Manages an AWS CloudWatch Observability Admin Centralization Rule For Organization.
Centralization rules enable you to centralize log data from multiple AWS accounts and regions within your organization to a single destination account and region. This helps with log management, compliance, and cost optimization by consolidating logs in a central location.
This requires an AWS account within an organization with at least delegated administrator permissions.
Example Usage
Basic Centralization Rule
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const currentGetOrganization = aws.organizations.getOrganization({});
const example = new aws.observabilityadmin.CentralizationRuleForOrganization("example", {
ruleName: "example-centralization-rule",
rule: {
destination: {
region: "eu-west-1",
account: current.then(current => current.accountId),
},
source: {
regions: ["ap-southeast-1"],
scope: currentGetOrganization.then(currentGetOrganization => `OrganizationId = '${currentGetOrganization.id}'`),
sourceLogsConfiguration: {
encryptedLogGroupStrategy: "SKIP",
logGroupSelectionCriteria: "*",
},
},
},
tags: {
Name: "example-centralization-rule",
Environment: "production",
},
});
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
current_get_organization = aws.organizations.get_organization()
example = aws.observabilityadmin.CentralizationRuleForOrganization("example",
rule_name="example-centralization-rule",
rule={
"destination": {
"region": "eu-west-1",
"account": current.account_id,
},
"source": {
"regions": ["ap-southeast-1"],
"scope": f"OrganizationId = '{current_get_organization.id}'",
"source_logs_configuration": {
"encrypted_log_group_strategy": "SKIP",
"log_group_selection_criteria": "*",
},
},
},
tags={
"Name": "example-centralization-rule",
"Environment": "production",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/observabilityadmin"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
currentGetOrganization, err := organizations.LookupOrganization(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = observabilityadmin.NewCentralizationRuleForOrganization(ctx, "example", &observabilityadmin.CentralizationRuleForOrganizationArgs{
RuleName: pulumi.String("example-centralization-rule"),
Rule: &observabilityadmin.CentralizationRuleForOrganizationRuleArgs{
Destination: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationArgs{
Region: pulumi.String("eu-west-1"),
Account: pulumi.String(current.AccountId),
},
Source: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceArgs{
Regions: pulumi.StringArray{
pulumi.String("ap-southeast-1"),
},
Scope: pulumi.Sprintf("OrganizationId = '%v'", currentGetOrganization.Id),
SourceLogsConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs{
EncryptedLogGroupStrategy: pulumi.String("SKIP"),
LogGroupSelectionCriteria: pulumi.String("*"),
},
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("example-centralization-rule"),
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var currentGetOrganization = Aws.Organizations.GetOrganization.Invoke();
var example = new Aws.Observabilityadmin.CentralizationRuleForOrganization("example", new()
{
RuleName = "example-centralization-rule",
Rule = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleArgs
{
Destination = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationArgs
{
Region = "eu-west-1",
Account = current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
},
Source = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceArgs
{
Regions = new[]
{
"ap-southeast-1",
},
Scope = $"OrganizationId = '{currentGetOrganization.Apply(getOrganizationResult => getOrganizationResult.Id)}'",
SourceLogsConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs
{
EncryptedLogGroupStrategy = "SKIP",
LogGroupSelectionCriteria = "*",
},
},
},
Tags =
{
{ "Name", "example-centralization-rule" },
{ "Environment", "production" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.observabilityadmin.CentralizationRuleForOrganization;
import com.pulumi.aws.observabilityadmin.CentralizationRuleForOrganizationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleDestinationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleSourceArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
final var currentGetOrganization = OrganizationsFunctions.getOrganization(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var example = new CentralizationRuleForOrganization("example", CentralizationRuleForOrganizationArgs.builder()
.ruleName("example-centralization-rule")
.rule(CentralizationRuleForOrganizationRuleArgs.builder()
.destination(CentralizationRuleForOrganizationRuleDestinationArgs.builder()
.region("eu-west-1")
.account(current.accountId())
.build())
.source(CentralizationRuleForOrganizationRuleSourceArgs.builder()
.regions("ap-southeast-1")
.scope(String.format("OrganizationId = '%s'", currentGetOrganization.id()))
.sourceLogsConfiguration(CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs.builder()
.encryptedLogGroupStrategy("SKIP")
.logGroupSelectionCriteria("*")
.build())
.build())
.build())
.tags(Map.ofEntries(
Map.entry("Name", "example-centralization-rule"),
Map.entry("Environment", "production")
))
.build());
}
}
resources:
example:
type: aws:observabilityadmin:CentralizationRuleForOrganization
properties:
ruleName: example-centralization-rule
rule:
destination:
region: eu-west-1
account: ${current.accountId}
source:
regions:
- ap-southeast-1
scope: OrganizationId = '${currentGetOrganization.id}'
sourceLogsConfiguration:
encryptedLogGroupStrategy: SKIP
logGroupSelectionCriteria: '*'
tags:
Name: example-centralization-rule
Environment: production
variables:
current:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
currentGetOrganization:
fn::invoke:
function: aws:organizations:getOrganization
arguments: {}
Advanced Configuration with Encryption and Backup
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const currentGetOrganization = aws.organizations.getOrganization({});
const advanced = new aws.observabilityadmin.CentralizationRuleForOrganization("advanced", {
ruleName: "advanced-centralization-rule",
rule: {
destination: {
region: "eu-west-1",
account: current.then(current => current.accountId),
destinationLogsConfiguration: {
logsEncryptionConfiguration: {
encryptionStrategy: "AWS_OWNED",
},
backupConfiguration: {
region: "us-west-1",
},
},
},
source: {
regions: [
"ap-southeast-1",
"us-east-1",
],
scope: currentGetOrganization.then(currentGetOrganization => `OrganizationId = '${currentGetOrganization.id}'`),
sourceLogsConfiguration: {
encryptedLogGroupStrategy: "ALLOW",
logGroupSelectionCriteria: "*",
},
},
},
tags: {
Name: "advanced-centralization-rule",
Environment: "production",
Team: "observability",
},
});
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
current_get_organization = aws.organizations.get_organization()
advanced = aws.observabilityadmin.CentralizationRuleForOrganization("advanced",
rule_name="advanced-centralization-rule",
rule={
"destination": {
"region": "eu-west-1",
"account": current.account_id,
"destination_logs_configuration": {
"logs_encryption_configuration": {
"encryption_strategy": "AWS_OWNED",
},
"backup_configuration": {
"region": "us-west-1",
},
},
},
"source": {
"regions": [
"ap-southeast-1",
"us-east-1",
],
"scope": f"OrganizationId = '{current_get_organization.id}'",
"source_logs_configuration": {
"encrypted_log_group_strategy": "ALLOW",
"log_group_selection_criteria": "*",
},
},
},
tags={
"Name": "advanced-centralization-rule",
"Environment": "production",
"Team": "observability",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/observabilityadmin"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
currentGetOrganization, err := organizations.LookupOrganization(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = observabilityadmin.NewCentralizationRuleForOrganization(ctx, "advanced", &observabilityadmin.CentralizationRuleForOrganizationArgs{
RuleName: pulumi.String("advanced-centralization-rule"),
Rule: &observabilityadmin.CentralizationRuleForOrganizationRuleArgs{
Destination: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationArgs{
Region: pulumi.String("eu-west-1"),
Account: pulumi.String(current.AccountId),
DestinationLogsConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs{
LogsEncryptionConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs{
EncryptionStrategy: pulumi.String("AWS_OWNED"),
},
BackupConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs{
Region: pulumi.String("us-west-1"),
},
},
},
Source: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceArgs{
Regions: pulumi.StringArray{
pulumi.String("ap-southeast-1"),
pulumi.String("us-east-1"),
},
Scope: pulumi.Sprintf("OrganizationId = '%v'", currentGetOrganization.Id),
SourceLogsConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs{
EncryptedLogGroupStrategy: pulumi.String("ALLOW"),
LogGroupSelectionCriteria: pulumi.String("*"),
},
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("advanced-centralization-rule"),
"Environment": pulumi.String("production"),
"Team": pulumi.String("observability"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var currentGetOrganization = Aws.Organizations.GetOrganization.Invoke();
var advanced = new Aws.Observabilityadmin.CentralizationRuleForOrganization("advanced", new()
{
RuleName = "advanced-centralization-rule",
Rule = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleArgs
{
Destination = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationArgs
{
Region = "eu-west-1",
Account = current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
DestinationLogsConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs
{
LogsEncryptionConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs
{
EncryptionStrategy = "AWS_OWNED",
},
BackupConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs
{
Region = "us-west-1",
},
},
},
Source = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceArgs
{
Regions = new[]
{
"ap-southeast-1",
"us-east-1",
},
Scope = $"OrganizationId = '{currentGetOrganization.Apply(getOrganizationResult => getOrganizationResult.Id)}'",
SourceLogsConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs
{
EncryptedLogGroupStrategy = "ALLOW",
LogGroupSelectionCriteria = "*",
},
},
},
Tags =
{
{ "Name", "advanced-centralization-rule" },
{ "Environment", "production" },
{ "Team", "observability" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.observabilityadmin.CentralizationRuleForOrganization;
import com.pulumi.aws.observabilityadmin.CentralizationRuleForOrganizationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleDestinationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleSourceArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
final var currentGetOrganization = OrganizationsFunctions.getOrganization(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var advanced = new CentralizationRuleForOrganization("advanced", CentralizationRuleForOrganizationArgs.builder()
.ruleName("advanced-centralization-rule")
.rule(CentralizationRuleForOrganizationRuleArgs.builder()
.destination(CentralizationRuleForOrganizationRuleDestinationArgs.builder()
.region("eu-west-1")
.account(current.accountId())
.destinationLogsConfiguration(CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs.builder()
.logsEncryptionConfiguration(CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs.builder()
.encryptionStrategy("AWS_OWNED")
.build())
.backupConfiguration(CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs.builder()
.region("us-west-1")
.build())
.build())
.build())
.source(CentralizationRuleForOrganizationRuleSourceArgs.builder()
.regions(
"ap-southeast-1",
"us-east-1")
.scope(String.format("OrganizationId = '%s'", currentGetOrganization.id()))
.sourceLogsConfiguration(CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs.builder()
.encryptedLogGroupStrategy("ALLOW")
.logGroupSelectionCriteria("*")
.build())
.build())
.build())
.tags(Map.ofEntries(
Map.entry("Name", "advanced-centralization-rule"),
Map.entry("Environment", "production"),
Map.entry("Team", "observability")
))
.build());
}
}
resources:
advanced:
type: aws:observabilityadmin:CentralizationRuleForOrganization
properties:
ruleName: advanced-centralization-rule
rule:
destination:
region: eu-west-1
account: ${current.accountId}
destinationLogsConfiguration:
logsEncryptionConfiguration:
encryptionStrategy: AWS_OWNED
backupConfiguration:
region: us-west-1
source:
regions:
- ap-southeast-1
- us-east-1
scope: OrganizationId = '${currentGetOrganization.id}'
sourceLogsConfiguration:
encryptedLogGroupStrategy: ALLOW
logGroupSelectionCriteria: '*'
tags:
Name: advanced-centralization-rule
Environment: production
Team: observability
variables:
current:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
currentGetOrganization:
fn::invoke:
function: aws:organizations:getOrganization
arguments: {}
Selective Log Group Filtering
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const currentGetOrganization = aws.organizations.getOrganization({});
const filtered = new aws.observabilityadmin.CentralizationRuleForOrganization("filtered", {
ruleName: "filtered-centralization-rule",
rule: {
destination: {
region: "eu-west-1",
account: current.then(current => current.accountId),
},
source: {
regions: [
"ap-southeast-1",
"us-east-1",
],
scope: currentGetOrganization.then(currentGetOrganization => `OrganizationId = '${currentGetOrganization.id}'`),
sourceLogsConfiguration: {
encryptedLogGroupStrategy: "ALLOW",
logGroupSelectionCriteria: "LogGroupName LIKE '/aws/lambda%'",
},
},
},
tags: {
Name: "filtered-centralization-rule",
Filter: "lambda-logs",
},
});
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
current_get_organization = aws.organizations.get_organization()
filtered = aws.observabilityadmin.CentralizationRuleForOrganization("filtered",
rule_name="filtered-centralization-rule",
rule={
"destination": {
"region": "eu-west-1",
"account": current.account_id,
},
"source": {
"regions": [
"ap-southeast-1",
"us-east-1",
],
"scope": f"OrganizationId = '{current_get_organization.id}'",
"source_logs_configuration": {
"encrypted_log_group_strategy": "ALLOW",
"log_group_selection_criteria": "LogGroupName LIKE '/aws/lambda%'",
},
},
},
tags={
"Name": "filtered-centralization-rule",
"Filter": "lambda-logs",
})
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/observabilityadmin"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
currentGetOrganization, err := organizations.LookupOrganization(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = observabilityadmin.NewCentralizationRuleForOrganization(ctx, "filtered", &observabilityadmin.CentralizationRuleForOrganizationArgs{
RuleName: pulumi.String("filtered-centralization-rule"),
Rule: &observabilityadmin.CentralizationRuleForOrganizationRuleArgs{
Destination: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationArgs{
Region: pulumi.String("eu-west-1"),
Account: pulumi.String(current.AccountId),
},
Source: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceArgs{
Regions: pulumi.StringArray{
pulumi.String("ap-southeast-1"),
pulumi.String("us-east-1"),
},
Scope: pulumi.Sprintf("OrganizationId = '%v'", currentGetOrganization.Id),
SourceLogsConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs{
EncryptedLogGroupStrategy: pulumi.String("ALLOW"),
LogGroupSelectionCriteria: pulumi.String("LogGroupName LIKE '/aws/lambda%'"),
},
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("filtered-centralization-rule"),
"Filter": pulumi.String("lambda-logs"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetCallerIdentity.Invoke();
var currentGetOrganization = Aws.Organizations.GetOrganization.Invoke();
var filtered = new Aws.Observabilityadmin.CentralizationRuleForOrganization("filtered", new()
{
RuleName = "filtered-centralization-rule",
Rule = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleArgs
{
Destination = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationArgs
{
Region = "eu-west-1",
Account = current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
},
Source = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceArgs
{
Regions = new[]
{
"ap-southeast-1",
"us-east-1",
},
Scope = $"OrganizationId = '{currentGetOrganization.Apply(getOrganizationResult => getOrganizationResult.Id)}'",
SourceLogsConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs
{
EncryptedLogGroupStrategy = "ALLOW",
LogGroupSelectionCriteria = "LogGroupName LIKE '/aws/lambda%'",
},
},
},
Tags =
{
{ "Name", "filtered-centralization-rule" },
{ "Filter", "lambda-logs" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.organizations.OrganizationsFunctions;
import com.pulumi.aws.observabilityadmin.CentralizationRuleForOrganization;
import com.pulumi.aws.observabilityadmin.CentralizationRuleForOrganizationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleDestinationArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleSourceArgs;
import com.pulumi.aws.observabilityadmin.inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
final var currentGetOrganization = OrganizationsFunctions.getOrganization(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
var filtered = new CentralizationRuleForOrganization("filtered", CentralizationRuleForOrganizationArgs.builder()
.ruleName("filtered-centralization-rule")
.rule(CentralizationRuleForOrganizationRuleArgs.builder()
.destination(CentralizationRuleForOrganizationRuleDestinationArgs.builder()
.region("eu-west-1")
.account(current.accountId())
.build())
.source(CentralizationRuleForOrganizationRuleSourceArgs.builder()
.regions(
"ap-southeast-1",
"us-east-1")
.scope(String.format("OrganizationId = '%s'", currentGetOrganization.id()))
.sourceLogsConfiguration(CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs.builder()
.encryptedLogGroupStrategy("ALLOW")
.logGroupSelectionCriteria("LogGroupName LIKE '/aws/lambda%'")
.build())
.build())
.build())
.tags(Map.ofEntries(
Map.entry("Name", "filtered-centralization-rule"),
Map.entry("Filter", "lambda-logs")
))
.build());
}
}
resources:
filtered:
type: aws:observabilityadmin:CentralizationRuleForOrganization
properties:
ruleName: filtered-centralization-rule
rule:
destination:
region: eu-west-1
account: ${current.accountId}
source:
regions:
- ap-southeast-1
- us-east-1
scope: OrganizationId = '${currentGetOrganization.id}'
sourceLogsConfiguration:
encryptedLogGroupStrategy: ALLOW
logGroupSelectionCriteria: LogGroupName LIKE '/aws/lambda%'
tags:
Name: filtered-centralization-rule
Filter: lambda-logs
variables:
current:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
currentGetOrganization:
fn::invoke:
function: aws:organizations:getOrganization
arguments: {}
Create CentralizationRuleForOrganization Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CentralizationRuleForOrganization(name: string, args: CentralizationRuleForOrganizationArgs, opts?: CustomResourceOptions);@overload
def CentralizationRuleForOrganization(resource_name: str,
args: CentralizationRuleForOrganizationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CentralizationRuleForOrganization(resource_name: str,
opts: Optional[ResourceOptions] = None,
rule_name: Optional[str] = None,
region: Optional[str] = None,
rule: Optional[CentralizationRuleForOrganizationRuleArgs] = None,
tags: Optional[Mapping[str, str]] = None,
timeouts: Optional[CentralizationRuleForOrganizationTimeoutsArgs] = None)func NewCentralizationRuleForOrganization(ctx *Context, name string, args CentralizationRuleForOrganizationArgs, opts ...ResourceOption) (*CentralizationRuleForOrganization, error)public CentralizationRuleForOrganization(string name, CentralizationRuleForOrganizationArgs args, CustomResourceOptions? opts = null)
public CentralizationRuleForOrganization(String name, CentralizationRuleForOrganizationArgs args)
public CentralizationRuleForOrganization(String name, CentralizationRuleForOrganizationArgs args, CustomResourceOptions options)
type: aws:observabilityadmin:CentralizationRuleForOrganization
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CentralizationRuleForOrganizationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CentralizationRuleForOrganizationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CentralizationRuleForOrganizationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CentralizationRuleForOrganizationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CentralizationRuleForOrganizationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var centralizationRuleForOrganizationResource = new Aws.Observabilityadmin.CentralizationRuleForOrganization("centralizationRuleForOrganizationResource", new()
{
RuleName = "string",
Region = "string",
Rule = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleArgs
{
Destination = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationArgs
{
Account = "string",
Region = "string",
DestinationLogsConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs
{
BackupConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs
{
KmsKeyArn = "string",
Region = "string",
},
LogsEncryptionConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs
{
EncryptionStrategy = "string",
EncryptionConflictResolutionStrategy = "string",
KmsKeyArn = "string",
},
},
},
Source = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceArgs
{
Regions = new[]
{
"string",
},
Scope = "string",
SourceLogsConfiguration = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs
{
EncryptedLogGroupStrategy = "string",
LogGroupSelectionCriteria = "string",
},
},
},
Tags =
{
{ "string", "string" },
},
Timeouts = new Aws.Observabilityadmin.Inputs.CentralizationRuleForOrganizationTimeoutsArgs
{
Create = "string",
Update = "string",
},
});
example, err := observabilityadmin.NewCentralizationRuleForOrganization(ctx, "centralizationRuleForOrganizationResource", &observabilityadmin.CentralizationRuleForOrganizationArgs{
RuleName: pulumi.String("string"),
Region: pulumi.String("string"),
Rule: &observabilityadmin.CentralizationRuleForOrganizationRuleArgs{
Destination: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationArgs{
Account: pulumi.String("string"),
Region: pulumi.String("string"),
DestinationLogsConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs{
BackupConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs{
KmsKeyArn: pulumi.String("string"),
Region: pulumi.String("string"),
},
LogsEncryptionConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs{
EncryptionStrategy: pulumi.String("string"),
EncryptionConflictResolutionStrategy: pulumi.String("string"),
KmsKeyArn: pulumi.String("string"),
},
},
},
Source: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceArgs{
Regions: pulumi.StringArray{
pulumi.String("string"),
},
Scope: pulumi.String("string"),
SourceLogsConfiguration: &observabilityadmin.CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs{
EncryptedLogGroupStrategy: pulumi.String("string"),
LogGroupSelectionCriteria: pulumi.String("string"),
},
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeouts: &observabilityadmin.CentralizationRuleForOrganizationTimeoutsArgs{
Create: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var centralizationRuleForOrganizationResource = new CentralizationRuleForOrganization("centralizationRuleForOrganizationResource", CentralizationRuleForOrganizationArgs.builder()
.ruleName("string")
.region("string")
.rule(CentralizationRuleForOrganizationRuleArgs.builder()
.destination(CentralizationRuleForOrganizationRuleDestinationArgs.builder()
.account("string")
.region("string")
.destinationLogsConfiguration(CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs.builder()
.backupConfiguration(CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs.builder()
.kmsKeyArn("string")
.region("string")
.build())
.logsEncryptionConfiguration(CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs.builder()
.encryptionStrategy("string")
.encryptionConflictResolutionStrategy("string")
.kmsKeyArn("string")
.build())
.build())
.build())
.source(CentralizationRuleForOrganizationRuleSourceArgs.builder()
.regions("string")
.scope("string")
.sourceLogsConfiguration(CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs.builder()
.encryptedLogGroupStrategy("string")
.logGroupSelectionCriteria("string")
.build())
.build())
.build())
.tags(Map.of("string", "string"))
.timeouts(CentralizationRuleForOrganizationTimeoutsArgs.builder()
.create("string")
.update("string")
.build())
.build());
centralization_rule_for_organization_resource = aws.observabilityadmin.CentralizationRuleForOrganization("centralizationRuleForOrganizationResource",
rule_name="string",
region="string",
rule={
"destination": {
"account": "string",
"region": "string",
"destination_logs_configuration": {
"backup_configuration": {
"kms_key_arn": "string",
"region": "string",
},
"logs_encryption_configuration": {
"encryption_strategy": "string",
"encryption_conflict_resolution_strategy": "string",
"kms_key_arn": "string",
},
},
},
"source": {
"regions": ["string"],
"scope": "string",
"source_logs_configuration": {
"encrypted_log_group_strategy": "string",
"log_group_selection_criteria": "string",
},
},
},
tags={
"string": "string",
},
timeouts={
"create": "string",
"update": "string",
})
const centralizationRuleForOrganizationResource = new aws.observabilityadmin.CentralizationRuleForOrganization("centralizationRuleForOrganizationResource", {
ruleName: "string",
region: "string",
rule: {
destination: {
account: "string",
region: "string",
destinationLogsConfiguration: {
backupConfiguration: {
kmsKeyArn: "string",
region: "string",
},
logsEncryptionConfiguration: {
encryptionStrategy: "string",
encryptionConflictResolutionStrategy: "string",
kmsKeyArn: "string",
},
},
},
source: {
regions: ["string"],
scope: "string",
sourceLogsConfiguration: {
encryptedLogGroupStrategy: "string",
logGroupSelectionCriteria: "string",
},
},
},
tags: {
string: "string",
},
timeouts: {
create: "string",
update: "string",
},
});
type: aws:observabilityadmin:CentralizationRuleForOrganization
properties:
region: string
rule:
destination:
account: string
destinationLogsConfiguration:
backupConfiguration:
kmsKeyArn: string
region: string
logsEncryptionConfiguration:
encryptionConflictResolutionStrategy: string
encryptionStrategy: string
kmsKeyArn: string
region: string
source:
regions:
- string
scope: string
sourceLogsConfiguration:
encryptedLogGroupStrategy: string
logGroupSelectionCriteria: string
ruleName: string
tags:
string: string
timeouts:
create: string
update: string
CentralizationRuleForOrganization Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CentralizationRuleForOrganization resource accepts the following input properties:
- Rule
Name string - Name of the centralization rule. Must be unique within the organization.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Centralization
Rule For Organization Rule Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Centralization
Rule For Organization Timeouts
- Rule
Name string - Name of the centralization rule. Must be unique within the organization.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Centralization
Rule For Organization Rule Args Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Centralization
Rule For Organization Timeouts Args
- rule
Name String - Name of the centralization rule. Must be unique within the organization.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Centralization
Rule For Organization Rule Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Centralization
Rule For Organization Timeouts
- rule
Name string - Name of the centralization rule. Must be unique within the organization.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Centralization
Rule For Organization Rule Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Centralization
Rule For Organization Timeouts
- rule_
name str - Name of the centralization rule. Must be unique within the organization.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Centralization
Rule For Organization Rule Args Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Centralization
Rule For Organization Timeouts Args
- rule
Name String - Name of the centralization rule. Must be unique within the organization.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule Property Map
Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the CentralizationRuleForOrganization resource produces the following output properties:
Look up Existing CentralizationRuleForOrganization Resource
Get an existing CentralizationRuleForOrganization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CentralizationRuleForOrganizationState, opts?: CustomResourceOptions): CentralizationRuleForOrganization@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
region: Optional[str] = None,
rule: Optional[CentralizationRuleForOrganizationRuleArgs] = None,
rule_arn: Optional[str] = None,
rule_name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeouts: Optional[CentralizationRuleForOrganizationTimeoutsArgs] = None) -> CentralizationRuleForOrganizationfunc GetCentralizationRuleForOrganization(ctx *Context, name string, id IDInput, state *CentralizationRuleForOrganizationState, opts ...ResourceOption) (*CentralizationRuleForOrganization, error)public static CentralizationRuleForOrganization Get(string name, Input<string> id, CentralizationRuleForOrganizationState? state, CustomResourceOptions? opts = null)public static CentralizationRuleForOrganization get(String name, Output<String> id, CentralizationRuleForOrganizationState state, CustomResourceOptions options)resources: _: type: aws:observabilityadmin:CentralizationRuleForOrganization get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Centralization
Rule For Organization Rule Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- Rule
Arn string - ARN of the centralization rule.
- Rule
Name string - Name of the centralization rule. Must be unique within the organization.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Centralization
Rule For Organization Timeouts
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Centralization
Rule For Organization Rule Args Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- Rule
Arn string - ARN of the centralization rule.
- Rule
Name string - Name of the centralization rule. Must be unique within the organization.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Centralization
Rule For Organization Timeouts Args
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Centralization
Rule For Organization Rule Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- rule
Arn String - ARN of the centralization rule.
- rule
Name String - Name of the centralization rule. Must be unique within the organization.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Centralization
Rule For Organization Timeouts
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Centralization
Rule For Organization Rule Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- rule
Arn string - ARN of the centralization rule.
- rule
Name string - Name of the centralization rule. Must be unique within the organization.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Centralization
Rule For Organization Timeouts
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Centralization
Rule For Organization Rule Args Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- rule_
arn str - ARN of the centralization rule.
- rule_
name str - Name of the centralization rule. Must be unique within the organization.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Centralization
Rule For Organization Timeouts Args
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule Property Map
Configuration block for the centralization rule. See
rulebelow.The following arguments are optional:
- rule
Arn String - ARN of the centralization rule.
- rule
Name String - Name of the centralization rule. Must be unique within the organization.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts Property Map
Supporting Types
CentralizationRuleForOrganizationRule, CentralizationRuleForOrganizationRuleArgs
- Destination
Centralization
Rule For Organization Rule Destination - Configuration block for the destination where logs will be centralized. See
destinationbelow. - Source
Centralization
Rule For Organization Rule Source - Configuration block for the source of logs to be centralized. See
sourcebelow.
- Destination
Centralization
Rule For Organization Rule Destination - Configuration block for the destination where logs will be centralized. See
destinationbelow. - Source
Centralization
Rule For Organization Rule Source - Configuration block for the source of logs to be centralized. See
sourcebelow.
- destination
Centralization
Rule For Organization Rule Destination - Configuration block for the destination where logs will be centralized. See
destinationbelow. - source
Centralization
Rule For Organization Rule Source - Configuration block for the source of logs to be centralized. See
sourcebelow.
- destination
Centralization
Rule For Organization Rule Destination - Configuration block for the destination where logs will be centralized. See
destinationbelow. - source
Centralization
Rule For Organization Rule Source - Configuration block for the source of logs to be centralized. See
sourcebelow.
- destination
Centralization
Rule For Organization Rule Destination - Configuration block for the destination where logs will be centralized. See
destinationbelow. - source
Centralization
Rule For Organization Rule Source - Configuration block for the source of logs to be centralized. See
sourcebelow.
- destination Property Map
- Configuration block for the destination where logs will be centralized. See
destinationbelow. - source Property Map
- Configuration block for the source of logs to be centralized. See
sourcebelow.
CentralizationRuleForOrganizationRuleDestination, CentralizationRuleForOrganizationRuleDestinationArgs
- Account string
- AWS account ID where logs will be centralized.
- Region string
- AWS region where logs will be centralized.
- Destination
Logs CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration - Configuration block for destination logs settings. See
destination_logs_configurationbelow.
- Account string
- AWS account ID where logs will be centralized.
- Region string
- AWS region where logs will be centralized.
- Destination
Logs CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration - Configuration block for destination logs settings. See
destination_logs_configurationbelow.
- account String
- AWS account ID where logs will be centralized.
- region String
- AWS region where logs will be centralized.
- destination
Logs CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration - Configuration block for destination logs settings. See
destination_logs_configurationbelow.
- account string
- AWS account ID where logs will be centralized.
- region string
- AWS region where logs will be centralized.
- destination
Logs CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration - Configuration block for destination logs settings. See
destination_logs_configurationbelow.
- account str
- AWS account ID where logs will be centralized.
- region str
- AWS region where logs will be centralized.
- destination_
logs_ Centralizationconfiguration Rule For Organization Rule Destination Destination Logs Configuration - Configuration block for destination logs settings. See
destination_logs_configurationbelow.
- account String
- AWS account ID where logs will be centralized.
- region String
- AWS region where logs will be centralized.
- destination
Logs Property MapConfiguration - Configuration block for destination logs settings. See
destination_logs_configurationbelow.
CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfiguration, CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationArgs
- Backup
Configuration CentralizationRule For Organization Rule Destination Destination Logs Configuration Backup Configuration - Configuration block for backup settings. See
backup_configurationbelow. - Logs
Encryption CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration Logs Encryption Configuration - Configuration block for logs encryption settings. See
logs_encryption_configurationbelow.
- Backup
Configuration CentralizationRule For Organization Rule Destination Destination Logs Configuration Backup Configuration - Configuration block for backup settings. See
backup_configurationbelow. - Logs
Encryption CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration Logs Encryption Configuration - Configuration block for logs encryption settings. See
logs_encryption_configurationbelow.
- backup
Configuration CentralizationRule For Organization Rule Destination Destination Logs Configuration Backup Configuration - Configuration block for backup settings. See
backup_configurationbelow. - logs
Encryption CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration Logs Encryption Configuration - Configuration block for logs encryption settings. See
logs_encryption_configurationbelow.
- backup
Configuration CentralizationRule For Organization Rule Destination Destination Logs Configuration Backup Configuration - Configuration block for backup settings. See
backup_configurationbelow. - logs
Encryption CentralizationConfiguration Rule For Organization Rule Destination Destination Logs Configuration Logs Encryption Configuration - Configuration block for logs encryption settings. See
logs_encryption_configurationbelow.
- backup_
configuration CentralizationRule For Organization Rule Destination Destination Logs Configuration Backup Configuration - Configuration block for backup settings. See
backup_configurationbelow. - logs_
encryption_ Centralizationconfiguration Rule For Organization Rule Destination Destination Logs Configuration Logs Encryption Configuration - Configuration block for logs encryption settings. See
logs_encryption_configurationbelow.
- backup
Configuration Property Map - Configuration block for backup settings. See
backup_configurationbelow. - logs
Encryption Property MapConfiguration - Configuration block for logs encryption settings. See
logs_encryption_configurationbelow.
CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfiguration, CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationBackupConfigurationArgs
- kms_
key_ strarn - ARN of the KMS key to use for backup encryption.
- region str
- AWS region for backup storage.
CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfiguration, CentralizationRuleForOrganizationRuleDestinationDestinationLogsConfigurationLogsEncryptionConfigurationArgs
- Encryption
Strategy string - Encryption strategy for logs. Valid values:
AWS_OWNED,CUSTOMER_MANAGED. - Encryption
Conflict stringResolution Strategy - Strategy for resolving encryption conflicts. Valid values:
ALLOW,SKIP. - Kms
Key stringArn - ARN of the KMS key to use for encryption when
encryption_strategyisCUSTOMER_MANAGED.
- Encryption
Strategy string - Encryption strategy for logs. Valid values:
AWS_OWNED,CUSTOMER_MANAGED. - Encryption
Conflict stringResolution Strategy - Strategy for resolving encryption conflicts. Valid values:
ALLOW,SKIP. - Kms
Key stringArn - ARN of the KMS key to use for encryption when
encryption_strategyisCUSTOMER_MANAGED.
- encryption
Strategy String - Encryption strategy for logs. Valid values:
AWS_OWNED,CUSTOMER_MANAGED. - encryption
Conflict StringResolution Strategy - Strategy for resolving encryption conflicts. Valid values:
ALLOW,SKIP. - kms
Key StringArn - ARN of the KMS key to use for encryption when
encryption_strategyisCUSTOMER_MANAGED.
- encryption
Strategy string - Encryption strategy for logs. Valid values:
AWS_OWNED,CUSTOMER_MANAGED. - encryption
Conflict stringResolution Strategy - Strategy for resolving encryption conflicts. Valid values:
ALLOW,SKIP. - kms
Key stringArn - ARN of the KMS key to use for encryption when
encryption_strategyisCUSTOMER_MANAGED.
- encryption_
strategy str - Encryption strategy for logs. Valid values:
AWS_OWNED,CUSTOMER_MANAGED. - encryption_
conflict_ strresolution_ strategy - Strategy for resolving encryption conflicts. Valid values:
ALLOW,SKIP. - kms_
key_ strarn - ARN of the KMS key to use for encryption when
encryption_strategyisCUSTOMER_MANAGED.
- encryption
Strategy String - Encryption strategy for logs. Valid values:
AWS_OWNED,CUSTOMER_MANAGED. - encryption
Conflict StringResolution Strategy - Strategy for resolving encryption conflicts. Valid values:
ALLOW,SKIP. - kms
Key StringArn - ARN of the KMS key to use for encryption when
encryption_strategyisCUSTOMER_MANAGED.
CentralizationRuleForOrganizationRuleSource, CentralizationRuleForOrganizationRuleSourceArgs
- Regions List<string>
- Set of AWS regions from which to centralize logs. Must contain at least one region.
- Scope string
- Scope defining which resources to include. Use organization ID format:
OrganizationId = 'o-example123456'. - Source
Logs CentralizationConfiguration Rule For Organization Rule Source Source Logs Configuration - Configuration block for source logs settings. See
source_logs_configurationbelow.
- Regions []string
- Set of AWS regions from which to centralize logs. Must contain at least one region.
- Scope string
- Scope defining which resources to include. Use organization ID format:
OrganizationId = 'o-example123456'. - Source
Logs CentralizationConfiguration Rule For Organization Rule Source Source Logs Configuration - Configuration block for source logs settings. See
source_logs_configurationbelow.
- regions List<String>
- Set of AWS regions from which to centralize logs. Must contain at least one region.
- scope String
- Scope defining which resources to include. Use organization ID format:
OrganizationId = 'o-example123456'. - source
Logs CentralizationConfiguration Rule For Organization Rule Source Source Logs Configuration - Configuration block for source logs settings. See
source_logs_configurationbelow.
- regions string[]
- Set of AWS regions from which to centralize logs. Must contain at least one region.
- scope string
- Scope defining which resources to include. Use organization ID format:
OrganizationId = 'o-example123456'. - source
Logs CentralizationConfiguration Rule For Organization Rule Source Source Logs Configuration - Configuration block for source logs settings. See
source_logs_configurationbelow.
- regions Sequence[str]
- Set of AWS regions from which to centralize logs. Must contain at least one region.
- scope str
- Scope defining which resources to include. Use organization ID format:
OrganizationId = 'o-example123456'. - source_
logs_ Centralizationconfiguration Rule For Organization Rule Source Source Logs Configuration - Configuration block for source logs settings. See
source_logs_configurationbelow.
- regions List<String>
- Set of AWS regions from which to centralize logs. Must contain at least one region.
- scope String
- Scope defining which resources to include. Use organization ID format:
OrganizationId = 'o-example123456'. - source
Logs Property MapConfiguration - Configuration block for source logs settings. See
source_logs_configurationbelow.
CentralizationRuleForOrganizationRuleSourceSourceLogsConfiguration, CentralizationRuleForOrganizationRuleSourceSourceLogsConfigurationArgs
- Encrypted
Log stringGroup Strategy - Strategy for handling encrypted log groups. Valid values:
ALLOW,SKIP. - Log
Group stringSelection Criteria - Criteria for selecting log groups. Use
*for all log groups or OAM filter syntax likeLogGroupName LIKE '/aws/lambda%'. Must be between 1 and 2000 characters.
- Encrypted
Log stringGroup Strategy - Strategy for handling encrypted log groups. Valid values:
ALLOW,SKIP. - Log
Group stringSelection Criteria - Criteria for selecting log groups. Use
*for all log groups or OAM filter syntax likeLogGroupName LIKE '/aws/lambda%'. Must be between 1 and 2000 characters.
- encrypted
Log StringGroup Strategy - Strategy for handling encrypted log groups. Valid values:
ALLOW,SKIP. - log
Group StringSelection Criteria - Criteria for selecting log groups. Use
*for all log groups or OAM filter syntax likeLogGroupName LIKE '/aws/lambda%'. Must be between 1 and 2000 characters.
- encrypted
Log stringGroup Strategy - Strategy for handling encrypted log groups. Valid values:
ALLOW,SKIP. - log
Group stringSelection Criteria - Criteria for selecting log groups. Use
*for all log groups or OAM filter syntax likeLogGroupName LIKE '/aws/lambda%'. Must be between 1 and 2000 characters.
- encrypted_
log_ strgroup_ strategy - Strategy for handling encrypted log groups. Valid values:
ALLOW,SKIP. - log_
group_ strselection_ criteria - Criteria for selecting log groups. Use
*for all log groups or OAM filter syntax likeLogGroupName LIKE '/aws/lambda%'. Must be between 1 and 2000 characters.
- encrypted
Log StringGroup Strategy - Strategy for handling encrypted log groups. Valid values:
ALLOW,SKIP. - log
Group StringSelection Criteria - Criteria for selecting log groups. Use
*for all log groups or OAM filter syntax likeLogGroupName LIKE '/aws/lambda%'. Must be between 1 and 2000 characters.
CentralizationRuleForOrganizationTimeouts, CentralizationRuleForOrganizationTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
Using pulumi import, import CloudWatch Observability Admin Centralization Rule For Organization using the rule_name. For example:
$ pulumi import aws:observabilityadmin/centralizationRuleForOrganization:CentralizationRuleForOrganization example example-centralization-rule
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
