Class: AWSCDK::Logs::CfnAccountPolicy

Inherits:
CfnResource
  • Object
show all
Includes:
IInspectable, Interfaces::AWSLogs::IAccountPolicyRef
Defined in:
logs/cfn_account_policy.rb

Overview

Creates or updates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.

Data protection policy

A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

If you create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking .

To create an account-level policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

An account-level policy applies to all log groups in the account. You can also create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

Subscription filter policy

A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other AWS services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams , Firehose , and Lambda . When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

  • An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
  • An Firehose data stream in the same account as the subscription policy, for same-account delivery.
  • A Lambda function in the same account as the subscription policy, for same-account delivery.
  • A logical destination in a different account created with PutDestination , for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.

Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in PolicyName . To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

Field index policy

You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes lowers the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs

For example, suppose you have created a field index for request_id . Then, any CloudWatch Logs Insights query on that log group that includes requestId = *value* or requestId IN [ *value* , *value* , ...] will attempt to process only the log events where the indexed field matches the specified value.

Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing request_id .

You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the SelectionCriteria parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log , you can't have another field index policy filtered to my-logpprod or my-logging .

Transformer policy

A log transformer policy transforms ingested log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.

You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.

A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use .

Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major AWS log sources such as VPC flow logs, Lambda , and Amazon RDS . You can use pre-built transformation templates or create custom transformation policies.

You can create transformers only for the log groups in the Standard log class.

You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selection_criteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log , you can't have another field index policy filtered to my-logpprod or my-logging .

You can also set up a transformer at the log-group level. For more information, see AWS::Logs::Transformer . If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(scope, id, props) ⇒ CfnAccountPolicy

Create a new AWS::Logs::AccountPolicy.

Parameters:

  • scope (Constructs::Construct)

    Scope in which this resource is defined.

  • id (String)

    Construct identifier for this resource (unique in its scope).

  • props (AWSCDK::Logs::CfnAccountPolicyProps)

    Resource properties.



72
73
74
75
76
77
78
# File 'logs/cfn_account_policy.rb', line 72

def initialize(scope, id, props)
  props = props.is_a?(Hash) ? ::AWSCDK::Logs::CfnAccountPolicyProps.new(**props.transform_keys(&:to_sym)) : props
  Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope")
  Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id")
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfbG9ncy5DZm5BY2NvdW50UG9saWN5UHJvcHMifQ==")), "props")
  Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props)
end

Class Method Details

.CFN_RESOURCE_TYPE_NAMEString

The CloudFormation resource type name for this resource class.

Returns:

  • (String)


229
230
231
# File 'logs/cfn_account_policy.rb', line 229

def self.CFN_RESOURCE_TYPE_NAME()
  Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_logs.CfnAccountPolicy", "CFN_RESOURCE_TYPE_NAME")
end

.is_cfn_account_policy(x) ⇒ Boolean

Checks whether the given object is a CfnAccountPolicy.

Parameters:

  • x (Object)

Returns:

  • (Boolean)


131
132
133
134
# File 'logs/cfn_account_policy.rb', line 131

def self.(x)
  Jsii::Type.check_type(x, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "x")
  Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_logs.CfnAccountPolicy", "isCfnAccountPolicy", [x])
end

.jsii_overridable_methodsObject



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'logs/cfn_account_policy.rb', line 80

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :creation_stack => { kind: :property, name: "creationStack", is_optional: false },
    :logical_id => { kind: :property, name: "logicalId", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :ref => { kind: :property, name: "ref", is_optional: false },
    :cfn_options => { kind: :property, name: "cfnOptions", is_optional: false },
    :cfn_properties => { kind: :property, name: "cfnProperties", is_optional: false },
    :cfn_property_names => { kind: :property, name: "cfnPropertyNames", is_optional: false },
    :cfn_resource_type => { kind: :property, name: "cfnResourceType", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :updated_properites => { kind: :property, name: "updatedProperites", is_optional: false },
    :updated_properties => { kind: :property, name: "updatedProperties", is_optional: false },
    :account_policy_ref => { kind: :property, name: "accountPolicyRef", is_optional: false },
    :attr_account_id => { kind: :property, name: "attrAccountId", is_optional: false },
    :policy_document => { kind: :property, name: "policyDocument", is_optional: false },
    :policy_name => { kind: :property, name: "policyName", is_optional: false },
    :policy_type => { kind: :property, name: "policyType", is_optional: false },
    :scope => { kind: :property, name: "scope", is_optional: true },
    :selection_criteria => { kind: :property, name: "selectionCriteria", is_optional: true },
    :to_string => { kind: :method, name: "toString", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :override_logical_id => { kind: :method, name: "overrideLogicalId", is_optional: false },
    :add_deletion_override => { kind: :method, name: "addDeletionOverride", is_optional: false },
    :add_dependency => { kind: :method, name: "addDependency", is_optional: false },
    :add_depends_on => { kind: :method, name: "addDependsOn", is_optional: false },
    :add_metadata => { kind: :method, name: "addMetadata", is_optional: false },
    :add_override => { kind: :method, name: "addOverride", is_optional: false },
    :add_property_deletion_override => { kind: :method, name: "addPropertyDeletionOverride", is_optional: false },
    :add_property_override => { kind: :method, name: "addPropertyOverride", is_optional: false },
    :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :cfn_property_name => { kind: :method, name: "cfnPropertyName", is_optional: false },
    :get_att => { kind: :method, name: "getAtt", is_optional: false },
    :get_metadata => { kind: :method, name: "getMetadata", is_optional: false },
    :obtain_dependencies => { kind: :method, name: "obtainDependencies", is_optional: false },
    :obtain_resource_dependencies => { kind: :method, name: "obtainResourceDependencies", is_optional: false },
    :remove_dependency => { kind: :method, name: "removeDependency", is_optional: false },
    :render_properties => { kind: :method, name: "renderProperties", is_optional: false },
    :replace_dependency => { kind: :method, name: "replaceDependency", is_optional: false },
    :should_synthesize => { kind: :method, name: "shouldSynthesize", is_optional: false },
    :validate_properties => { kind: :method, name: "validateProperties", is_optional: false },
    :inspect => { kind: :method, name: "inspect", is_optional: false },
  }
end

Instance Method Details

#account_policy_refAWSCDK::Interfaces::AWSLogs::AccountPolicyReference

A reference to a AccountPolicy resource.



236
237
238
# File 'logs/cfn_account_policy.rb', line 236

def ()
  jsii_get_property("accountPolicyRef")
end

#add_deletion_override(path) ⇒ void

This method returns an undefined value.

Syntactic sugar for addOverride(path, undefined).

Parameters:

  • path (String)

    The path of the value to delete.



345
346
347
348
# File 'logs/cfn_account_policy.rb', line 345

def add_deletion_override(path)
  Jsii::Type.check_type(path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "path")
  jsii_call_method("addDeletionOverride", [path])
end

#add_dependency(target) ⇒ void

This method returns an undefined value.

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

Parameters:



357
358
359
360
# File 'logs/cfn_account_policy.rb', line 357

def add_dependency(target)
  Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target")
  jsii_call_method("addDependency", [target])
end

#add_depends_on(target) ⇒ void

Deprecated.

use addDependency

This method returns an undefined value.

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

Parameters:



367
368
369
370
# File 'logs/cfn_account_policy.rb', line 367

def add_depends_on(target)
  Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target")
  jsii_call_method("addDependsOn", [target])
end

#add_metadata(key, value) ⇒ void

This method returns an undefined value.

Add a value to the CloudFormation Resource Metadata.



378
379
380
381
382
# File 'logs/cfn_account_policy.rb', line 378

def (key, value)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key")
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "value")
  jsii_call_method("addMetadata", [key, value])
end

#add_override(path, value) ⇒ void

This method returns an undefined value.

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use add_property_override or prefix path with "Properties." (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example,

# Example automatically generated from non-compiling source. May contain errors.
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")

would add the overrides

"Properties": {
  "GlobalSecondaryIndexes": [
    {
      "Projection": {
        "NonKeyAttributes": [ "myattribute" ]
        ...
      }
      ...
    },
    {
      "ProjectionType": "INCLUDE"
      ...
    },
  ]
  ...
}

The value argument to add_override will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

Parameters:

  • path (String)
    • The path of the property, you can use dot notation to override values in complex types.
  • value (Object)
    • The value.


435
436
437
438
439
# File 'logs/cfn_account_policy.rb', line 435

def add_override(path, value)
  Jsii::Type.check_type(path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "path")
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "value")
  jsii_call_method("addOverride", [path, value])
end

#add_property_deletion_override(property_path) ⇒ void

This method returns an undefined value.

Adds an override that deletes the value of a property from the resource definition.

Parameters:

  • property_path (String)

    The path to the property.



445
446
447
448
# File 'logs/cfn_account_policy.rb', line 445

def add_property_deletion_override(property_path)
  Jsii::Type.check_type(property_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "propertyPath")
  jsii_call_method("addPropertyDeletionOverride", [property_path])
end

#add_property_override(property_path, value) ⇒ void

This method returns an undefined value.

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).

Parameters:

  • property_path (String)

    The path of the property.

  • value (Object)

    The value.



457
458
459
460
461
# File 'logs/cfn_account_policy.rb', line 457

def add_property_override(property_path, value)
  Jsii::Type.check_type(property_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "propertyPath")
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "value")
  jsii_call_method("addPropertyOverride", [property_path, value])
end

#apply_cross_stack_reference_strength(strength) ⇒ void

This method returns an undefined value.

Sets the cross-stack reference strength for this resource.

When set, any cross-stack reference to this resource will use the specified strength instead of the global default from the consuming stack's context.

Parameters:



470
471
472
473
# File 'logs/cfn_account_policy.rb', line 470

def apply_cross_stack_reference_strength(strength)
  Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength")
  jsii_call_method("applyCrossStackReferenceStrength", [strength])
end

#apply_removal_policy(policy = nil, options = nil) ⇒ void

This method returns an undefined value.

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:



492
493
494
495
496
497
# File 'logs/cfn_account_policy.rb', line 492

def apply_removal_policy(policy = nil, options = nil)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") unless policy.nil?
  options = options.is_a?(Hash) ? ::AWSCDK::RemovalPolicyOptions.new(**options.transform_keys(&:to_sym)) : options
  Jsii::Type.check_type(options, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5T3B0aW9ucyJ9")), "options") unless options.nil?
  jsii_call_method("applyRemovalPolicy", [policy, options])
end

#attr_account_idString

The account ID of the account where this policy was created.

For example, 123456789012 .

Returns:

  • (String)


245
246
247
# File 'logs/cfn_account_policy.rb', line 245

def ()
  jsii_get_property("attrAccountId")
end

#cfn_optionsAWSCDK::ICfnResourceOptions

Options for this resource, such as condition, update policy etc.



182
183
184
# File 'logs/cfn_account_policy.rb', line 182

def cfn_options()
  jsii_get_property("cfnOptions")
end

#cfn_propertiesHash{String => Object}

Returns:

  • (Hash{String => Object})


187
188
189
# File 'logs/cfn_account_policy.rb', line 187

def cfn_properties()
  jsii_get_property("cfnProperties")
end

#cfn_property_name(cdk_property_name) ⇒ String?

Parameters:

  • cdk_property_name (String)

Returns:

  • (String, nil)


501
502
503
504
# File 'logs/cfn_account_policy.rb', line 501

def cfn_property_name(cdk_property_name)
  Jsii::Type.check_type(cdk_property_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "cdkPropertyName")
  jsii_call_method("cfnPropertyName", [cdk_property_name])
end

#cfn_property_namesHash{String => String}

Returns:

  • (Hash{String => String})


192
193
194
# File 'logs/cfn_account_policy.rb', line 192

def cfn_property_names()
  jsii_get_property("cfnPropertyNames")
end

#cfn_resource_typeString

AWS resource type.

Returns:

  • (String)


199
200
201
# File 'logs/cfn_account_policy.rb', line 199

def cfn_resource_type()
  jsii_get_property("cfnResourceType")
end

#creation_stackArray<String>

Returns:

  • (Array<String>)


144
145
146
# File 'logs/cfn_account_policy.rb', line 144

def creation_stack()
  jsii_get_property("creationStack")
end

#envAWSCDK::Interfaces::ResourceEnvironment



204
205
206
# File 'logs/cfn_account_policy.rb', line 204

def env()
  jsii_get_property("env")
end

#get_att(attribute_name, type_hint = nil) ⇒ AWSCDK::Reference

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

Parameters:

Returns:



514
515
516
517
518
# File 'logs/cfn_account_policy.rb', line 514

def get_att(attribute_name, type_hint = nil)
  Jsii::Type.check_type(attribute_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "attributeName")
  Jsii::Type.check_type(type_hint, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZXNvbHV0aW9uVHlwZUhpbnQifQ==")), "typeHint") unless type_hint.nil?
  jsii_call_method("getAtt", [attribute_name, type_hint])
end

#get_metadata(key) ⇒ Object

Retrieve a value value from the CloudFormation Resource Metadata.



525
526
527
528
# File 'logs/cfn_account_policy.rb', line 525

def (key)
  Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "key")
  jsii_call_method("getMetadata", [key])
end

#inspect(inspector) ⇒ void

This method returns an undefined value.

Examines the CloudFormation resource and discloses attributes.

Parameters:



595
596
597
598
# File 'logs/cfn_account_policy.rb', line 595

def inspect(inspector)
  Jsii::Type.check_type(inspector, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5UcmVlSW5zcGVjdG9yIn0=")), "inspector")
  jsii_call_method("inspect", [inspector])
end

#logical_idString

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use override_logical_id(new_logical_id).

Returns:

  • (String)


156
157
158
# File 'logs/cfn_account_policy.rb', line 156

def logical_id()
  jsii_get_property("logicalId")
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


139
140
141
# File 'logs/cfn_account_policy.rb', line 139

def node()
  jsii_get_property("node")
end

#obtain_dependenciesArray<AWSCDK::CfnResource, AWSCDK::Stack>

Retrieves an array of resources this resource depends on.

This assembles dependencies on resources across stacks (including nested stacks) automatically.

Returns:



536
537
538
# File 'logs/cfn_account_policy.rb', line 536

def obtain_dependencies()
  jsii_call_method("obtainDependencies", [])
end

#obtain_resource_dependenciesArray<AWSCDK::CfnResource>

Get a shallow copy of dependencies between this resource and other resources in the same stack.

Returns:



543
544
545
# File 'logs/cfn_account_policy.rb', line 543

def obtain_resource_dependencies()
  jsii_call_method("obtainResourceDependencies", [])
end

#override_logical_id(new_logical_id) ⇒ void

This method returns an undefined value.

Overrides the auto-generated logical ID with a specific ID.

Parameters:

  • new_logical_id (String)

    The new logical ID to use for this stack element.



336
337
338
339
# File 'logs/cfn_account_policy.rb', line 336

def override_logical_id(new_logical_id)
  Jsii::Type.check_type(new_logical_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "newLogicalId")
  jsii_call_method("overrideLogicalId", [new_logical_id])
end

#policy_documentString

Specify the policy, in JSON.

Returns:

  • (String)


252
253
254
# File 'logs/cfn_account_policy.rb', line 252

def policy_document()
  jsii_get_property("policyDocument")
end

#policy_document=(value) ⇒ Object



256
257
258
259
# File 'logs/cfn_account_policy.rb', line 256

def policy_document=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "policyDocument")
  jsii_set_property("policyDocument", value)
end

#policy_nameString

A name for the policy.

Returns:

  • (String)


264
265
266
# File 'logs/cfn_account_policy.rb', line 264

def policy_name()
  jsii_get_property("policyName")
end

#policy_name=(value) ⇒ Object



268
269
270
271
# File 'logs/cfn_account_policy.rb', line 268

def policy_name=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "policyName")
  jsii_set_property("policyName", value)
end

#policy_typeString

The type of policy that you're creating or updating.

Returns:

  • (String)


276
277
278
# File 'logs/cfn_account_policy.rb', line 276

def policy_type()
  jsii_get_property("policyType")
end

#policy_type=(value) ⇒ Object



280
281
282
283
# File 'logs/cfn_account_policy.rb', line 280

def policy_type=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "policyType")
  jsii_set_property("policyType", value)
end

#refString

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

Returns:

  • (String)


175
176
177
# File 'logs/cfn_account_policy.rb', line 175

def ref()
  jsii_get_property("ref")
end

#remove_dependency(target) ⇒ void

This method returns an undefined value.

Indicates that this resource no longer depends on another resource.

This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.

Parameters:



554
555
556
557
# File 'logs/cfn_account_policy.rb', line 554

def remove_dependency(target)
  Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target")
  jsii_call_method("removeDependency", [target])
end

#render_properties(props) ⇒ Hash{String => Object}

Parameters:

  • props (Hash{String => Object})

Returns:

  • (Hash{String => Object})


561
562
563
564
# File 'logs/cfn_account_policy.rb', line 561

def render_properties(props)
  Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6ImFueSJ9LCJraW5kIjoibWFwIn19")), "props")
  jsii_call_method("renderProperties", [props])
end

#replace_dependency(target, new_target) ⇒ void

This method returns an undefined value.

Replaces one dependency with another.

Parameters:



571
572
573
574
575
# File 'logs/cfn_account_policy.rb', line 571

def replace_dependency(target, new_target)
  Jsii::Type.check_type(target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "target")
  Jsii::Type.check_type(new_target, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5DZm5SZXNvdXJjZSJ9")), "newTarget")
  jsii_call_method("replaceDependency", [target, new_target])
end

#scopeString?

Currently the only valid value for this parameter is ALL , which specifies that the policy applies to all log groups in the account.

Returns:

  • (String, nil)


288
289
290
# File 'logs/cfn_account_policy.rb', line 288

def scope()
  jsii_get_property("scope")
end

#scope=(value) ⇒ Object



292
293
294
295
# File 'logs/cfn_account_policy.rb', line 292

def scope=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless value.nil?
  jsii_set_property("scope", value)
end

#selection_criteriaString?

Use this parameter to apply the new policy to a subset of log groups in the account.

Returns:

  • (String, nil)


300
301
302
# File 'logs/cfn_account_policy.rb', line 300

def selection_criteria()
  jsii_get_property("selectionCriteria")
end

#selection_criteria=(value) ⇒ Object



304
305
306
307
# File 'logs/cfn_account_policy.rb', line 304

def selection_criteria=(value)
  Jsii::Type.check_type(value, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "selectionCriteria") unless value.nil?
  jsii_set_property("selectionCriteria", value)
end

#should_synthesizeBoolean

Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.

Returns:

  • (Boolean)

    true if the resource should be included or false is the resource should be omitted.



580
581
582
# File 'logs/cfn_account_policy.rb', line 580

def should_synthesize()
  jsii_call_method("shouldSynthesize", [])
end

#stackAWSCDK::Stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

Returns:



165
166
167
# File 'logs/cfn_account_policy.rb', line 165

def stack()
  jsii_get_property("stack")
end

#to_stringString

Returns a string representation of this construct.

Returns:

  • (String)

    a string representation of this resource



312
313
314
# File 'logs/cfn_account_policy.rb', line 312

def to_string()
  jsii_call_method("toString", [])
end

#updated_properitesHash{String => Object}

Deprecated.

use updatedProperties Return properties modified after initiation Resources that expose mutable properties should override this function to collect and return the properties object for this resource.

Deprecated.

Returns:

  • (Hash{String => Object})


212
213
214
# File 'logs/cfn_account_policy.rb', line 212

def updated_properites()
  jsii_get_property("updatedProperites")
end

#updated_propertiesHash{String => Object}

Return properties modified after initiation.

Resources that expose mutable properties should override this function to collect and return the properties object for this resource.

Returns:

  • (Hash{String => Object})


222
223
224
# File 'logs/cfn_account_policy.rb', line 222

def updated_properties()
  jsii_get_property("updatedProperties")
end

#validate_properties(_properties) ⇒ void

This method returns an undefined value.

Parameters:

  • _properties (Object)


586
587
588
589
# File 'logs/cfn_account_policy.rb', line 586

def validate_properties(_properties)
  Jsii::Type.check_type(_properties, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "_properties")
  jsii_call_method("validateProperties", [_properties])
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited. Use multiple with() calls if subsequent mixins should apply to added constructs.

Parameters:

  • mixins (Array<Constructs::IMixin>)

Returns:

  • (Constructs::IConstruct)


325
326
327
328
329
330
# File 'logs/cfn_account_policy.rb', line 325

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end