Docs Home
AWS v7.7.0 published on Friday, Sep 5, 2025 by Pulumi
aws.workspacesweb.SessionLogger
Explore with Pulumi AI
Resource for managing an AWS WorkSpaces Web Session Logger.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleBucket = new aws.s3.Bucket("example", {bucket: "example-session-logs"});
const example = aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["workspaces-web.amazonaws.com"],
}],
actions: ["s3:PutObject"],
resources: [pulumi.interpolate`${exampleBucket.arn}/*`],
}],
});
const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
bucket: exampleBucket.id,
policy: example.apply(example => example.json),
});
const exampleSessionLogger = new aws.workspacesweb.SessionLogger("example", {
displayName: "example-session-logger",
eventFilter: {
all: {},
},
logConfiguration: {
s3: {
bucket: exampleBucket.id,
folderStructure: "Flat",
logFileFormat: "Json",
},
},
}, {
dependsOn: [exampleBucketPolicy],
});
import pulumi
import pulumi_aws as aws
example_bucket = aws.s3.Bucket("example", bucket="example-session-logs")
example = aws.iam.get_policy_document_output(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["workspaces-web.amazonaws.com"],
}],
"actions": ["s3:PutObject"],
"resources": [example_bucket.arn.apply(lambda arn: f"{arn}/*")],
}])
example_bucket_policy = aws.s3.BucketPolicy("example",
bucket=example_bucket.id,
policy=example.json)
example_session_logger = aws.workspacesweb.SessionLogger("example",
display_name="example-session-logger",
event_filter={
"all": {},
},
log_configuration={
"s3": {
"bucket": example_bucket.id,
"folder_structure": "Flat",
"log_file_format": "Json",
},
},
opts = pulumi.ResourceOptions(depends_on=[example_bucket_policy]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/workspacesweb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleBucket, err := s3.NewBucket(ctx, "example", &s3.BucketArgs{
Bucket: pulumi.String("example-session-logs"),
})
if err != nil {
return err
}
example := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("Service"),
Identifiers: pulumi.StringArray{
pulumi.String("workspaces-web.amazonaws.com"),
},
},
},
Actions: pulumi.StringArray{
pulumi.String("s3:PutObject"),
},
Resources: pulumi.StringArray{
exampleBucket.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v/*", arn), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{
Bucket: exampleBucket.ID(),
Policy: pulumi.String(example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {
return &example.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
_, err = workspacesweb.NewSessionLogger(ctx, "example", &workspacesweb.SessionLoggerArgs{
DisplayName: pulumi.String("example-session-logger"),
EventFilter: &workspacesweb.SessionLoggerEventFilterArgs{
All: &workspacesweb.SessionLoggerEventFilterAllArgs{},
},
LogConfiguration: &workspacesweb.SessionLoggerLogConfigurationArgs{
S3: &workspacesweb.SessionLoggerLogConfigurationS3Args{
Bucket: exampleBucket.ID(),
FolderStructure: pulumi.String("Flat"),
LogFileFormat: pulumi.String("Json"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleBucketPolicy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleBucket = new Aws.S3.Bucket("example", new()
{
BucketName = "example-session-logs",
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"workspaces-web.amazonaws.com",
},
},
},
Actions = new[]
{
"s3:PutObject",
},
Resources = new[]
{
$"{exampleBucket.Arn}/*",
},
},
},
});
var exampleBucketPolicy = new Aws.S3.BucketPolicy("example", new()
{
Bucket = exampleBucket.Id,
Policy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleSessionLogger = new Aws.WorkSpacesWeb.SessionLogger("example", new()
{
DisplayName = "example-session-logger",
EventFilter = new Aws.WorkSpacesWeb.Inputs.SessionLoggerEventFilterArgs
{
All = null,
},
LogConfiguration = new Aws.WorkSpacesWeb.Inputs.SessionLoggerLogConfigurationArgs
{
S3 = new Aws.WorkSpacesWeb.Inputs.SessionLoggerLogConfigurationS3Args
{
Bucket = exampleBucket.Id,
FolderStructure = "Flat",
LogFileFormat = "Json",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleBucketPolicy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.workspacesweb.SessionLogger;
import com.pulumi.aws.workspacesweb.SessionLoggerArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerEventFilterArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerEventFilterAllArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerLogConfigurationArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerLogConfigurationS3Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleBucket = new Bucket("exampleBucket", BucketArgs.builder()
.bucket("example-session-logs")
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("workspaces-web.amazonaws.com")
.build())
.actions("s3:PutObject")
.resources(exampleBucket.arn().applyValue(_arn -> String.format("%s/*", _arn)))
.build())
.build());
var exampleBucketPolicy = new BucketPolicy("exampleBucketPolicy", BucketPolicyArgs.builder()
.bucket(exampleBucket.id())
.policy(example.applyValue(_example -> _example.json()))
.build());
var exampleSessionLogger = new SessionLogger("exampleSessionLogger", SessionLoggerArgs.builder()
.displayName("example-session-logger")
.eventFilter(SessionLoggerEventFilterArgs.builder()
.all(SessionLoggerEventFilterAllArgs.builder()
.build())
.build())
.logConfiguration(SessionLoggerLogConfigurationArgs.builder()
.s3(SessionLoggerLogConfigurationS3Args.builder()
.bucket(exampleBucket.id())
.folderStructure("Flat")
.logFileFormat("Json")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleBucketPolicy)
.build());
}
}
resources:
exampleBucket:
type: aws:s3:Bucket
name: example
properties:
bucket: example-session-logs
exampleBucketPolicy:
type: aws:s3:BucketPolicy
name: example
properties:
bucket: ${exampleBucket.id}
policy: ${example.json}
exampleSessionLogger:
type: aws:workspacesweb:SessionLogger
name: example
properties:
displayName: example-session-logger
eventFilter:
all: {}
logConfiguration:
s3:
bucket: ${exampleBucket.id}
folderStructure: Flat
logFileFormat: Json
options:
dependsOn:
- ${exampleBucketPolicy}
variables:
example:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- workspaces-web.amazonaws.com
actions:
- s3:PutObject
resources:
- ${exampleBucket.arn}/*
Complete Configuration with KMS Encryption
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleBucket = new aws.s3.Bucket("example", {
bucket: "example-session-logs",
forceDestroy: true,
});
const example = aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["workspaces-web.amazonaws.com"],
}],
actions: ["s3:PutObject"],
resources: [
exampleBucket.arn,
pulumi.interpolate`${exampleBucket.arn}/*`,
],
}],
});
const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
bucket: exampleBucket.id,
policy: example.apply(example => example.json),
});
const current = aws.getPartition({});
const currentGetCallerIdentity = aws.getCallerIdentity({});
const kmsKeyPolicy = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => aws.iam.getPolicyDocument({
statements: [
{
principals: [{
type: "AWS",
identifiers: [`arn:${current.partition}:iam::${currentGetCallerIdentity.accountId}:root`],
}],
actions: ["kms:*"],
resources: ["*"],
},
{
principals: [{
type: "Service",
identifiers: ["workspaces-web.amazonaws.com"],
}],
actions: [
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*",
"kms:Decrypt",
],
resources: ["*"],
},
],
}));
const exampleKey = new aws.kms.Key("example", {
description: "KMS key for WorkSpaces Web Session Logger",
policy: kmsKeyPolicy.then(kmsKeyPolicy => kmsKeyPolicy.json),
});
const exampleSessionLogger = new aws.workspacesweb.SessionLogger("example", {
displayName: "example-session-logger",
customerManagedKey: exampleKey.arn,
additionalEncryptionContext: {
Environment: "Production",
Application: "WorkSpacesWeb",
},
eventFilter: {
includes: [
"SessionStart",
"SessionEnd",
],
},
logConfiguration: {
s3: {
bucket: exampleBucket.id,
bucketOwner: currentGetCallerIdentity.then(currentGetCallerIdentity => currentGetCallerIdentity.accountId),
folderStructure: "NestedByDate",
keyPrefix: "workspaces-web-logs/",
logFileFormat: "JsonLines",
},
},
tags: {
Name: "example-session-logger",
Environment: "Production",
},
}, {
dependsOn: [
exampleBucketPolicy,
exampleKey,
],
});
import pulumi
import pulumi_aws as aws
example_bucket = aws.s3.Bucket("example",
bucket="example-session-logs",
force_destroy=True)
example = aws.iam.get_policy_document_output(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["workspaces-web.amazonaws.com"],
}],
"actions": ["s3:PutObject"],
"resources": [
example_bucket.arn,
example_bucket.arn.apply(lambda arn: f"{arn}/*"),
],
}])
example_bucket_policy = aws.s3.BucketPolicy("example",
bucket=example_bucket.id,
policy=example.json)
current = aws.get_partition()
current_get_caller_identity = aws.get_caller_identity()
kms_key_policy = aws.iam.get_policy_document(statements=[
{
"principals": [{
"type": "AWS",
"identifiers": [f"arn:{current.partition}:iam::{current_get_caller_identity.account_id}:root"],
}],
"actions": ["kms:*"],
"resources": ["*"],
},
{
"principals": [{
"type": "Service",
"identifiers": ["workspaces-web.amazonaws.com"],
}],
"actions": [
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*",
"kms:Decrypt",
],
"resources": ["*"],
},
])
example_key = aws.kms.Key("example",
description="KMS key for WorkSpaces Web Session Logger",
policy=kms_key_policy.json)
example_session_logger = aws.workspacesweb.SessionLogger("example",
display_name="example-session-logger",
customer_managed_key=example_key.arn,
additional_encryption_context={
"Environment": "Production",
"Application": "WorkSpacesWeb",
},
event_filter={
"includes": [
"SessionStart",
"SessionEnd",
],
},
log_configuration={
"s3": {
"bucket": example_bucket.id,
"bucket_owner": current_get_caller_identity.account_id,
"folder_structure": "NestedByDate",
"key_prefix": "workspaces-web-logs/",
"log_file_format": "JsonLines",
},
},
tags={
"Name": "example-session-logger",
"Environment": "Production",
},
opts = pulumi.ResourceOptions(depends_on=[
example_bucket_policy,
example_key,
]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/workspacesweb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleBucket, err := s3.NewBucket(ctx, "example", &s3.BucketArgs{
Bucket: pulumi.String("example-session-logs"),
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
example := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("Service"),
Identifiers: pulumi.StringArray{
pulumi.String("workspaces-web.amazonaws.com"),
},
},
},
Actions: pulumi.StringArray{
pulumi.String("s3:PutObject"),
},
Resources: pulumi.StringArray{
exampleBucket.Arn,
exampleBucket.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v/*", arn), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{
Bucket: exampleBucket.ID(),
Policy: pulumi.String(example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {
return &example.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
current, err := aws.GetPartition(ctx, &aws.GetPartitionArgs{}, nil)
if err != nil {
return err
}
currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
kmsKeyPolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: []string{
fmt.Sprintf("arn:%v:iam::%v:root", current.Partition, currentGetCallerIdentity.AccountId),
},
},
},
Actions: []string{
"kms:*",
},
Resources: []string{
"*",
},
},
{
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"workspaces-web.amazonaws.com",
},
},
},
Actions: []string{
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*",
"kms:Decrypt",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
exampleKey, err := kms.NewKey(ctx, "example", &kms.KeyArgs{
Description: pulumi.String("KMS key for WorkSpaces Web Session Logger"),
Policy: pulumi.String(kmsKeyPolicy.Json),
})
if err != nil {
return err
}
_, err = workspacesweb.NewSessionLogger(ctx, "example", &workspacesweb.SessionLoggerArgs{
DisplayName: pulumi.String("example-session-logger"),
CustomerManagedKey: exampleKey.Arn,
AdditionalEncryptionContext: pulumi.StringMap{
"Environment": pulumi.String("Production"),
"Application": pulumi.String("WorkSpacesWeb"),
},
EventFilter: &workspacesweb.SessionLoggerEventFilterArgs{
Includes: pulumi.StringArray{
pulumi.String("SessionStart"),
pulumi.String("SessionEnd"),
},
},
LogConfiguration: &workspacesweb.SessionLoggerLogConfigurationArgs{
S3: &workspacesweb.SessionLoggerLogConfigurationS3Args{
Bucket: exampleBucket.ID(),
BucketOwner: pulumi.String(currentGetCallerIdentity.AccountId),
FolderStructure: pulumi.String("NestedByDate"),
KeyPrefix: pulumi.String("workspaces-web-logs/"),
LogFileFormat: pulumi.String("JsonLines"),
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("example-session-logger"),
"Environment": pulumi.String("Production"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleBucketPolicy,
exampleKey,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleBucket = new Aws.S3.Bucket("example", new()
{
BucketName = "example-session-logs",
ForceDestroy = true,
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"workspaces-web.amazonaws.com",
},
},
},
Actions = new[]
{
"s3:PutObject",
},
Resources = new[]
{
exampleBucket.Arn,
$"{exampleBucket.Arn}/*",
},
},
},
});
var exampleBucketPolicy = new Aws.S3.BucketPolicy("example", new()
{
Bucket = exampleBucket.Id,
Policy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var current = Aws.GetPartition.Invoke();
var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
var kmsKeyPolicy = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
$"arn:{current.Apply(getPartitionResult => getPartitionResult.Partition)}:iam::{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:root",
},
},
},
Actions = new[]
{
"kms:*",
},
Resources = new[]
{
"*",
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"workspaces-web.amazonaws.com",
},
},
},
Actions = new[]
{
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*",
"kms:Decrypt",
},
Resources = new[]
{
"*",
},
},
},
});
var exampleKey = new Aws.Kms.Key("example", new()
{
Description = "KMS key for WorkSpaces Web Session Logger",
Policy = kmsKeyPolicy.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleSessionLogger = new Aws.WorkSpacesWeb.SessionLogger("example", new()
{
DisplayName = "example-session-logger",
CustomerManagedKey = exampleKey.Arn,
AdditionalEncryptionContext =
{
{ "Environment", "Production" },
{ "Application", "WorkSpacesWeb" },
},
EventFilter = new Aws.WorkSpacesWeb.Inputs.SessionLoggerEventFilterArgs
{
Includes = new[]
{
"SessionStart",
"SessionEnd",
},
},
LogConfiguration = new Aws.WorkSpacesWeb.Inputs.SessionLoggerLogConfigurationArgs
{
S3 = new Aws.WorkSpacesWeb.Inputs.SessionLoggerLogConfigurationS3Args
{
Bucket = exampleBucket.Id,
BucketOwner = currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId),
FolderStructure = "NestedByDate",
KeyPrefix = "workspaces-web-logs/",
LogFileFormat = "JsonLines",
},
},
Tags =
{
{ "Name", "example-session-logger" },
{ "Environment", "Production" },
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleBucketPolicy,
exampleKey,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetPartitionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.workspacesweb.SessionLogger;
import com.pulumi.aws.workspacesweb.SessionLoggerArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerEventFilterArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerLogConfigurationArgs;
import com.pulumi.aws.workspacesweb.inputs.SessionLoggerLogConfigurationS3Args;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleBucket = new Bucket("exampleBucket", BucketArgs.builder()
.bucket("example-session-logs")
.forceDestroy(true)
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("workspaces-web.amazonaws.com")
.build())
.actions("s3:PutObject")
.resources(
exampleBucket.arn(),
exampleBucket.arn().applyValue(_arn -> String.format("%s/*", _arn)))
.build())
.build());
var exampleBucketPolicy = new BucketPolicy("exampleBucketPolicy", BucketPolicyArgs.builder()
.bucket(exampleBucket.id())
.policy(example.applyValue(_example -> _example.json()))
.build());
final var current = AwsFunctions.getPartition(GetPartitionArgs.builder()
.build());
final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
.build());
final var kmsKeyPolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(
GetPolicyDocumentStatementArgs.builder()
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(String.format("arn:%s:iam::%s:root", current.partition(),currentGetCallerIdentity.accountId()))
.build())
.actions("kms:*")
.resources("*")
.build(),
GetPolicyDocumentStatementArgs.builder()
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("workspaces-web.amazonaws.com")
.build())
.actions(
"kms:Encrypt",
"kms:GenerateDataKey*",
"kms:ReEncrypt*",
"kms:Decrypt")
.resources("*")
.build())
.build());
var exampleKey = new Key("exampleKey", KeyArgs.builder()
.description("KMS key for WorkSpaces Web Session Logger")
.policy(kmsKeyPolicy.json())
.build());
var exampleSessionLogger = new SessionLogger("exampleSessionLogger", SessionLoggerArgs.builder()
.displayName("example-session-logger")
.customerManagedKey(exampleKey.arn())
.additionalEncryptionContext(Map.ofEntries(
Map.entry("Environment", "Production"),
Map.entry("Application", "WorkSpacesWeb")
))
.eventFilter(SessionLoggerEventFilterArgs.builder()
.includes(
"SessionStart",
"SessionEnd")
.build())
.logConfiguration(SessionLoggerLogConfigurationArgs.builder()
.s3(SessionLoggerLogConfigurationS3Args.builder()
.bucket(exampleBucket.id())
.bucketOwner(currentGetCallerIdentity.accountId())
.folderStructure("NestedByDate")
.keyPrefix("workspaces-web-logs/")
.logFileFormat("JsonLines")
.build())
.build())
.tags(Map.ofEntries(
Map.entry("Name", "example-session-logger"),
Map.entry("Environment", "Production")
))
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleBucketPolicy,
exampleKey)
.build());
}
}
resources:
exampleBucket:
type: aws:s3:Bucket
name: example
properties:
bucket: example-session-logs
forceDestroy: true
exampleBucketPolicy:
type: aws:s3:BucketPolicy
name: example
properties:
bucket: ${exampleBucket.id}
policy: ${example.json}
exampleKey:
type: aws:kms:Key
name: example
properties:
description: KMS key for WorkSpaces Web Session Logger
policy: ${kmsKeyPolicy.json}
exampleSessionLogger:
type: aws:workspacesweb:SessionLogger
name: example
properties:
displayName: example-session-logger
customerManagedKey: ${exampleKey.arn}
additionalEncryptionContext:
Environment: Production
Application: WorkSpacesWeb
eventFilter:
includes:
- SessionStart
- SessionEnd
logConfiguration:
s3:
bucket: ${exampleBucket.id}
bucketOwner: ${currentGetCallerIdentity.accountId}
folderStructure: NestedByDate
keyPrefix: workspaces-web-logs/
logFileFormat: JsonLines
tags:
Name: example-session-logger
Environment: Production
options:
dependsOn:
- ${exampleBucketPolicy}
- ${exampleKey}
variables:
example:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- workspaces-web.amazonaws.com
actions:
- s3:PutObject
resources:
- ${exampleBucket.arn}
- ${exampleBucket.arn}/*
current:
fn::invoke:
function: aws:getPartition
arguments: {}
currentGetCallerIdentity:
fn::invoke:
function: aws:getCallerIdentity
arguments: {}
kmsKeyPolicy:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- principals:
- type: AWS
identifiers:
- arn:${current.partition}:iam::${currentGetCallerIdentity.accountId}:root
actions:
- kms:*
resources:
- '*'
- principals:
- type: Service
identifiers:
- workspaces-web.amazonaws.com
actions:
- kms:Encrypt
- kms:GenerateDataKey*
- kms:ReEncrypt*
- kms:Decrypt
resources:
- '*'
Create SessionLogger Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SessionLogger(name: string, args?: SessionLoggerArgs, opts?: CustomResourceOptions);@overload
def SessionLogger(resource_name: str,
args: Optional[SessionLoggerArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def SessionLogger(resource_name: str,
opts: Optional[ResourceOptions] = None,
additional_encryption_context: Optional[Mapping[str, str]] = None,
customer_managed_key: Optional[str] = None,
display_name: Optional[str] = None,
event_filter: Optional[SessionLoggerEventFilterArgs] = None,
log_configuration: Optional[SessionLoggerLogConfigurationArgs] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewSessionLogger(ctx *Context, name string, args *SessionLoggerArgs, opts ...ResourceOption) (*SessionLogger, error)public SessionLogger(string name, SessionLoggerArgs? args = null, CustomResourceOptions? opts = null)
public SessionLogger(String name, SessionLoggerArgs args)
public SessionLogger(String name, SessionLoggerArgs args, CustomResourceOptions options)
type: aws:workspacesweb:SessionLogger
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SessionLoggerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SessionLoggerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SessionLoggerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SessionLoggerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SessionLoggerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var sessionLoggerResource = new Aws.WorkSpacesWeb.SessionLogger("sessionLoggerResource", new()
{
AdditionalEncryptionContext =
{
{ "string", "string" },
},
CustomerManagedKey = "string",
DisplayName = "string",
EventFilter = new Aws.WorkSpacesWeb.Inputs.SessionLoggerEventFilterArgs
{
All = null,
Includes = new[]
{
"string",
},
},
LogConfiguration = new Aws.WorkSpacesWeb.Inputs.SessionLoggerLogConfigurationArgs
{
S3 = new Aws.WorkSpacesWeb.Inputs.SessionLoggerLogConfigurationS3Args
{
Bucket = "string",
FolderStructure = "string",
LogFileFormat = "string",
BucketOwner = "string",
KeyPrefix = "string",
},
},
Region = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := workspacesweb.NewSessionLogger(ctx, "sessionLoggerResource", &workspacesweb.SessionLoggerArgs{
AdditionalEncryptionContext: pulumi.StringMap{
"string": pulumi.String("string"),
},
CustomerManagedKey: pulumi.String("string"),
DisplayName: pulumi.String("string"),
EventFilter: &workspacesweb.SessionLoggerEventFilterArgs{
All: &workspacesweb.SessionLoggerEventFilterAllArgs{},
Includes: pulumi.StringArray{
pulumi.String("string"),
},
},
LogConfiguration: &workspacesweb.SessionLoggerLogConfigurationArgs{
S3: &workspacesweb.SessionLoggerLogConfigurationS3Args{
Bucket: pulumi.String("string"),
FolderStructure: pulumi.String("string"),
LogFileFormat: pulumi.String("string"),
BucketOwner: pulumi.String("string"),
KeyPrefix: pulumi.String("string"),
},
},
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var sessionLoggerResource = new SessionLogger("sessionLoggerResource", SessionLoggerArgs.builder()
.additionalEncryptionContext(Map.of("string", "string"))
.customerManagedKey("string")
.displayName("string")
.eventFilter(SessionLoggerEventFilterArgs.builder()
.all(SessionLoggerEventFilterAllArgs.builder()
.build())
.includes("string")
.build())
.logConfiguration(SessionLoggerLogConfigurationArgs.builder()
.s3(SessionLoggerLogConfigurationS3Args.builder()
.bucket("string")
.folderStructure("string")
.logFileFormat("string")
.bucketOwner("string")
.keyPrefix("string")
.build())
.build())
.region("string")
.tags(Map.of("string", "string"))
.build());
session_logger_resource = aws.workspacesweb.SessionLogger("sessionLoggerResource",
additional_encryption_context={
"string": "string",
},
customer_managed_key="string",
display_name="string",
event_filter={
"all": {},
"includes": ["string"],
},
log_configuration={
"s3": {
"bucket": "string",
"folder_structure": "string",
"log_file_format": "string",
"bucket_owner": "string",
"key_prefix": "string",
},
},
region="string",
tags={
"string": "string",
})
const sessionLoggerResource = new aws.workspacesweb.SessionLogger("sessionLoggerResource", {
additionalEncryptionContext: {
string: "string",
},
customerManagedKey: "string",
displayName: "string",
eventFilter: {
all: {},
includes: ["string"],
},
logConfiguration: {
s3: {
bucket: "string",
folderStructure: "string",
logFileFormat: "string",
bucketOwner: "string",
keyPrefix: "string",
},
},
region: "string",
tags: {
string: "string",
},
});
type: aws:workspacesweb:SessionLogger
properties:
additionalEncryptionContext:
string: string
customerManagedKey: string
displayName: string
eventFilter:
all: {}
includes:
- string
logConfiguration:
s3:
bucket: string
bucketOwner: string
folderStructure: string
keyPrefix: string
logFileFormat: string
region: string
tags:
string: string
SessionLogger Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SessionLogger resource accepts the following input properties:
- Additional
Encryption Dictionary<string, string>Context - Map of additional encryption context key-value pairs.
- Customer
Managed stringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- Display
Name string - Human-readable display name for the session logger resource. Forces replacement if changed.
- Event
Filter SessionLogger Event Filter - Event filter that determines which events are logged. See Event Filter below.
- Log
Configuration SessionLogger Log Configuration Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Additional
Encryption map[string]stringContext - Map of additional encryption context key-value pairs.
- Customer
Managed stringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- Display
Name string - Human-readable display name for the session logger resource. Forces replacement if changed.
- Event
Filter SessionLogger Event Filter Args - Event filter that determines which events are logged. See Event Filter below.
- Log
Configuration SessionLogger Log Configuration Args Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- additional
Encryption Map<String,String>Context - Map of additional encryption context key-value pairs.
- customer
Managed StringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display
Name String - Human-readable display name for the session logger resource. Forces replacement if changed.
- event
Filter SessionLogger Event Filter - Event filter that determines which events are logged. See Event Filter below.
- log
Configuration SessionLogger Log Configuration Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- additional
Encryption {[key: string]: string}Context - Map of additional encryption context key-value pairs.
- customer
Managed stringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display
Name string - Human-readable display name for the session logger resource. Forces replacement if changed.
- event
Filter SessionLogger Event Filter - Event filter that determines which events are logged. See Event Filter below.
- log
Configuration SessionLogger Log Configuration Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- additional_
encryption_ Mapping[str, str]context - Map of additional encryption context key-value pairs.
- customer_
managed_ strkey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display_
name str - Human-readable display name for the session logger resource. Forces replacement if changed.
- event_
filter SessionLogger Event Filter Args - Event filter that determines which events are logged. See Event Filter below.
- log_
configuration SessionLogger Log Configuration Args Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- additional
Encryption Map<String>Context - Map of additional encryption context key-value pairs.
- customer
Managed StringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display
Name String - Human-readable display name for the session logger resource. Forces replacement if changed.
- event
Filter Property Map - Event filter that determines which events are logged. See Event Filter below.
- log
Configuration Property Map Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the SessionLogger resource produces the following output properties:
- Associated
Portal List<string>Arns - List of ARNs of the web portals associated with the session logger.
- Id string
- The provider-assigned unique ID for this managed resource.
- Session
Logger stringArn - ARN of the session logger.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Associated
Portal []stringArns - List of ARNs of the web portals associated with the session logger.
- Id string
- The provider-assigned unique ID for this managed resource.
- Session
Logger stringArn - ARN of the session logger.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- associated
Portal List<String>Arns - List of ARNs of the web portals associated with the session logger.
- id String
- The provider-assigned unique ID for this managed resource.
- session
Logger StringArn - ARN of the session logger.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- associated
Portal string[]Arns - List of ARNs of the web portals associated with the session logger.
- id string
- The provider-assigned unique ID for this managed resource.
- session
Logger stringArn - ARN of the session logger.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- associated_
portal_ Sequence[str]arns - List of ARNs of the web portals associated with the session logger.
- id str
- The provider-assigned unique ID for this managed resource.
- session_
logger_ strarn - ARN of the session logger.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- associated
Portal List<String>Arns - List of ARNs of the web portals associated with the session logger.
- id String
- The provider-assigned unique ID for this managed resource.
- session
Logger StringArn - ARN of the session logger.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing SessionLogger Resource
Get an existing SessionLogger resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SessionLoggerState, opts?: CustomResourceOptions): SessionLogger@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
additional_encryption_context: Optional[Mapping[str, str]] = None,
associated_portal_arns: Optional[Sequence[str]] = None,
customer_managed_key: Optional[str] = None,
display_name: Optional[str] = None,
event_filter: Optional[SessionLoggerEventFilterArgs] = None,
log_configuration: Optional[SessionLoggerLogConfigurationArgs] = None,
region: Optional[str] = None,
session_logger_arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> SessionLoggerfunc GetSessionLogger(ctx *Context, name string, id IDInput, state *SessionLoggerState, opts ...ResourceOption) (*SessionLogger, error)public static SessionLogger Get(string name, Input<string> id, SessionLoggerState? state, CustomResourceOptions? opts = null)public static SessionLogger get(String name, Output<String> id, SessionLoggerState state, CustomResourceOptions options)resources: _: type: aws:workspacesweb:SessionLogger get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Additional
Encryption Dictionary<string, string>Context - Map of additional encryption context key-value pairs.
- Associated
Portal List<string>Arns - List of ARNs of the web portals associated with the session logger.
- Customer
Managed stringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- Display
Name string - Human-readable display name for the session logger resource. Forces replacement if changed.
- Event
Filter SessionLogger Event Filter - Event filter that determines which events are logged. See Event Filter below.
- Log
Configuration SessionLogger Log Configuration Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Session
Logger stringArn - ARN of the session logger.
- Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Additional
Encryption map[string]stringContext - Map of additional encryption context key-value pairs.
- Associated
Portal []stringArns - List of ARNs of the web portals associated with the session logger.
- Customer
Managed stringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- Display
Name string - Human-readable display name for the session logger resource. Forces replacement if changed.
- Event
Filter SessionLogger Event Filter Args - Event filter that determines which events are logged. See Event Filter below.
- Log
Configuration SessionLogger Log Configuration Args Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Session
Logger stringArn - ARN of the session logger.
- map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- additional
Encryption Map<String,String>Context - Map of additional encryption context key-value pairs.
- associated
Portal List<String>Arns - List of ARNs of the web portals associated with the session logger.
- customer
Managed StringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display
Name String - Human-readable display name for the session logger resource. Forces replacement if changed.
- event
Filter SessionLogger Event Filter - Event filter that determines which events are logged. See Event Filter below.
- log
Configuration SessionLogger Log Configuration Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- session
Logger StringArn - ARN of the session logger.
- Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- additional
Encryption {[key: string]: string}Context - Map of additional encryption context key-value pairs.
- associated
Portal string[]Arns - List of ARNs of the web portals associated with the session logger.
- customer
Managed stringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display
Name string - Human-readable display name for the session logger resource. Forces replacement if changed.
- event
Filter SessionLogger Event Filter - Event filter that determines which events are logged. See Event Filter below.
- log
Configuration SessionLogger Log Configuration Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- session
Logger stringArn - ARN of the session logger.
- {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- additional_
encryption_ Mapping[str, str]context - Map of additional encryption context key-value pairs.
- associated_
portal_ Sequence[str]arns - List of ARNs of the web portals associated with the session logger.
- customer_
managed_ strkey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display_
name str - Human-readable display name for the session logger resource. Forces replacement if changed.
- event_
filter SessionLogger Event Filter Args - Event filter that determines which events are logged. See Event Filter below.
- log_
configuration SessionLogger Log Configuration Args Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- session_
logger_ strarn - ARN of the session logger.
- Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- additional
Encryption Map<String>Context - Map of additional encryption context key-value pairs.
- associated
Portal List<String>Arns - List of ARNs of the web portals associated with the session logger.
- customer
Managed StringKey - ARN of the customer managed KMS key used to encrypt sensitive information.
- display
Name String - Human-readable display name for the session logger resource. Forces replacement if changed.
- event
Filter Property Map - Event filter that determines which events are logged. See Event Filter below.
- log
Configuration Property Map Configuration block for specifying where logs are delivered. See Log Configuration below.
The following arguments are optional:
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- session
Logger StringArn - ARN of the session logger.
- Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Supporting Types
SessionLoggerEventFilter, SessionLoggerEventFilterArgs
- All
Session
Logger Event Filter All - Block that specifies to monitor all events. Set to
{}to monitor all events. - Includes List<string>
- List of specific events to monitor. Valid values include session events like
SessionStart,SessionEnd, etc.
- All
Session
Logger Event Filter All - Block that specifies to monitor all events. Set to
{}to monitor all events. - Includes []string
- List of specific events to monitor. Valid values include session events like
SessionStart,SessionEnd, etc.
- all
Session
Logger Event Filter All - Block that specifies to monitor all events. Set to
{}to monitor all events. - includes List<String>
- List of specific events to monitor. Valid values include session events like
SessionStart,SessionEnd, etc.
- all
Session
Logger Event Filter All - Block that specifies to monitor all events. Set to
{}to monitor all events. - includes string[]
- List of specific events to monitor. Valid values include session events like
SessionStart,SessionEnd, etc.
- all
Session
Logger Event Filter All - Block that specifies to monitor all events. Set to
{}to monitor all events. - includes Sequence[str]
- List of specific events to monitor. Valid values include session events like
SessionStart,SessionEnd, etc.
- all Property Map
- Block that specifies to monitor all events. Set to
{}to monitor all events. - includes List<String>
- List of specific events to monitor. Valid values include session events like
SessionStart,SessionEnd, etc.
SessionLoggerLogConfiguration, SessionLoggerLogConfigurationArgs
- S3
Session
Logger Log Configuration S3 - Configuration block for S3 log delivery. See S3 Configuration below.
- S3
Session
Logger Log Configuration S3 - Configuration block for S3 log delivery. See S3 Configuration below.
- s3
Session
Logger Log Configuration S3 - Configuration block for S3 log delivery. See S3 Configuration below.
- s3
Session
Logger Log Configuration S3 - Configuration block for S3 log delivery. See S3 Configuration below.
- s3
Session
Logger Log Configuration S3 - Configuration block for S3 log delivery. See S3 Configuration below.
- s3 Property Map
- Configuration block for S3 log delivery. See S3 Configuration below.
SessionLoggerLogConfigurationS3, SessionLoggerLogConfigurationS3Args
- Bucket string
- S3 bucket name where logs are delivered.
- Folder
Structure string - Folder structure that defines the organizational structure for log files in S3. Valid values:
FlatStructure,DateBasedStructure. - Log
File stringFormat - Format of the log file written to S3. Valid values:
Json,Parquet. - Bucket
Owner string - Expected bucket owner of the target S3 bucket.
- Key
Prefix string - S3 path prefix that determines where log files are stored.
- Bucket string
- S3 bucket name where logs are delivered.
- Folder
Structure string - Folder structure that defines the organizational structure for log files in S3. Valid values:
FlatStructure,DateBasedStructure. - Log
File stringFormat - Format of the log file written to S3. Valid values:
Json,Parquet. - Bucket
Owner string - Expected bucket owner of the target S3 bucket.
- Key
Prefix string - S3 path prefix that determines where log files are stored.
- bucket String
- S3 bucket name where logs are delivered.
- folder
Structure String - Folder structure that defines the organizational structure for log files in S3. Valid values:
FlatStructure,DateBasedStructure. - log
File StringFormat - Format of the log file written to S3. Valid values:
Json,Parquet. - bucket
Owner String - Expected bucket owner of the target S3 bucket.
- key
Prefix String - S3 path prefix that determines where log files are stored.
- bucket string
- S3 bucket name where logs are delivered.
- folder
Structure string - Folder structure that defines the organizational structure for log files in S3. Valid values:
FlatStructure,DateBasedStructure. - log
File stringFormat - Format of the log file written to S3. Valid values:
Json,Parquet. - bucket
Owner string - Expected bucket owner of the target S3 bucket.
- key
Prefix string - S3 path prefix that determines where log files are stored.
- bucket str
- S3 bucket name where logs are delivered.
- folder_
structure str - Folder structure that defines the organizational structure for log files in S3. Valid values:
FlatStructure,DateBasedStructure. - log_
file_ strformat - Format of the log file written to S3. Valid values:
Json,Parquet. - bucket_
owner str - Expected bucket owner of the target S3 bucket.
- key_
prefix str - S3 path prefix that determines where log files are stored.
- bucket String
- S3 bucket name where logs are delivered.
- folder
Structure String - Folder structure that defines the organizational structure for log files in S3. Valid values:
FlatStructure,DateBasedStructure. - log
File StringFormat - Format of the log file written to S3. Valid values:
Json,Parquet. - bucket
Owner String - Expected bucket owner of the target S3 bucket.
- key
Prefix String - S3 path prefix that determines where log files are stored.
Import
Using pulumi import, import WorkSpaces Web Session Logger using the session_logger_arn. For example:
$ pulumi import aws:workspacesweb/sessionLogger:SessionLogger example arn:aws:workspaces-web:us-west-2:123456789012:sessionLogger/session_logger-id-12345678
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
