOperation_RemoveRegex(regex *string) ModifyOperation

Removes all fields in the output matching the regular expression.

Returns: A ModifyOperation object representing the remove operation.

func ModifyOperation_RemoveWildcard added in v0.0.33 

func ModifyOperation_RemoveWildcard(key *string) ModifyOperation

Removes all fields in the output matching the wildcard key.

Returns: A ModifyOperation object representing the remove operation.

func ModifyOperation_Rename added in v0.0.33 

func ModifyOperation_Rename(originalKey *string, renamedKey *string) ModifyOperation

Renames a field from the input if the field exists and a field with the new name does not exist.

Returns: A ModifyOperation object representing the rename operation.

func ModifyOperation_Set added in v0.0.33 

func ModifyOperation_Set(key *string, value *string) ModifyOperation

Sets a field in the output to a specific value.

If a field with the same name already exists it will be overridden with the specified value.

Returns: A ModifyOperation object representing the set operation.

type NamespacedExternalSecretOptions 

type NamespacedExternalSecretOptions struct {
	// A collection of field mappings that tells the external secrets operator the structure of the Kubernetes secret to create and which how fields in the Kubernetes secret should map to fields in the secret from the external secret provider.
	Fields *[]*SecretFieldReference `field:"optional" json:"fields" yaml:"fields"`
	// The name of the Kubernetes secret that will be created, as it will appear from within the Kubernetes cluster.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The Kubernetes namespace where the synced secret should be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Configuration options for adding a Kubernetes secret synced from an external provider to a specific Kubernetes namespace.

type NestFilterOperation added in v0.0.33 

type NestFilterOperation interface {
	INestFilterOperation
	// The fields representing configuration options for the operation.
	Fields() *map[string]*[]*string
	// The type of operation to be performed.
	Operation() NestFilterOperationType
}

Operations with exclusive options that can be performed by the Fluent Bit Nest filter plugin.

type NestFilterOperationType added in v0.0.33 

type NestFilterOperationType string

The modes that the Fluent Bit Nest filter plugin can work in. 

const (
	// Lift data from a nested object.
	NestFilterOperationType_LIFT NestFilterOperationType = "LIFT"
	// Nest data into a specified object.
	NestFilterOperationType_NEST NestFilterOperationType = "NEST"
)

type NestOptions added in v0.0.33 

type NestOptions struct {
	// Nest records matching `wildcard` under this key.
	NestUnder *string `field:"required" json:"nestUnder" yaml:"nestUnder"`
	// Nest records which field matches this wildcard,.
	Wildcards *[]*string `field:"required" json:"wildcards" yaml:"wildcards"`
}

type NoopRegistry added in v0.0.33 

type NoopRegistry interface {
	IExternalDnsRegistry
	// The type name of ExternalDNS registry.
	RegistryType() *string
	// Generates an object with all the information needed to use the registry in a given CDK scope.
	//
	// Returns: A configuration object representing the implementation of this
	// registry.
	Bind(_scope constructs.IConstruct) *ExternalDnsRegistryConfiguration
}

A placeholder ExternalDNS registry that says ExternalDNS should use not use a registry.

When configuring ExternalDNS without a registry, the service has no idea the original creator and maintainer of DNS records. This means that there are likely to be conflicts if there are multiple services that could create or change DNS records in the same zone.

func ExternalDnsRegistry_Noop added in v0.0.33 

func ExternalDnsRegistry_Noop() NoopRegistry

A placeholder ExternalDNS registry that says ExternalDNS should use not use a registry.

When configuring ExternalDNS without a registry, the service has no idea the original creator and maintainer of DNS records. This means that there are likely to be conflicts if there are multiple services that could create or change DNS records in the same zone.

Returns: An object that instructs ExternalDNS to not store record ownership information and will perform record updates without validation.

func NewNoopRegistry added in v0.0.33 

func NewNoopRegistry() NoopRegistry

Creates a new instance of the NoopRegistry class.

type OpenSearchOutputBufferSize added in v0.0.33 

type OpenSearchOutputBufferSize interface {
	// The value to use for the OpenSearch buffer output property.
	Value() *string
}

Represents the size of the OpenSeach output buffer to be used by Fluent Bit.

func OpenSearchOutputBufferSize_Bytes added in v0.0.33 

func OpenSearchOutputBufferSize_Bytes(size core.DataSize) OpenSearchOutputBufferSize

Set the output buffer to a specified data size.

Returns: An output buffer size object representing the specified buffer size.

func OpenSearchOutputBufferSize_Of added in v0.0.33 

func OpenSearchOutputBufferSize_Of(value *string) OpenSearchOutputBufferSize

An escape hatch that allows an arbitrary value to be set for the OpenSearch buffer output property.

Returns: A `OpenSearchOutputBufferSize` object representing the passed value.

func OpenSearchOutputBufferSize_UNLIMITED added in v0.0.33 

func OpenSearchOutputBufferSize_UNLIMITED() OpenSearchOutputBufferSize

type ParserPluginDataType added in v0.0.33 

type ParserPluginDataType interface {
	// The name of the data type.
	Name() *string
}

Represents the various types of data that can be mapped in Fluent Bit using a parser plugin.

func ParserPluginDataType_BOOL added in v0.0.33 

func ParserPluginDataType_BOOL() ParserPluginDataType

func ParserPluginDataType_FLOAT added in v0.0.33 

func ParserPluginDataType_FLOAT() ParserPluginDataType

func ParserPluginDataType_HEX added in v0.0.33 

func ParserPluginDataType_HEX() ParserPluginDataType

func ParserPluginDataType_INTEGER added in v0.0.33 

func ParserPluginDataType_INTEGER() ParserPluginDataType

func ParserPluginDataType_LOGFMT added in v0.0.33 

func ParserPluginDataType_LOGFMT() ParserPluginDataType

func ParserPluginDataType_LTSV added in v0.0.33 

func ParserPluginDataType_LTSV() ParserPluginDataType

func ParserPluginDataType_Of added in v0.0.33 

func ParserPluginDataType_Of(name *string) ParserPluginDataType

An escape hatch method that allow specifying arbitrary custom data types.

Returns: An object representing the data type.

func ParserPluginDataType_REGEX added in v0.0.33 

func ParserPluginDataType_REGEX() ParserPluginDataType

func ParserPluginDataType_STRING added in v0.0.33 

func ParserPluginDataType_STRING() ParserPluginDataType

type ResolvedFluentBitConfiguration added in v0.0.33 

type ResolvedFluentBitConfiguration struct {
	// The configuration rended as a configuration file that can be read by the Fluent Bit service.
	ConfigFile *string `field:"required" json:"configFile" yaml:"configFile"`
	// A list of parsers referenced by this plugin.
	Parsers *[]IFluentBitParserPlugin `field:"optional" json:"parsers" yaml:"parsers"`
	// IAM permissions required by resources that will be using this plugin.
	Permissions *[]awsiam.PolicyStatement `field:"optional" json:"permissions" yaml:"permissions"`
}

The output of a Fluent Bit configuration object for consumption be the resource configuring Fluent Bit.

type RewriteTagRule added in v0.0.33 

type RewriteTagRule struct {
	// If a rule matches a rule the filter will emit a copy of the record with the new defined Tag.
	//
	// The property keep takes a boolean value to define if the original
	// record with the old Tag must be preserved and continue in the pipeline
	// or just be discarded.
	// See: [Keep](https://docs.fluentbit.io/manual/pipeline/filters/rewrite-tag#keep)
	//
	Keep *bool `field:"required" json:"keep" yaml:"keep"`
	// The key represents the name of the record key that holds the value that we want to use to match our regular expression.
	//
	// A key name is specified and prefixed with a `$`.
	// See: [Key](https://docs.fluentbit.io/manual/pipeline/filters/rewrite-tag#key)
	//
	Key *string `field:"required" json:"key" yaml:"key"`
	// If a regular expression has matched the value of the defined key in the rule, we are ready to compose a new Tag for that specific record.
	//
	// The tag is a concatenated string that can contain any of the following
	// characters: `a-z,A-Z,0-9` and `.-,`.
	// See: [New Tag](https://docs.fluentbit.io/manual/pipeline/filters/rewrite-tag#new-tag)
	//
	NewTag *string `field:"required" json:"newTag" yaml:"newTag"`
	// Using a simple regular expression we can specify a matching pattern to use against the value of the key specified, also we can take advantage of group capturing to create custom placeholder values.
	// See: [Rubular regex tester](https://rubular.com/)
	//
	Regex *string `field:"required" json:"regex" yaml:"regex"`
}

Defines the matching criteria and the format of the Tag for the rewrite tag Fluent Bit filter plugin. See: [Rules](https://docs.fluentbit.io/manual/pipeline/filters/rewrite-tag#rules)

type Route53Dns added in v0.0.33 

type Route53Dns interface {
	awscdk.Resource
	// Maximum number of retries for AWS API calls before giving up.
	ApiRetries() *float64
	// Set the maximum number of changes that will be applied in each batch.
	BatchChangeSize() *float64
	// The Helm chart that provides the installation of external-dns.
	Chart() awseks.HelmChart
	// The EKS cluster where external-dns should be deployed.
	Cluster() awseks.ICluster
	// The domain suffixes that control which hosted zones external-dns is allowed to make changes for.
	DomainFilter() *[]*string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// Sets a flag determining whether the health of the backend service should be evaluated when determining DNS routing.
	EvaluateTargetHealth() *bool
	// Sets the output format external dns will use when generating logs.
	LogFormat() ExternalDnsLogFormat
	// Controls the verbosity of logs generated using the external-dns service.
	LogLevel() ExternalDnsLogLevel
	// The Kubernetes namespace where the service should be deployed.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// When true, alias records will be avoided and CNAME records will be used instead.
	PreferCname() *bool
	// Registry specifying how ExternalDNS should track record ownership.
	//
	// Without a registry to track record ownership, External has no way to know
	// which records it owns and manages and which are owned and managed by a
	// different service.
	//
	// This can cause conflicts if there are multiple instances of External DNS
	// running or if there are other services managing DNS records in similar
	// zones as the different services could try to make conflicting changes due
	// to lacking a shared state.
	RecordOwnershipRegistry() IExternalDnsRegistry
	// Override the default region external-dns uses when calling AWS API's.
	Region() *string
	// Desired number of ExternalDNS replicas.
	ReplicaCount() *float64
	// The Kubernetes service account that is linked with the IAM Role that allows external-dns to make changes on your behalf.
	ServiceAccount() awseks.ServiceAccount
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Controls the operations ExternalDNS will perform on the records it manages.
	SyncPolicy() ExternalDnsSyncPolicy
	// The AWS tags that control which hosted zones external-dns is allowed to make changes for.
	ZoneTags() *[]*ExternalDnsZoneTag
	// Controls the types of hosted zones external-dns will create records for.
	ZoneType() ExternalDnsZoneType
	// Adds a domain to the domain filter list.
	//
	// The domain filter list acts as a whitelist for the domains/hosted zones
	// which external-dns will manage.
	//
	// When domains are added to the domain filter list, external-dns will only
	// create and manage records when their domain ends in with a domain that has
	// been approved.
	//
	// Returns: The external-dns service object that the domain filter was added
	// for.
	AddDomainFilter(domain *string) Route53Dns
	// Adds a zone tag filter to the external DNS service.
	//
	// When zone tags are provided only Routew 53 Hosted Zones that have matching
	// tags will be managed by external DNS.
	//
	// Returns: The external-dns service object that the zone tag was added for.
	AddZoneTag(tag *ExternalDnsZoneTag) Route53Dns
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

External DNS is a Kubernetes service that make Kubernetes resources dicoverable via public DNS servers.

It retrieves a list of resources (Services, Ingresses, etc.) from the Kubernetes API to determine a desired list of DNS records and configures DNS providers accordingly.

The version provided here specifically targets Amazon's Route 53 service and all options provded are for configuring Route 53. After being installed external-dns will create and manage Route 53 DNS records automatically to allow easy network access to your pods and services. See: [Kubernetes SIGs](https://github.com/kubernetes-sigs/external-dns)

func NewRoute53Dns added in v0.0.33 

func NewRoute53Dns(scope constructs.Construct, id *string, props *Route53DnsProps) Route53Dns

Creates a new instance of the Route53Dns class.

type Route53DnsOptions added in v0.0.33 

type Route53DnsOptions struct {
	// Maximum number of retries for AWS API calls before giving up.
	ApiRetries *float64 `field:"optional" json:"apiRetries" yaml:"apiRetries"`
	// Set the maximum number of changes that will be applied in each batch.
	BatchChangeSize *float64 `field:"optional" json:"batchChangeSize" yaml:"batchChangeSize"`
	// Limits possible target zones by domain suffixes.
	DomainFilter *[]*string `field:"optional" json:"domainFilter" yaml:"domainFilter"`
	// Sets a flag determining whether the health of the backend service should be evaluated when determining DNS routing.
	EvaluateTargetHealth *bool `field:"optional" json:"evaluateTargetHealth" yaml:"evaluateTargetHealth"`
	// Sets the output format external dns will use when generating logs.
	LogFormat ExternalDnsLogFormat `field:"optional" json:"logFormat" yaml:"logFormat"`
	// Controls the verbosity of logs generated using the external-dns service.
	LogLevel ExternalDnsLogLevel `field:"optional" json:"logLevel" yaml:"logLevel"`
	// The Kubernetes namespace where the service should be deployed.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
	// When true, alias records will be avoided and CNAME records will be used instead.
	PreferCname *bool `field:"optional" json:"preferCname" yaml:"preferCname"`
	// Registry specifying how ExternalDNS should track record ownership.
	//
	// Without a registry to track record ownership, External has no way to know
	// which records it owns and manages and which are owned and managed by a
	// different service.
	//
	// This can cause conflicts if there are multiple instances of External DNS
	// running or if there are other services managing DNS records in similar
	// zones as the different services could try to make conflicting changes due
	// to lacking a shared state.
	RecordOwnershipRegistry IExternalDnsRegistry `field:"optional" json:"recordOwnershipRegistry" yaml:"recordOwnershipRegistry"`
	// Override the default region external-dns uses when calling AWS API's.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// Desired number of ExternalDNS replicas.
	ReplicaCount *float64 `field:"optional" json:"replicaCount" yaml:"replicaCount"`
	// Controls the operations ExternalDNS will perform on the records it manages.
	SyncPolicy ExternalDnsSyncPolicy `field:"optional" json:"syncPolicy" yaml:"syncPolicy"`
	// A set of tags that can be used to restrict which hosted zones external DNS will make changes to.
	ZoneTags *[]*ExternalDnsZoneTag `field:"optional" json:"zoneTags" yaml:"zoneTags"`
	// Controls the types of hosted zones external-dns will create records for.
	ZoneType ExternalDnsZoneType `field:"optional" json:"zoneType" yaml:"zoneType"`
}

Optional configuration for the Route53Dns resource.

type Route53DnsProps added in v0.0.33 

type Route53DnsProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// Override the default region external-dns uses when calling AWS API's.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// Maximum number of retries for AWS API calls before giving up.
	ApiRetries *float64 `field:"optional" json:"apiRetries" yaml:"apiRetries"`
	// Set the maximum number of changes that will be applied in each batch.
	BatchChangeSize *float64 `field:"optional" json:"batchChangeSize" yaml:"batchChangeSize"`
	// Limits possible target zones by domain suffixes.
	DomainFilter *[]*string `field:"optional" json:"domainFilter" yaml:"domainFilter"`
	// Sets a flag determining whether the health of the backend service should be evaluated when determining DNS routing.
	EvaluateTargetHealth *bool `field:"optional" json:"evaluateTargetHealth" yaml:"evaluateTargetHealth"`
	// Sets the output format external dns will use when generating logs.
	LogFormat ExternalDnsLogFormat `field:"optional" json:"logFormat" yaml:"logFormat"`
	// Controls the verbosity of logs generated using the external-dns service.
	LogLevel ExternalDnsLogLevel `field:"optional" json:"logLevel" yaml:"logLevel"`
	// The Kubernetes namespace where the service should be deployed.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
	// When true, alias records will be avoided and CNAME records will be used instead.
	PreferCname *bool `field:"optional" json:"preferCname" yaml:"preferCname"`
	// Registry specifying how ExternalDNS should track record ownership.
	//
	// Without a registry to track record ownership, External has no way to know
	// which records it owns and manages and which are owned and managed by a
	// different service.
	//
	// This can cause conflicts if there are multiple instances of External DNS
	// running or if there are other services managing DNS records in similar
	// zones as the different services could try to make conflicting changes due
	// to lacking a shared state.
	RecordOwnershipRegistry IExternalDnsRegistry `field:"optional" json:"recordOwnershipRegistry" yaml:"recordOwnershipRegistry"`
	// Desired number of ExternalDNS replicas.
	ReplicaCount *float64 `field:"optional" json:"replicaCount" yaml:"replicaCount"`
	// Controls the operations ExternalDNS will perform on the records it manages.
	SyncPolicy ExternalDnsSyncPolicy `field:"optional" json:"syncPolicy" yaml:"syncPolicy"`
	// A set of tags that can be used to restrict which hosted zones external DNS will make changes to.
	ZoneTags *[]*ExternalDnsZoneTag `field:"optional" json:"zoneTags" yaml:"zoneTags"`
	// Controls the types of hosted zones external-dns will create records for.
	ZoneType ExternalDnsZoneType `field:"optional" json:"zoneType" yaml:"zoneType"`
	// The EKS cluster where external-dns should be deployed.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
}

Full configuration for the Route53Dns resource.

type SecretFieldReference 

type SecretFieldReference struct {
	// The name of the data key to be used for the field in the imported Kubernetes secret.
	KubernetesKey *string `field:"required" json:"kubernetesKey" yaml:"kubernetesKey"`
	// Policy for fetching tags/labels from provider secrets.
	MetadataPolicy MetadataPolicy `field:"optional" json:"metadataPolicy" yaml:"metadataPolicy"`
	// The JSON key for the field in the secret being imported.
	RemoteKey *string `field:"optional" json:"remoteKey" yaml:"remoteKey"`
}

Options for how to synchronize a specific field in a secret being imported.

type SecretReferenceConfiguration 

type SecretReferenceConfiguration struct {
	// The ID of the secret to be imported from the provider.
	RemoteRef *string `field:"required" json:"remoteRef" yaml:"remoteRef"`
	// A mapping of fields and per field options to use when synchronizing a secret from a provider.
	Fields *[]*SecretFieldReference `field:"optional" json:"fields" yaml:"fields"`
}

Configuration detailing how secrets are to be synchronized.

type SecretsManagerReference 

type SecretsManagerReference interface {
	ISecretReference
	// An array of field mappings which will be applied to this secret reference when mapping keys from SecretsManager JSON objects to keys in the imported secret.
	Fields() *[]*SecretFieldReference
	// The secret being referenced to import into Kubernetes.
	Secret() awssecretsmanager.ISecret
	// Adds a field mapping that specifies how a field from a Secrets Manager JSON secret should be mapped into the imported Kubernetes secret.
	//
	// Returns: The `SecretsManagerReference` where the mapping was added.
	AddFieldMapping(field *SecretFieldReference) SecretsManagerReference
	// Binds the reference to an object that is in charge of generating the manifest for the external secret.
	//
	// Returns: A configuration object providing the details needed to build
	// the external secret Kubernetes resource.
	Bind(_scope constructs.IConstruct) *SecretReferenceConfiguration
}

Defines a reference for importing and synchronizing a Secrets Manager secret to a Kubernetes secret.

func NewSecretsManagerReference 

func NewSecretsManagerReference(secret awssecretsmanager.ISecret, options *SecretsManagerReferenceOptions) SecretsManagerReference

Creates a new instance of the SecretsManagerReference class.

type SecretsManagerReferenceOptions 

type SecretsManagerReferenceOptions struct {
	// Defines a mapping of how JSON keys in the Secrets Manager secret should appear in the imported Kubernetes secret.
	Fields *[]*SecretFieldReference `field:"optional" json:"fields" yaml:"fields"`
}

Configuration options for referencing a Secrets Manager secret as a Kubernetes secret.

type SecretsManagerSecretStore 

type SecretsManagerSecretStore interface {
	AwsSecretStore
	// The EKS cluster where the secret store should be created.
	Cluster() awseks.ICluster
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Kubernetes manifest that defines the secret store.
	Manifest() awseks.KubernetesManifest
	// A human friendly name for the secret store.
	Name() *string
	// The Kubernetes namespace where the secret store should be created.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The name of the secret store as it appears in Kubernetes.
	SecretStoreName() *string
	// The name of the service provider backing the secret store.
	Service() *string
	// A Kubernetes service account mapped to an IAM role that provides the necessary permissions to sychronize secrets from an AWS rpvoder.
	ServiceAccount() awseks.ServiceAccount
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Registers a new Secrets Manager secret to be synchronized into Kubernetes.
	//
	// Returns: The external secret configuration that was added.
	AddSecret(id *string, secret awssecretsmanager.ISecret, options *ExternalSecretOptions) ExternalSecret
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A secret store that allows secrets from AWS Secrets Managers to be synchronized into Kubernetes as Kubernetes secrets.

func NewSecretsManagerSecretStore 

func NewSecretsManagerSecretStore(scope constructs.Construct, id *string, props *SecretsManagerSecretStoreProps) SecretsManagerSecretStore

Creates a new instance of the SecretsManagerSecretStore class.

type SecretsManagerSecretStoreProps 

type SecretsManagerSecretStoreProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS cluster where the secret store should be created.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
	// A human friendly name for the secret store.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The Kubernetes namespace where the secret store should be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Configuration options for adding a new secret store resource.

type SsmParameterReference 

type SsmParameterReference interface {
	ISecretReference
	// An array of field mappings which will be applied to this secret reference when mapping keys from SSM parameter JSON objects to keys in the imported secret.
	Fields() *[]*SecretFieldReference
	// The SSM parameter being referenced to import into Kubernetes.
	Parameter() awsssm.IParameter
	// Adds a field mapping that specifies how a field from an SSM JSON parameter should be mapped into the imported Kubernetes secret.
	//
	// Returns: The `SsmParameterReference` where the mapping was added.
	AddFieldMapping(field *SecretFieldReference) SsmParameterReference
	// Binds the reference to an object that is in charge of generating the manifest for the external secret.
	//
	// Returns: A configuration object providing the details needed to build
	// the external secret Kubernetes resource.
	Bind(_scope constructs.IConstruct) *SecretReferenceConfiguration
}

Defines a reference for importing and synchronizing an SSM parameter to a Kubernetes secret.

func NewSsmParameterReference 

func NewSsmParameterReference(parameter awsssm.IParameter, options *SsmParameterReferenceOptions) SsmParameterReference

Creates a new instance of the SsmParameterReference class.

type SsmParameterReferenceOptions 

type SsmParameterReferenceOptions struct {
	// Defines a mapping of how JSON keys in the SSM parameter should appear in the imported Kubernetes secret.
	Fields *[]*SecretFieldReference `field:"optional" json:"fields" yaml:"fields"`
}

Configuration options for referencing an SSM parameter as a Kubernetes secret.

type SsmParameterSecretStore 

type SsmParameterSecretStore interface {
	AwsSecretStore
	// The EKS cluster where the secret store should be created.
	Cluster() awseks.ICluster
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The Kubernetes manifest that defines the secret store.
	Manifest() awseks.KubernetesManifest
	// A human friendly name for the secret store.
	Name() *string
	// The Kubernetes namespace where the secret store should be created.
	Namespace() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//    cross-environment scenarios.
	PhysicalName() *string
	// The name of the secret store as it appears in Kubernetes.
	SecretStoreName() *string
	// The name of the service provider backing the secret store.
	Service() *string
	// A Kubernetes service account mapped to an IAM role that provides the necessary permissions to sychronize secrets from an AWS rpvoder.
	ServiceAccount() awseks.ServiceAccount
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Registers a new SSSM parameter to be synchronized into Kubernetes.
	//
	// Returns: The external secret configuration that was added.
	AddSecret(id *string, parameter awsssm.IParameter, options *ExternalSecretOptions) ExternalSecret
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A secret store that allows parameters from Systems Manager to be synchronized into Kubernetes as Kubernetes secrets.

func NewSsmParameterSecretStore 

func NewSsmParameterSecretStore(scope constructs.Construct, id *string, props *SsmParameterSecretStoreProps) SsmParameterSecretStore

Creates a new instance of the SsmParameterSecretStore class.

type SsmParameterSecretStoreProps 

type SsmParameterSecretStoreProps struct {
	// The AWS account ID this resource belongs to.
	Account *string `field:"optional" json:"account" yaml:"account"`
	// ARN to deduce region and account from.
	//
	// The ARN is parsed and the account and region are taken from the ARN.
	// This should be used for imported resources.
	//
	// Cannot be supplied together with either `account` or `region`.
	EnvironmentFromArn *string `field:"optional" json:"environmentFromArn" yaml:"environmentFromArn"`
	// The value passed in by users to the physical name prop of the resource.
	//
	// - `undefined` implies that a physical name will be allocated by
	//    CloudFormation during deployment.
	// - a concrete value implies a specific physical name
	// - `PhysicalName.GENERATE_IF_NEEDED` is a marker that indicates that a physical will only be generated
	//    by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.
	PhysicalName *string `field:"optional" json:"physicalName" yaml:"physicalName"`
	// The AWS region this resource belongs to.
	Region *string `field:"optional" json:"region" yaml:"region"`
	// The EKS cluster where the secret store should be created.
	Cluster awseks.ICluster `field:"required" json:"cluster" yaml:"cluster"`
	// A human friendly name for the secret store.
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The Kubernetes namespace where the secret store should be created.
	Namespace *string `field:"optional" json:"namespace" yaml:"namespace"`
}

Configuration options for adding a new secret store resource.

type TxtRegistry added in v0.0.33 

type TxtRegistry interface {
	IExternalDnsRegistry
	// A unique identifier that is used to establish ownership of managed DNS records.
	//
	// Prevents conflicts in the event of multiple clusters running external-dns.
	OwnerId() *string
	// A prefix to be added top TXT ownership records.
	//
	// By default, the ownership record is a TXT record with the same name as the
	// managed record that was created. This causes issues as some record types
	// (CNAME's) do not allow duplicate records of a different type.
	//
	// This prefix is used to prevent such name collissions while still allowing
	// DNS ownership records to be created.
	Prefix() *string
	// The type name of ExternalDNS registry.
	RegistryType() *string
	// Generates an object with all the information needed to use the registry in a given CDK scope.
	//
	// Returns: A configuration object representing the implementation of this
	// registry.
	Bind(scope constructs.IConstruct) *ExternalDnsRegistryConfiguration
}

An ExternalDNS registry that tracks DNS record ownership information using DNS TXT records. See: [About TXT records](https://support.google.com/a/answer/2716800?hl=en)

func ExternalDnsRegistry_Txt added in v0.0.33 

func ExternalDnsRegistry_Txt(options *TxtRegistryOptions) TxtRegistry

An ExternalDNS registry that tracks DNS record ownership information using DNS TXT records.

Returns: A ExternalDNS registry object configured to use DNS TXT records for ownership information. See: [About TXT records](https://support.google.com/a/answer/2716800?hl=en)

func NewTxtRegistry added in v0.0.33 

func NewTxtRegistry(options *TxtRegistryOptions) TxtRegistry

Creates a new instance of the NoopRegistry class.

type TxtRegistryOptions added in v0.0.33 

type TxtRegistryOptions struct {
	// A unique identifier that is used to establish ownership of managed DNS records.
	//
	// Prevents conflicts in the event of multiple clusters running external-dns.
	OwnerId *string `field:"optional" json:"ownerId" yaml:"ownerId"`
	// A prefix to be added top TXT ownership records.
	//
	// By default, the ownership record is a TXT record with the same name as the
	// managed record that was created. This causes issues as some record types
	// (CNAME's) do not allow duplicate records of a different type.
	//
	// This prefix is used to prevent such name collissions while still allowing
	// DNS ownership records to be created.
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}

Configuration options for setting up a TXT registry for ExternalDNS.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.