Class: AWSCDK::Logs::CfnAccountPolicy
- Inherits:
-
CfnResource
- Object
- CfnResource
- AWSCDK::Logs::CfnAccountPolicy
- Includes:
- IInspectable, Interfaces::AWSLogs::IAccountPolicyRef
- Defined in:
- logs/cfn_account_policy.rb
Overview
Creates or updates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.
Data protection policy
A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.
If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.
For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking .
To create an account-level policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.
An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
Subscription filter policy
A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other AWS services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams , Firehose , and Lambda . When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
The following destinations are supported for subscription filters:
- An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
- An Firehose data stream in the same account as the subscription policy, for same-account delivery.
- A Lambda function in the same account as the subscription policy, for same-account delivery.
- A logical destination in a different account created with PutDestination , for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in PolicyName . To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.
Field index policy
You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes lowers the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs
For example, suppose you have created a field index for request_id . Then, any CloudWatch Logs Insights query on that log group that includes requestId = *value* or requestId IN [ *value* , *value* , ...] will attempt to process only the log events where the indexed field matches the specified value.
Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing request_id .
You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the SelectionCriteria parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log , you can't have another field index policy filtered to my-logpprod or my-logging .
Transformer policy
A log transformer policy transforms ingested log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.
You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.
A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use .
Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major AWS log sources such as VPC flow logs, Lambda , and Amazon RDS . You can use pre-built transformation templates or create custom transformation policies.
You can create transformers only for the log groups in the Standard log class.
You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selection_criteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log , you can't have another field index policy filtered to my-logpprod or my-logging .
You can also set up a transformer at the log-group level. For more information, see AWS::Logs::Transformer . If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.
Class Method Summary collapse
-
.CFN_RESOURCE_TYPE_NAME ⇒ String
The CloudFormation resource type name for this resource class.
-
.is_cfn_account_policy(x) ⇒ Boolean
Checks whether the given object is a CfnAccountPolicy.
- .jsii_overridable_methods ⇒ Object
Instance Method Summary collapse
-
#account_policy_ref ⇒ AWSCDK::Interfaces::AWSLogs::AccountPolicyReference
A reference to a AccountPolicy resource.
-
#add_deletion_override(path) ⇒ void
Syntactic sugar for
addOverride(path, undefined). -
#add_dependency(target) ⇒ void
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
-
#add_depends_on(target) ⇒ void
deprecated
Deprecated.
use addDependency
-
#add_metadata(key, value) ⇒ void
Add a value to the CloudFormation Resource Metadata.
-
#add_override(path, value) ⇒ void
Adds an override to the synthesized CloudFormation resource.
-
#add_property_deletion_override(property_path) ⇒ void
Adds an override that deletes the value of a property from the resource definition.
-
#add_property_override(property_path, value) ⇒ void
Adds an override to a resource property.
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Sets the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy = nil, options = nil) ⇒ void
Sets the deletion policy of the resource based on the removal policy specified.
-
#attr_account_id ⇒ String
The account ID of the account where this policy was created.
-
#cfn_options ⇒ AWSCDK::ICfnResourceOptions
Options for this resource, such as condition, update policy etc.
- #cfn_properties ⇒ Hash{String => Object}
- #cfn_property_name(cdk_property_name) ⇒ String?
- #cfn_property_names ⇒ Hash{String => String}
-
#cfn_resource_type ⇒ String
AWS resource type.
- #creation_stack ⇒ Array<String>
- #env ⇒ AWSCDK::Interfaces::ResourceEnvironment
-
#get_att(attribute_name, type_hint = nil) ⇒ AWSCDK::Reference
Returns a token for an runtime attribute of this resource.
-
#get_metadata(key) ⇒ Object
Retrieve a value value from the CloudFormation Resource Metadata.
-
#initialize(scope, id, props) ⇒ CfnAccountPolicy
constructor
Create a new
AWS::Logs::AccountPolicy. -
#inspect(inspector) ⇒ void
Examines the CloudFormation resource and discloses attributes.
-
#logical_id ⇒ String
The logical ID for this CloudFormation stack element.
-
#node ⇒ Constructs::Node
The tree node.
-
#obtain_dependencies ⇒ Array<AWSCDK::CfnResource, AWSCDK::Stack>
Retrieves an array of resources this resource depends on.
-
#obtain_resource_dependencies ⇒ Array<AWSCDK::CfnResource>
Get a shallow copy of dependencies between this resource and other resources in the same stack.
-
#override_logical_id(new_logical_id) ⇒ void
Overrides the auto-generated logical ID with a specific ID.
-
#policy_document ⇒ String
Specify the policy, in JSON.
- #policy_document=(value) ⇒ Object
-
#policy_name ⇒ String
A name for the policy.
- #policy_name=(value) ⇒ Object
-
#policy_type ⇒ String
The type of policy that you're creating or updating.
- #policy_type=(value) ⇒ Object
-
#ref ⇒ String
Return a string that will be resolved to a CloudFormation
{ Ref }for this element. -
#remove_dependency(target) ⇒ void
Indicates that this resource no longer depends on another resource.
- #render_properties(props) ⇒ Hash{String => Object}
-
#replace_dependency(target, new_target) ⇒ void
Replaces one dependency with another.
-
#scope ⇒ String?
Currently the only valid value for this parameter is
ALL, which specifies that the policy applies to all log groups in the account. - #scope=(value) ⇒ Object
-
#selection_criteria ⇒ String?
Use this parameter to apply the new policy to a subset of log groups in the account.
- #selection_criteria=(value) ⇒ Object
-
#should_synthesize ⇒ Boolean
Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
-
#stack ⇒ AWSCDK::Stack
The stack in which this element is defined.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#updated_properites ⇒ Hash{String => Object}
deprecated
Deprecated.
use
updatedPropertiesReturn properties modified after initiation Resources that expose mutable properties should override this function to collect and return the properties object for this resource. -
#updated_properties ⇒ Hash{String => Object}
Return properties modified after initiation.
- #validate_properties(_properties) ⇒ void
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Constructor Details
#initialize(scope, id, props) ⇒ CfnAccountPolicy
Create a new AWS::Logs::AccountPolicy.
72 73 74 75 76 77 78 |
# File 'logs/cfn_account_policy.rb', line 72 def initialize(scope, id, props) props = props.is_a?(Hash) ? ::AWSCDK::Logs::CfnAccountPolicyProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbG9ncy5DZm5BY2NvdW50UG9saWN5UHJvcHMifQ==")), "props") Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.CFN_RESOURCE_TYPE_NAME ⇒ String
The CloudFormation resource type name for this resource class.
229 230 231 |
# File 'logs/cfn_account_policy.rb', line 229 def self.CFN_RESOURCE_TYPE_NAME() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_logs.CfnAccountPolicy", "CFN_RESOURCE_TYPE_NAME") end |
.is_cfn_account_policy(x) ⇒ Boolean
Checks whether the given object is a CfnAccountPolicy.
131 132 133 134 |
# File 'logs/cfn_account_policy.rb', line 131 def self.is_cfn_account_policy(x) Jsii::Type.check_type(x, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "x") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_logs.CfnAccountPolicy", "isCfnAccountPolicy", [x]) end |
.jsii_overridable_methods ⇒ Object
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'logs/cfn_account_policy.rb', line 80 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :creation_stack => { kind: :property, name: "creationStack", is_optional: false }, :logical_id => { kind: :property, name: "logicalId", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :ref => { kind: :property, name: "ref", is_optional: false }, :cfn_options => { kind: :property, name: "cfnOptions", is_optional: false }, :cfn_properties => { kind: :property, name: "cfnProperties", is_optional: false }, :cfn_property_names => { kind: :property, name: "cfnPropertyNames", is_optional: false }, :cfn_resource_type => { kind: :property, name: "cfnResourceType", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :updated_properites => { kind: :property, name: "updatedProperites", is_optional: false }, :updated_properties => { kind: :property, name: "updatedProperties", is_optional: false }, :account_policy_ref => { kind: :property, name: "accountPolicyRef", is_optional: false }, :attr_account_id => { kind: :property, name: "attrAccountId", is_optional: false }, :policy_document => { kind: :property, name: "policyDocument", is_optional: false }, :policy_name => { kind: :property, name: "policyName", is_optional: false }, :policy_type => { kind: :property, name: "policyType", is_optional: false }, :scope => { kind: :property, name: "scope", is_optional: true }, :selection_criteria => { kind: :property, name: "selectionCriteria", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :override_logical_id => { kind: :method, name: "overrideLogicalId", is_optional: false }, :add_deletion_override => { kind: :method, name: "addDeletionOverride", is_optional: false }, :add_dependency => { kind: :method, name: "addDependency", is_optional: false }, :add_depends_on => { kind: :method, name: "addDependsOn", is_optional: false }, :add_metadata => { kind: :method, name: "addMetadata", is_optional: false }, :add_override => { kind: :method, name: "addOverride", is_optional: false }, :add_property_deletion_override => { kind: :method, name: "addPropertyDeletionOverride", is_optional: false }, :add_property_override => { kind: :method, name: "addPropertyOverride", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :cfn_property_name => { kind: :method, name: "cfnPropertyName", is_optional: false }, :get_att => { kind: :method, name: "getAtt", is_optional: false }, :get_metadata => { kind: :method, name: "getMetadata", is_optional: false }, :obtain_dependencies => { kind: :method, name: "obtainDependencies", is_optional: false }, :obtain_resource_dependencies => { kind: :method, name: "obtainResourceDependencies", is_optional: false }, :remove_dependency => { kind: :method, name: "removeDependency", is_optional: false }, :render_properties => { kind: :method, name: "renderProperties", is_optional: false }, :replace_dependency => { kind: :method, name: "replaceDependency", is_optional: false }, :should_synthesize => { kind: :method, name: "shouldSynthesize", is_optional: false }, :validate_properties => { kind: :method, name: "validateProperties", is_optional: false }, :inspect => { kind: :method, name: "inspect", is_optional: false }, } end |
Instance Method Details
#account_policy_ref ⇒ AWSCDK::Interfaces::AWSLogs::AccountPolicyReference
A reference to a AccountPolicy resource.
236 237 238 |
# File 'logs/cfn_account_policy.rb', line 236 def account_policy_ref() jsii_get_property("accountPolicyRef") end |
#add_deletion_override(path) ⇒ void
This method returns an undefined value.
Syntactic sugar for addOverride(path, undefined).
345 346 347 348 |
# File 'logs/cfn_account_policy.rb', line 345 def add_deletion_override(path) Jsii::Type.check_type(path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "path") jsii_call_method("addDeletionOverride", [path]) end |
#add_dependency(target) ⇒ void
This method returns an undefined value.
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.
357 358 359 360 |
# File 'logs/cfn_account_policy.rb', line 357 def add_dependency(target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target") jsii_call_method("addDependency", [target]) end |
#add_depends_on(target) ⇒ void
use addDependency
This method returns an undefined value.
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
367 368 369 370 |
# File 'logs/cfn_account_policy.rb', line 367 def add_depends_on(target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target") jsii_call_method("addDependsOn", [target]) end |
#add_metadata(key, value) ⇒ void
This method returns an undefined value.
Add a value to the CloudFormation Resource Metadata.
378 379 380 381 382 |
# File 'logs/cfn_account_policy.rb', line 378 def (key, value) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "value") jsii_call_method("addMetadata", [key, value]) end |
#add_override(path, value) ⇒ void
This method returns an undefined value.
Adds an override to the synthesized CloudFormation resource.
To add a
property override, either use add_property_override or prefix path with
"Properties." (i.e. Properties.TopicName).
If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.
To include a literal . in the property name, prefix with a \. In most
programming languages you will need to write this as "\\." because the
\ itself will need to be escaped.
For example,
# Example automatically generated from non-compiling source. May contain errors.
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")
would add the overrides
"Properties": {
"GlobalSecondaryIndexes": [
{
"Projection": {
"NonKeyAttributes": [ "myattribute" ]
...
}
...
},
{
"ProjectionType": "INCLUDE"
...
},
]
...
}
The value argument to add_override will not be processed or translated
in any way. Pass raw JSON values in here with the correct capitalization
for CloudFormation. If you pass CDK classes or structs, they will be
rendered with lowercased key names, and CloudFormation will reject the
template.
435 436 437 438 439 |
# File 'logs/cfn_account_policy.rb', line 435 def add_override(path, value) Jsii::Type.check_type(path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "path") Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "value") jsii_call_method("addOverride", [path, value]) end |
#add_property_deletion_override(property_path) ⇒ void
This method returns an undefined value.
Adds an override that deletes the value of a property from the resource definition.
445 446 447 448 |
# File 'logs/cfn_account_policy.rb', line 445 def add_property_deletion_override(property_path) Jsii::Type.check_type(property_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "propertyPath") jsii_call_method("addPropertyDeletionOverride", [property_path]) end |
#add_property_override(property_path, value) ⇒ void
This method returns an undefined value.
Adds an override to a resource property.
Syntactic sugar for addOverride("Properties.<...>", value).
457 458 459 460 461 |
# File 'logs/cfn_account_policy.rb', line 457 def add_property_override(property_path, value) Jsii::Type.check_type(property_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "propertyPath") Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "value") jsii_call_method("addPropertyOverride", [property_path, value]) end |
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Sets the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified strength instead of the global default from the consuming stack's context.
470 471 472 473 |
# File 'logs/cfn_account_policy.rb', line 470 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy = nil, options = nil) ⇒ void
This method returns an undefined value.
Sets the deletion policy of the resource based on the removal policy specified.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some
cases, a snapshot can be taken of the resource prior to deletion
(RemovalPolicy.SNAPSHOT). A list of resources that support this policy
can be found in the following link:
492 493 494 495 496 497 |
# File 'logs/cfn_account_policy.rb', line 492 def apply_removal_policy(policy = nil, = nil) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") unless policy.nil? = .is_a?(Hash) ? ::AWSCDK::RemovalPolicyOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5T3B0aW9ucyJ9")), "options") unless .nil? jsii_call_method("applyRemovalPolicy", [policy, ]) end |
#attr_account_id ⇒ String
The account ID of the account where this policy was created.
For example, 123456789012 .
245 246 247 |
# File 'logs/cfn_account_policy.rb', line 245 def attr_account_id() jsii_get_property("attrAccountId") end |
#cfn_options ⇒ AWSCDK::ICfnResourceOptions
Options for this resource, such as condition, update policy etc.
182 183 184 |
# File 'logs/cfn_account_policy.rb', line 182 def () jsii_get_property("cfnOptions") end |
#cfn_properties ⇒ Hash{String => Object}
187 188 189 |
# File 'logs/cfn_account_policy.rb', line 187 def cfn_properties() jsii_get_property("cfnProperties") end |
#cfn_property_name(cdk_property_name) ⇒ String?
501 502 503 504 |
# File 'logs/cfn_account_policy.rb', line 501 def cfn_property_name(cdk_property_name) Jsii::Type.check_type(cdk_property_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cdkPropertyName") jsii_call_method("cfnPropertyName", [cdk_property_name]) end |
#cfn_property_names ⇒ Hash{String => String}
192 193 194 |
# File 'logs/cfn_account_policy.rb', line 192 def cfn_property_names() jsii_get_property("cfnPropertyNames") end |
#cfn_resource_type ⇒ String
AWS resource type.
199 200 201 |
# File 'logs/cfn_account_policy.rb', line 199 def cfn_resource_type() jsii_get_property("cfnResourceType") end |
#creation_stack ⇒ Array<String>
144 145 146 |
# File 'logs/cfn_account_policy.rb', line 144 def creation_stack() jsii_get_property("creationStack") end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
204 205 206 |
# File 'logs/cfn_account_policy.rb', line 204 def env() jsii_get_property("env") end |
#get_att(attribute_name, type_hint = nil) ⇒ AWSCDK::Reference
Returns a token for an runtime attribute of this resource.
Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility
in case there is no generated attribute.
514 515 516 517 518 |
# File 'logs/cfn_account_policy.rb', line 514 def get_att(attribute_name, type_hint = nil) Jsii::Type.check_type(attribute_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "attributeName") Jsii::Type.check_type(type_hint, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZXNvbHV0aW9uVHlwZUhpbnQifQ==")), "typeHint") unless type_hint.nil? jsii_call_method("getAtt", [attribute_name, type_hint]) end |
#get_metadata(key) ⇒ Object
Retrieve a value value from the CloudFormation Resource Metadata.
525 526 527 528 |
# File 'logs/cfn_account_policy.rb', line 525 def (key) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key") jsii_call_method("getMetadata", [key]) end |
#inspect(inspector) ⇒ void
This method returns an undefined value.
Examines the CloudFormation resource and discloses attributes.
595 596 597 598 |
# File 'logs/cfn_account_policy.rb', line 595 def inspect(inspector) Jsii::Type.check_type(inspector, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5UcmVlSW5zcGVjdG9yIn0=")), "inspector") jsii_call_method("inspect", [inspector]) end |
#logical_id ⇒ String
The logical ID for this CloudFormation stack element.
The logical ID of the element is calculated from the path of the resource node in the construct tree.
To override this value, use override_logical_id(new_logical_id).
156 157 158 |
# File 'logs/cfn_account_policy.rb', line 156 def logical_id() jsii_get_property("logicalId") end |
#node ⇒ Constructs::Node
The tree node.
139 140 141 |
# File 'logs/cfn_account_policy.rb', line 139 def node() jsii_get_property("node") end |
#obtain_dependencies ⇒ Array<AWSCDK::CfnResource, AWSCDK::Stack>
Retrieves an array of resources this resource depends on.
This assembles dependencies on resources across stacks (including nested stacks) automatically.
536 537 538 |
# File 'logs/cfn_account_policy.rb', line 536 def obtain_dependencies() jsii_call_method("obtainDependencies", []) end |
#obtain_resource_dependencies ⇒ Array<AWSCDK::CfnResource>
Get a shallow copy of dependencies between this resource and other resources in the same stack.
543 544 545 |
# File 'logs/cfn_account_policy.rb', line 543 def obtain_resource_dependencies() jsii_call_method("obtainResourceDependencies", []) end |
#override_logical_id(new_logical_id) ⇒ void
This method returns an undefined value.
Overrides the auto-generated logical ID with a specific ID.
336 337 338 339 |
# File 'logs/cfn_account_policy.rb', line 336 def override_logical_id(new_logical_id) Jsii::Type.check_type(new_logical_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "newLogicalId") jsii_call_method("overrideLogicalId", [new_logical_id]) end |
#policy_document ⇒ String
Specify the policy, in JSON.
252 253 254 |
# File 'logs/cfn_account_policy.rb', line 252 def policy_document() jsii_get_property("policyDocument") end |
#policy_document=(value) ⇒ Object
256 257 258 259 |
# File 'logs/cfn_account_policy.rb', line 256 def policy_document=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "policyDocument") jsii_set_property("policyDocument", value) end |
#policy_name ⇒ String
A name for the policy.
264 265 266 |
# File 'logs/cfn_account_policy.rb', line 264 def policy_name() jsii_get_property("policyName") end |
#policy_name=(value) ⇒ Object
268 269 270 271 |
# File 'logs/cfn_account_policy.rb', line 268 def policy_name=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "policyName") jsii_set_property("policyName", value) end |
#policy_type ⇒ String
The type of policy that you're creating or updating.
276 277 278 |
# File 'logs/cfn_account_policy.rb', line 276 def policy_type() jsii_get_property("policyType") end |
#policy_type=(value) ⇒ Object
280 281 282 283 |
# File 'logs/cfn_account_policy.rb', line 280 def policy_type=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "policyType") jsii_set_property("policyType", value) end |
#ref ⇒ String
Return a string that will be resolved to a CloudFormation { Ref } for this element.
If, by any chance, the intrinsic reference of a resource is not a string, you could
coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).
175 176 177 |
# File 'logs/cfn_account_policy.rb', line 175 def ref() jsii_get_property("ref") end |
#remove_dependency(target) ⇒ void
This method returns an undefined value.
Indicates that this resource no longer depends on another resource.
This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.
554 555 556 557 |
# File 'logs/cfn_account_policy.rb', line 554 def remove_dependency(target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target") jsii_call_method("removeDependency", [target]) end |
#render_properties(props) ⇒ Hash{String => Object}
561 562 563 564 |
# File 'logs/cfn_account_policy.rb', line 561 def render_properties(props) Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "props") jsii_call_method("renderProperties", [props]) end |
#replace_dependency(target, new_target) ⇒ void
This method returns an undefined value.
Replaces one dependency with another.
571 572 573 574 575 |
# File 'logs/cfn_account_policy.rb', line 571 def replace_dependency(target, new_target) Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target") Jsii::Type.check_type(new_target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "newTarget") jsii_call_method("replaceDependency", [target, new_target]) end |
#scope ⇒ String?
Currently the only valid value for this parameter is ALL , which specifies that the policy applies to all log groups in the account.
288 289 290 |
# File 'logs/cfn_account_policy.rb', line 288 def scope() jsii_get_property("scope") end |
#scope=(value) ⇒ Object
292 293 294 295 |
# File 'logs/cfn_account_policy.rb', line 292 def scope=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless value.nil? jsii_set_property("scope", value) end |
#selection_criteria ⇒ String?
Use this parameter to apply the new policy to a subset of log groups in the account.
300 301 302 |
# File 'logs/cfn_account_policy.rb', line 300 def selection_criteria() jsii_get_property("selectionCriteria") end |
#selection_criteria=(value) ⇒ Object
304 305 306 307 |
# File 'logs/cfn_account_policy.rb', line 304 def selection_criteria=(value) Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "selectionCriteria") unless value.nil? jsii_set_property("selectionCriteria", value) end |
#should_synthesize ⇒ Boolean
Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
580 581 582 |
# File 'logs/cfn_account_policy.rb', line 580 def should_synthesize() jsii_call_method("shouldSynthesize", []) end |
#stack ⇒ AWSCDK::Stack
The stack in which this element is defined.
CfnElements must be defined within a stack scope (directly or indirectly).
165 166 167 |
# File 'logs/cfn_account_policy.rb', line 165 def stack() jsii_get_property("stack") end |
#to_string ⇒ String
Returns a string representation of this construct.
312 313 314 |
# File 'logs/cfn_account_policy.rb', line 312 def to_string() jsii_call_method("toString", []) end |
#updated_properites ⇒ Hash{String => Object}
use updatedProperties Return properties modified after initiation Resources that expose mutable properties should override this function to collect and return the properties object for this resource.
Deprecated.
212 213 214 |
# File 'logs/cfn_account_policy.rb', line 212 def updated_properites() jsii_get_property("updatedProperites") end |
#updated_properties ⇒ Hash{String => Object}
Return properties modified after initiation.
Resources that expose mutable properties should override this function to collect and return the properties object for this resource.
222 223 224 |
# File 'logs/cfn_account_policy.rb', line 222 def updated_properties() jsii_get_property("updatedProperties") end |
#validate_properties(_properties) ⇒ void
This method returns an undefined value.
586 587 588 589 |
# File 'logs/cfn_account_policy.rb', line 586 def validate_properties(_properties) Jsii::Type.check_type(_properties, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "_properties") jsii_call_method("validateProperties", [_properties]) end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
325 326 327 328 329 330 |
# File 'logs/cfn_account_policy.rb', line 325 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |