Docs Home
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.28.0 published on Monday, May 19, 2025 by Pulumi
aws-native.logs.AccountPolicy
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.28.0 published on Monday, May 19, 2025 by Pulumi
The AWS::Logs::AccountPolicy resource specifies a CloudWatch Logs AccountPolicy.
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var accountPolicy = new AwsNative.Logs.AccountPolicy("accountPolicy", new()
{
PolicyName = "TestPolicy",
PolicyDocument = "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
PolicyType = AwsNative.Logs.AccountPolicyPolicyType.DataProtectionPolicy,
Scope = AwsNative.Logs.AccountPolicyScope.All,
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/logs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logs.NewAccountPolicy(ctx, "accountPolicy", &logs.AccountPolicyArgs{
PolicyName: pulumi.String("TestPolicy"),
PolicyDocument: pulumi.String("{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }"),
PolicyType: logs.AccountPolicyPolicyTypeDataProtectionPolicy,
Scope: logs.AccountPolicyScopeAll,
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const accountPolicy = new aws_native.logs.AccountPolicy("accountPolicy", {
policyName: "TestPolicy",
policyDocument: "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policyType: aws_native.logs.AccountPolicyPolicyType.DataProtectionPolicy,
scope: aws_native.logs.AccountPolicyScope.All,
});
import pulumi
import pulumi_aws_native as aws_native
account_policy = aws_native.logs.AccountPolicy("accountPolicy",
policy_name="TestPolicy",
policy_document="{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policy_type=aws_native.logs.AccountPolicyPolicyType.DATA_PROTECTION_POLICY,
scope=aws_native.logs.AccountPolicyScope.ALL)
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var accountPolicy = new AwsNative.Logs.AccountPolicy("accountPolicy", new()
{
PolicyName = "TestPolicy",
PolicyDocument = "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
PolicyType = AwsNative.Logs.AccountPolicyPolicyType.DataProtectionPolicy,
Scope = AwsNative.Logs.AccountPolicyScope.All,
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/logs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := logs.NewAccountPolicy(ctx, "accountPolicy", &logs.AccountPolicyArgs{
PolicyName: pulumi.String("TestPolicy"),
PolicyDocument: pulumi.String("{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }"),
PolicyType: logs.AccountPolicyPolicyTypeDataProtectionPolicy,
Scope: logs.AccountPolicyScopeAll,
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const accountPolicy = new aws_native.logs.AccountPolicy("accountPolicy", {
policyName: "TestPolicy",
policyDocument: "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policyType: aws_native.logs.AccountPolicyPolicyType.DataProtectionPolicy,
scope: aws_native.logs.AccountPolicyScope.All,
});
import pulumi
import pulumi_aws_native as aws_native
account_policy = aws_native.logs.AccountPolicy("accountPolicy",
policy_name="TestPolicy",
policy_document="{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
policy_type=aws_native.logs.AccountPolicyPolicyType.DATA_PROTECTION_POLICY,
scope=aws_native.logs.AccountPolicyScope.ALL)
Coming soon!
Create AccountPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccountPolicy(name: string, args: AccountPolicyArgs, opts?: CustomResourceOptions);@overload
def AccountPolicy(resource_name: str,
args: AccountPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccountPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy_document: Optional[str] = None,
policy_type: Optional[AccountPolicyPolicyType] = None,
policy_name: Optional[str] = None,
scope: Optional[AccountPolicyScope] = None,
selection_criteria: Optional[str] = None)func NewAccountPolicy(ctx *Context, name string, args AccountPolicyArgs, opts ...ResourceOption) (*AccountPolicy, error)public AccountPolicy(string name, AccountPolicyArgs args, CustomResourceOptions? opts = null)
public AccountPolicy(String name, AccountPolicyArgs args)
public AccountPolicy(String name, AccountPolicyArgs args, CustomResourceOptions options)
type: aws-native:logs:AccountPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccountPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AccountPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccountPolicy resource accepts the following input properties:
- Policy
Document string The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- Policy
Type Pulumi.Aws Native. Logs. Account Policy Policy Type - Type of the policy.
- Policy
Name string - The name of the account policy
- Scope
Pulumi.
Aws Native. Logs. Account Policy Scope - Scope for policy application
- Selection
Criteria string - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- Policy
Document string The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- Policy
Type AccountPolicy Policy Type - Type of the policy.
- Policy
Name string - The name of the account policy
- Scope
Account
Policy Scope - Scope for policy application
- Selection
Criteria string - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy
Document String The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy
Type AccountPolicy Policy Type - Type of the policy.
- policy
Name String - The name of the account policy
- scope
Account
Policy Scope - Scope for policy application
- selection
Criteria String - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy
Document string The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy
Type AccountPolicy Policy Type - Type of the policy.
- policy
Name string - The name of the account policy
- scope
Account
Policy Scope - Scope for policy application
- selection
Criteria string - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy_
document str The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy_
type AccountPolicy Policy Type - Type of the policy.
- policy_
name str - The name of the account policy
- scope
Account
Policy Scope - Scope for policy application
- selection_
criteria str - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
- policy
Document String The body of the policy document you want to use for this topic.
You can only add one policy per PolicyType.
The policy must be in JSON string format.
Length Constraints: Maximum length of 30720
- policy
Type "DATA_PROTECTION_POLICY" | "SUBSCRIPTION_FILTER_POLICY" | "FIELD_INDEX_POLICY" | "TRANSFORMER_POLICY" - Type of the policy.
- policy
Name String - The name of the account policy
- scope "ALL"
- Scope for policy application
- selection
Criteria String - Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
Outputs
All input properties are implicitly available as output properties. Additionally, the AccountPolicy resource produces the following output properties:
- account_
id str - User account id
- id str
- The provider-assigned unique ID for this managed resource.
Supporting Types
AccountPolicyPolicyType, AccountPolicyPolicyTypeArgs
- Data
Protection Policy - DATA_PROTECTION_POLICY
- Subscription
Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Field
Index Policy - FIELD_INDEX_POLICY
- Transformer
Policy - TRANSFORMER_POLICY
- Account
Policy Policy Type Data Protection Policy - DATA_PROTECTION_POLICY
- Account
Policy Policy Type Subscription Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Account
Policy Policy Type Field Index Policy - FIELD_INDEX_POLICY
- Account
Policy Policy Type Transformer Policy - TRANSFORMER_POLICY
- Data
Protection Policy - DATA_PROTECTION_POLICY
- Subscription
Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Field
Index Policy - FIELD_INDEX_POLICY
- Transformer
Policy - TRANSFORMER_POLICY
- Data
Protection Policy - DATA_PROTECTION_POLICY
- Subscription
Filter Policy - SUBSCRIPTION_FILTER_POLICY
- Field
Index Policy - FIELD_INDEX_POLICY
- Transformer
Policy - TRANSFORMER_POLICY
- DATA_PROTECTION_POLICY
- DATA_PROTECTION_POLICY
- SUBSCRIPTION_FILTER_POLICY
- SUBSCRIPTION_FILTER_POLICY
- FIELD_INDEX_POLICY
- FIELD_INDEX_POLICY
- TRANSFORMER_POLICY
- TRANSFORMER_POLICY
- "DATA_PROTECTION_POLICY"
- DATA_PROTECTION_POLICY
- "SUBSCRIPTION_FILTER_POLICY"
- SUBSCRIPTION_FILTER_POLICY
- "FIELD_INDEX_POLICY"
- FIELD_INDEX_POLICY
- "TRANSFORMER_POLICY"
- TRANSFORMER_POLICY
AccountPolicyScope, AccountPolicyScopeArgs
- All
- ALL
- Account
Policy Scope All - ALL
- All
- ALL
- All
- ALL
- ALL
- ALL
- "ALL"
- ALL
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.28.0 published on Monday, May 19, 2025 by Pulumi