1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. logs
  5. AccountPolicy

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.15.0 published on Wednesday, Dec 11, 2024 by Pulumi

aws-native.logs.AccountPolicy

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.15.0 published on Wednesday, Dec 11, 2024 by Pulumi

    The AWS::Logs::AccountPolicy resource specifies a CloudWatch Logs AccountPolicy.

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var accountPolicy = new AwsNative.Logs.AccountPolicy("accountPolicy", new()
        {
            PolicyName = "TestPolicy",
            PolicyDocument = "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
            PolicyType = AwsNative.Logs.AccountPolicyPolicyType.DataProtectionPolicy,
            Scope = AwsNative.Logs.AccountPolicyScope.All,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/logs"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := logs.NewAccountPolicy(ctx, "accountPolicy", &logs.AccountPolicyArgs{
    			PolicyName:     pulumi.String("TestPolicy"),
    			PolicyDocument: pulumi.String("{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }"),
    			PolicyType:     logs.AccountPolicyPolicyTypeDataProtectionPolicy,
    			Scope:          logs.AccountPolicyScopeAll,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    account_policy = aws_native.logs.AccountPolicy("accountPolicy",
        policy_name="TestPolicy",
        policy_document="{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
        policy_type=aws_native.logs.AccountPolicyPolicyType.DATA_PROTECTION_POLICY,
        scope=aws_native.logs.AccountPolicyScope.ALL)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const accountPolicy = new aws_native.logs.AccountPolicy("accountPolicy", {
        policyName: "TestPolicy",
        policyDocument: "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
        policyType: aws_native.logs.AccountPolicyPolicyType.DataProtectionPolicy,
        scope: aws_native.logs.AccountPolicyScope.All,
    });
    

    Coming soon!

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var accountPolicy = new AwsNative.Logs.AccountPolicy("accountPolicy", new()
        {
            PolicyName = "TestPolicy",
            PolicyDocument = "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
            PolicyType = AwsNative.Logs.AccountPolicyPolicyType.DataProtectionPolicy,
            Scope = AwsNative.Logs.AccountPolicyScope.All,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/logs"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := logs.NewAccountPolicy(ctx, "accountPolicy", &logs.AccountPolicyArgs{
    			PolicyName:     pulumi.String("TestPolicy"),
    			PolicyDocument: pulumi.String("{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }"),
    			PolicyType:     logs.AccountPolicyPolicyTypeDataProtectionPolicy,
    			Scope:          logs.AccountPolicyScopeAll,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    account_policy = aws_native.logs.AccountPolicy("accountPolicy",
        policy_name="TestPolicy",
        policy_document="{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
        policy_type=aws_native.logs.AccountPolicyPolicyType.DATA_PROTECTION_POLICY,
        scope=aws_native.logs.AccountPolicyScope.ALL)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const accountPolicy = new aws_native.logs.AccountPolicy("accountPolicy", {
        policyName: "TestPolicy",
        policyDocument: "{ \"Name\": \"data-protection-policy\", \"Description\": \"\", \"Version\": \"2021-06-01\", \"Statement\": [ { \"Sid\": \"audit-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Audit\": { \"FindingsDestination\": { \"CloudWatchLogs\": { \"LogGroup\": \"EXISTING_LOG_GROUP_NAME\" } } } } }, { \"Sid\": \"redact-policy\", \"DataIdentifier\": [ \"arn:aws:dataprotection::aws:data-identifier/EmailAddress\" ], \"Operation\": { \"Deidentify\": { \"MaskConfig\": {} } } } ] }",
        policyType: aws_native.logs.AccountPolicyPolicyType.DataProtectionPolicy,
        scope: aws_native.logs.AccountPolicyScope.All,
    });
    

    Coming soon!

    Create AccountPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AccountPolicy(name: string, args: AccountPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def AccountPolicy(resource_name: str,
                      args: AccountPolicyArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def AccountPolicy(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      policy_document: Optional[str] = None,
                      policy_type: Optional[AccountPolicyPolicyType] = None,
                      policy_name: Optional[str] = None,
                      scope: Optional[AccountPolicyScope] = None,
                      selection_criteria: Optional[str] = None)
    func NewAccountPolicy(ctx *Context, name string, args AccountPolicyArgs, opts ...ResourceOption) (*AccountPolicy, error)
    public AccountPolicy(string name, AccountPolicyArgs args, CustomResourceOptions? opts = null)
    public AccountPolicy(String name, AccountPolicyArgs args)
    public AccountPolicy(String name, AccountPolicyArgs args, CustomResourceOptions options)
    
    type: aws-native:logs:AccountPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AccountPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccountPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccountPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccountPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccountPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccountPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AccountPolicy resource accepts the following input properties:

    PolicyDocument string

    The body of the policy document you want to use for this topic.

    You can only add one policy per PolicyType.

    The policy must be in JSON string format.

    Length Constraints: Maximum length of 30720

    PolicyType Pulumi.AwsNative.Logs.AccountPolicyPolicyType
    Type of the policy.
    PolicyName string
    The name of the account policy
    Scope Pulumi.AwsNative.Logs.AccountPolicyScope
    Scope for policy application
    SelectionCriteria string
    Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
    PolicyDocument string

    The body of the policy document you want to use for this topic.

    You can only add one policy per PolicyType.

    The policy must be in JSON string format.

    Length Constraints: Maximum length of 30720

    PolicyType AccountPolicyPolicyType
    Type of the policy.
    PolicyName string
    The name of the account policy
    Scope AccountPolicyScope
    Scope for policy application
    SelectionCriteria string
    Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
    policyDocument String

    The body of the policy document you want to use for this topic.

    You can only add one policy per PolicyType.

    The policy must be in JSON string format.

    Length Constraints: Maximum length of 30720

    policyType AccountPolicyPolicyType
    Type of the policy.
    policyName String
    The name of the account policy
    scope AccountPolicyScope
    Scope for policy application
    selectionCriteria String
    Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
    policyDocument string

    The body of the policy document you want to use for this topic.

    You can only add one policy per PolicyType.

    The policy must be in JSON string format.

    Length Constraints: Maximum length of 30720

    policyType AccountPolicyPolicyType
    Type of the policy.
    policyName string
    The name of the account policy
    scope AccountPolicyScope
    Scope for policy application
    selectionCriteria string
    Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
    policy_document str

    The body of the policy document you want to use for this topic.

    You can only add one policy per PolicyType.

    The policy must be in JSON string format.

    Length Constraints: Maximum length of 30720

    policy_type AccountPolicyPolicyType
    Type of the policy.
    policy_name str
    The name of the account policy
    scope AccountPolicyScope
    Scope for policy application
    selection_criteria str
    Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes
    policyDocument String

    The body of the policy document you want to use for this topic.

    You can only add one policy per PolicyType.

    The policy must be in JSON string format.

    Length Constraints: Maximum length of 30720

    policyType "DATA_PROTECTION_POLICY" | "SUBSCRIPTION_FILTER_POLICY"
    Type of the policy.
    policyName String
    The name of the account policy
    scope "ALL"
    Scope for policy application
    selectionCriteria String
    Log group selection criteria to apply policy only to a subset of log groups. SelectionCriteria string can be up to 25KB and cloudwatchlogs determines the length of selectionCriteria by using its UTF-8 bytes

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccountPolicy resource produces the following output properties:

    AccountId string
    User account id
    Id string
    The provider-assigned unique ID for this managed resource.
    AccountId string
    User account id
    Id string
    The provider-assigned unique ID for this managed resource.
    accountId String
    User account id
    id String
    The provider-assigned unique ID for this managed resource.
    accountId string
    User account id
    id string
    The provider-assigned unique ID for this managed resource.
    account_id str
    User account id
    id str
    The provider-assigned unique ID for this managed resource.
    accountId String
    User account id
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    AccountPolicyPolicyType, AccountPolicyPolicyTypeArgs

    DataProtectionPolicy
    DATA_PROTECTION_POLICY
    SubscriptionFilterPolicy
    SUBSCRIPTION_FILTER_POLICY
    AccountPolicyPolicyTypeDataProtectionPolicy
    DATA_PROTECTION_POLICY
    AccountPolicyPolicyTypeSubscriptionFilterPolicy
    SUBSCRIPTION_FILTER_POLICY
    DataProtectionPolicy
    DATA_PROTECTION_POLICY
    SubscriptionFilterPolicy
    SUBSCRIPTION_FILTER_POLICY
    DataProtectionPolicy
    DATA_PROTECTION_POLICY
    SubscriptionFilterPolicy
    SUBSCRIPTION_FILTER_POLICY
    DATA_PROTECTION_POLICY
    DATA_PROTECTION_POLICY
    SUBSCRIPTION_FILTER_POLICY
    SUBSCRIPTION_FILTER_POLICY
    "DATA_PROTECTION_POLICY"
    DATA_PROTECTION_POLICY
    "SUBSCRIPTION_FILTER_POLICY"
    SUBSCRIPTION_FILTER_POLICY

    AccountPolicyScope, AccountPolicyScopeArgs

    All
    ALL
    AccountPolicyScopeAll
    ALL
    All
    ALL
    All
    ALL
    ALL
    ALL
    "ALL"
    ALL

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.15.0 published on Wednesday, Dec 11, 2024 by Pulumi