1. Packages
  2. AWSx (Pulumi Crosswalk for AWS)
  3. API Docs
  4. cloudtrail
  5. Trail
AWSx (Pulumi Crosswalk for AWS) v3.0.0 published on Tuesday, Jul 22, 2025 by Pulumi

awsx.cloudtrail.Trail

Explore with Pulumi AI

awsx logo
AWSx (Pulumi Crosswalk for AWS) v3.0.0 published on Tuesday, Jul 22, 2025 by Pulumi

    Create Trail Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Trail(name: string, args?: TrailArgs, opts?: ComponentResourceOptions);
    @overload
    def Trail(resource_name: str,
              args: Optional[TrailArgs] = None,
              opts: Optional[ResourceOptions] = None)
    
    @overload
    def Trail(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              advanced_event_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailAdvancedEventSelectorArgs]] = None,
              cloud_watch_logs_group: Optional[_awsx.OptionalLogGroupArgs] = None,
              enable_log_file_validation: Optional[bool] = None,
              enable_logging: Optional[bool] = None,
              event_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailEventSelectorArgs]] = None,
              include_global_service_events: Optional[bool] = None,
              insight_selectors: Optional[Sequence[pulumi_aws.cloudtrail.TrailInsightSelectorArgs]] = None,
              is_multi_region_trail: Optional[bool] = None,
              is_organization_trail: Optional[bool] = None,
              kms_key_id: Optional[str] = None,
              name: Optional[str] = None,
              region: Optional[str] = None,
              s3_bucket: Optional[_awsx.RequiredBucketArgs] = None,
              s3_key_prefix: Optional[str] = None,
              sns_topic_name: Optional[str] = None,
              tags: Optional[Mapping[str, str]] = None)
    func NewTrail(ctx *Context, name string, args *TrailArgs, opts ...ResourceOption) (*Trail, error)
    public Trail(string name, TrailArgs? args = null, ComponentResourceOptions? opts = null)
    public Trail(String name, TrailArgs args)
    public Trail(String name, TrailArgs args, ComponentResourceOptions options)
    
    type: awsx:cloudtrail:Trail
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args TrailArgs
    The arguments to resource properties.
    opts ComponentResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args TrailArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args TrailArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args TrailArgs
    The arguments to resource properties.
    opts ComponentResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args TrailArgs
    The arguments to resource properties.
    options ComponentResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var trailResource = new Awsx.Cloudtrail.Trail("trailResource", new()
    {
        AdvancedEventSelectors = new[]
        {
            new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs
            {
                FieldSelectors = new[]
                {
                    new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs
                    {
                        Field = "string",
                        EndsWiths = new[]
                        {
                            "string",
                        },
                        Equals = new[]
                        {
                            "string",
                        },
                        NotEndsWiths = new[]
                        {
                            "string",
                        },
                        NotEquals = new[]
                        {
                            "string",
                        },
                        NotStartsWiths = new[]
                        {
                            "string",
                        },
                        StartsWiths = new[]
                        {
                            "string",
                        },
                    },
                },
                Name = "string",
            },
        },
        CloudWatchLogsGroup = new Awsx.Awsx.Inputs.OptionalLogGroupArgs
        {
            Args = new Awsx.Awsx.Inputs.LogGroupArgs
            {
                KmsKeyId = "string",
                LogGroupClass = "string",
                Name = "string",
                NamePrefix = "string",
                Region = "string",
                RetentionInDays = 0,
                SkipDestroy = false,
                Tags = 
                {
                    { "string", "string" },
                },
            },
            Enable = false,
            Existing = new Awsx.Awsx.Inputs.ExistingLogGroupArgs
            {
                Arn = "string",
                Name = "string",
                Region = "string",
            },
        },
        EnableLogFileValidation = false,
        EnableLogging = false,
        EventSelectors = new[]
        {
            new Aws.CloudTrail.Inputs.TrailEventSelectorArgs
            {
                DataResources = new[]
                {
                    new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs
                    {
                        Type = "string",
                        Values = new[]
                        {
                            "string",
                        },
                    },
                },
                ExcludeManagementEventSources = new[]
                {
                    "string",
                },
                IncludeManagementEvents = false,
                ReadWriteType = "string",
            },
        },
        IncludeGlobalServiceEvents = false,
        InsightSelectors = new[]
        {
            new Aws.CloudTrail.Inputs.TrailInsightSelectorArgs
            {
                InsightType = "string",
            },
        },
        IsMultiRegionTrail = false,
        IsOrganizationTrail = false,
        KmsKeyId = "string",
        Name = "string",
        Region = "string",
        S3Bucket = new Awsx.Awsx.Inputs.RequiredBucketArgs
        {
            Args = new Awsx.Awsx.Inputs.BucketArgs
            {
                Acl = "string",
                Bucket = "string",
                BucketPrefix = "string",
                ForceDestroy = false,
                ObjectLockEnabled = false,
                Policy = "string",
                Region = "string",
                Tags = 
                {
                    { "string", "string" },
                },
            },
            Existing = new Awsx.Awsx.Inputs.ExistingBucketArgs
            {
                Arn = "string",
                Name = "string",
            },
        },
        S3KeyPrefix = "string",
        SnsTopicName = "string",
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := cloudtrail.NewTrail(ctx, "trailResource", &cloudtrail.TrailArgs{
    	AdvancedEventSelectors: cloudtrail.TrailAdvancedEventSelectorArray{
    		&cloudtrail.TrailAdvancedEventSelectorArgs{
    			FieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{
    				&cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{
    					Field: pulumi.String("string"),
    					EndsWiths: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Equals: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					NotEndsWiths: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					NotEquals: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					NotStartsWiths: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					StartsWiths: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			Name: pulumi.String("string"),
    		},
    	},
    	CloudWatchLogsGroup: &awsx.OptionalLogGroupArgs{
    		Args: &awsx.LogGroupArgs{
    			KmsKeyId:        pulumi.String("string"),
    			LogGroupClass:   pulumi.String("string"),
    			Name:            pulumi.String("string"),
    			NamePrefix:      pulumi.String("string"),
    			Region:          pulumi.String("string"),
    			RetentionInDays: pulumi.Int(0),
    			SkipDestroy:     pulumi.Bool(false),
    			Tags: pulumi.StringMap{
    				"string": pulumi.String("string"),
    			},
    		},
    		Enable: false,
    		Existing: &awsx.ExistingLogGroupArgs{
    			Arn:    pulumi.String("string"),
    			Name:   pulumi.String("string"),
    			Region: pulumi.String("string"),
    		},
    	},
    	EnableLogFileValidation: pulumi.Bool(false),
    	EnableLogging:           pulumi.Bool(false),
    	EventSelectors: cloudtrail.TrailEventSelectorArray{
    		&cloudtrail.TrailEventSelectorArgs{
    			DataResources: cloudtrail.TrailEventSelectorDataResourceArray{
    				&cloudtrail.TrailEventSelectorDataResourceArgs{
    					Type: pulumi.String("string"),
    					Values: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			ExcludeManagementEventSources: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			IncludeManagementEvents: pulumi.Bool(false),
    			ReadWriteType:           pulumi.String("string"),
    		},
    	},
    	IncludeGlobalServiceEvents: pulumi.Bool(false),
    	InsightSelectors: cloudtrail.TrailInsightSelectorArray{
    		&cloudtrail.TrailInsightSelectorArgs{
    			InsightType: pulumi.String("string"),
    		},
    	},
    	IsMultiRegionTrail:  pulumi.Bool(false),
    	IsOrganizationTrail: pulumi.Bool(false),
    	KmsKeyId:            pulumi.String("string"),
    	Name:                pulumi.String("string"),
    	Region:              pulumi.String("string"),
    	S3Bucket: &awsx.RequiredBucketArgs{
    		Args: &awsx.BucketArgs{
    			Acl:               pulumi.String("string"),
    			Bucket:            pulumi.String("string"),
    			BucketPrefix:      pulumi.String("string"),
    			ForceDestroy:      pulumi.Bool(false),
    			ObjectLockEnabled: pulumi.Bool(false),
    			Policy:            pulumi.String("string"),
    			Region:            pulumi.String("string"),
    			Tags: pulumi.StringMap{
    				"string": pulumi.String("string"),
    			},
    		},
    		Existing: &awsx.ExistingBucketArgs{
    			Arn:  pulumi.String("string"),
    			Name: pulumi.String("string"),
    		},
    	},
    	S3KeyPrefix:  pulumi.String("string"),
    	SnsTopicName: pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var trailResource = new Trail("trailResource", TrailArgs.builder()
        .advancedEventSelectors(TrailAdvancedEventSelectorArgs.builder()
            .fieldSelectors(TrailAdvancedEventSelectorFieldSelectorArgs.builder()
                .field("string")
                .endsWiths("string")
                .equals("string")
                .notEndsWiths("string")
                .notEquals("string")
                .notStartsWiths("string")
                .startsWiths("string")
                .build())
            .name("string")
            .build())
        .cloudWatchLogsGroup(OptionalLogGroupArgs.builder()
            .args(LogGroupArgs.builder()
                .kmsKeyId("string")
                .logGroupClass("string")
                .name("string")
                .namePrefix("string")
                .region("string")
                .retentionInDays(0)
                .skipDestroy(false)
                .tags(Map.of("string", "string"))
                .build())
            .enable(false)
            .existing(ExistingLogGroupArgs.builder()
                .arn("string")
                .name("string")
                .region("string")
                .build())
            .build())
        .enableLogFileValidation(false)
        .enableLogging(false)
        .eventSelectors(TrailEventSelectorArgs.builder()
            .dataResources(TrailEventSelectorDataResourceArgs.builder()
                .type("string")
                .values("string")
                .build())
            .excludeManagementEventSources("string")
            .includeManagementEvents(false)
            .readWriteType("string")
            .build())
        .includeGlobalServiceEvents(false)
        .insightSelectors(TrailInsightSelectorArgs.builder()
            .insightType("string")
            .build())
        .isMultiRegionTrail(false)
        .isOrganizationTrail(false)
        .kmsKeyId("string")
        .name("string")
        .region("string")
        .s3Bucket(RequiredBucketArgs.builder()
            .args(BucketArgs.builder()
                .acl("string")
                .bucket("string")
                .bucketPrefix("string")
                .forceDestroy(false)
                .objectLockEnabled(false)
                .policy("string")
                .region("string")
                .tags(Map.of("string", "string"))
                .build())
            .existing(ExistingBucketArgs.builder()
                .arn("string")
                .name("string")
                .build())
            .build())
        .s3KeyPrefix("string")
        .snsTopicName("string")
        .tags(Map.of("string", "string"))
        .build());
    
    trail_resource = awsx.cloudtrail.Trail("trailResource",
        advanced_event_selectors=[{
            "field_selectors": [{
                "field": "string",
                "ends_withs": ["string"],
                "equals": ["string"],
                "not_ends_withs": ["string"],
                "not_equals": ["string"],
                "not_starts_withs": ["string"],
                "starts_withs": ["string"],
            }],
            "name": "string",
        }],
        cloud_watch_logs_group={
            "args": {
                "kms_key_id": "string",
                "log_group_class": "string",
                "name": "string",
                "name_prefix": "string",
                "region": "string",
                "retention_in_days": 0,
                "skip_destroy": False,
                "tags": {
                    "string": "string",
                },
            },
            "enable": False,
            "existing": {
                "arn": "string",
                "name": "string",
                "region": "string",
            },
        },
        enable_log_file_validation=False,
        enable_logging=False,
        event_selectors=[{
            "data_resources": [{
                "type": "string",
                "values": ["string"],
            }],
            "exclude_management_event_sources": ["string"],
            "include_management_events": False,
            "read_write_type": "string",
        }],
        include_global_service_events=False,
        insight_selectors=[{
            "insight_type": "string",
        }],
        is_multi_region_trail=False,
        is_organization_trail=False,
        kms_key_id="string",
        name="string",
        region="string",
        s3_bucket={
            "args": {
                "acl": "string",
                "bucket": "string",
                "bucket_prefix": "string",
                "force_destroy": False,
                "object_lock_enabled": False,
                "policy": "string",
                "region": "string",
                "tags": {
                    "string": "string",
                },
            },
            "existing": {
                "arn": "string",
                "name": "string",
            },
        },
        s3_key_prefix="string",
        sns_topic_name="string",
        tags={
            "string": "string",
        })
    
    const trailResource = new awsx.cloudtrail.Trail("trailResource", {
        advancedEventSelectors: [{
            fieldSelectors: [{
                field: "string",
                endsWiths: ["string"],
                equals: ["string"],
                notEndsWiths: ["string"],
                notEquals: ["string"],
                notStartsWiths: ["string"],
                startsWiths: ["string"],
            }],
            name: "string",
        }],
        cloudWatchLogsGroup: {
            args: {
                kmsKeyId: "string",
                logGroupClass: "string",
                name: "string",
                namePrefix: "string",
                region: "string",
                retentionInDays: 0,
                skipDestroy: false,
                tags: {
                    string: "string",
                },
            },
            enable: false,
            existing: {
                arn: "string",
                name: "string",
                region: "string",
            },
        },
        enableLogFileValidation: false,
        enableLogging: false,
        eventSelectors: [{
            dataResources: [{
                type: "string",
                values: ["string"],
            }],
            excludeManagementEventSources: ["string"],
            includeManagementEvents: false,
            readWriteType: "string",
        }],
        includeGlobalServiceEvents: false,
        insightSelectors: [{
            insightType: "string",
        }],
        isMultiRegionTrail: false,
        isOrganizationTrail: false,
        kmsKeyId: "string",
        name: "string",
        region: "string",
        s3Bucket: {
            args: {
                acl: "string",
                bucket: "string",
                bucketPrefix: "string",
                forceDestroy: false,
                objectLockEnabled: false,
                policy: "string",
                region: "string",
                tags: {
                    string: "string",
                },
            },
            existing: {
                arn: "string",
                name: "string",
            },
        },
        s3KeyPrefix: "string",
        snsTopicName: "string",
        tags: {
            string: "string",
        },
    });
    
    type: awsx:cloudtrail:Trail
    properties:
        advancedEventSelectors:
            - fieldSelectors:
                - endsWiths:
                    - string
                  equals:
                    - string
                  field: string
                  notEndsWiths:
                    - string
                  notEquals:
                    - string
                  notStartsWiths:
                    - string
                  startsWiths:
                    - string
              name: string
        cloudWatchLogsGroup:
            args:
                kmsKeyId: string
                logGroupClass: string
                name: string
                namePrefix: string
                region: string
                retentionInDays: 0
                skipDestroy: false
                tags:
                    string: string
            enable: false
            existing:
                arn: string
                name: string
                region: string
        enableLogFileValidation: false
        enableLogging: false
        eventSelectors:
            - dataResources:
                - type: string
                  values:
                    - string
              excludeManagementEventSources:
                - string
              includeManagementEvents: false
              readWriteType: string
        includeGlobalServiceEvents: false
        insightSelectors:
            - insightType: string
        isMultiRegionTrail: false
        isOrganizationTrail: false
        kmsKeyId: string
        name: string
        region: string
        s3Bucket:
            args:
                acl: string
                bucket: string
                bucketPrefix: string
                forceDestroy: false
                objectLockEnabled: false
                policy: string
                region: string
                tags:
                    string: string
            existing:
                arn: string
                name: string
        s3KeyPrefix: string
        snsTopicName: string
        tags:
            string: string
    

    Trail Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Trail resource accepts the following input properties:

    AdvancedEventSelectors List<Pulumi.Aws.CloudTrail.Inputs.TrailAdvancedEventSelector>
    Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
    CloudWatchLogsGroup Pulumi.Awsx.Awsx.Inputs.OptionalLogGroup
    Log group to which CloudTrail logs will be delivered.
    EnableLogFileValidation bool
    Whether log file integrity validation is enabled. Defaults to false.
    EnableLogging bool
    Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
    EventSelectors List<Pulumi.Aws.CloudTrail.Inputs.TrailEventSelector>
    Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
    IncludeGlobalServiceEvents bool
    Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
    InsightSelectors List<Pulumi.Aws.CloudTrail.Inputs.TrailInsightSelector>
    Configuration block for identifying unusual operational activity. See details below.
    IsMultiRegionTrail bool
    Whether the trail is created in the current region or in all regions. Defaults to false.
    IsOrganizationTrail bool
    Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
    KmsKeyId string
    KMS key ARN to use to encrypt the logs delivered by CloudTrail.
    Name string
    Name of the trail.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    S3Bucket Pulumi.Awsx.Awsx.Inputs.RequiredBucket
    S3 bucket designated for publishing log files.
    S3KeyPrefix string
    S3 key prefix that follows the name of the bucket you have designated for log file delivery.
    SnsTopicName string
    Name of the Amazon SNS topic defined for notification of log file delivery. Specify the SNS topic ARN if it resides in another region.
    Tags Dictionary<string, string>
    Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    AdvancedEventSelectors TrailAdvancedEventSelectorArgs
    Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
    CloudWatchLogsGroup OptionalLogGroupArgs
    Log group to which CloudTrail logs will be delivered.
    EnableLogFileValidation bool
    Whether log file integrity validation is enabled. Defaults to false.
    EnableLogging bool
    Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
    EventSelectors TrailEventSelectorArgs
    Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
    IncludeGlobalServiceEvents bool
    Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
    InsightSelectors TrailInsightSelectorArgs
    Configuration block for identifying unusual operational activity. See details below.
    IsMultiRegionTrail bool
    Whether the trail is created in the current region or in all regions. Defaults to false.
    IsOrganizationTrail bool
    Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
    KmsKeyId string
    KMS key ARN to use to encrypt the logs delivered by CloudTrail.
    Name string
    Name of the trail.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    S3Bucket RequiredBucketArgs
    S3 bucket designated for publishing log files.
    S3KeyPrefix string
    S3 key prefix that follows the name of the bucket you have designated for log file delivery.
    SnsTopicName string
    Name of the Amazon SNS topic defined for notification of log file delivery. Specify the SNS topic ARN if it resides in another region.
    Tags map[string]string
    Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    advancedEventSelectors List<TrailAdvancedEventSelector>
    Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
    cloudWatchLogsGroup OptionalLogGroup
    Log group to which CloudTrail logs will be delivered.
    enableLogFileValidation Boolean
    Whether log file integrity validation is enabled. Defaults to false.
    enableLogging Boolean
    Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
    eventSelectors List<TrailEventSelector>
    Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
    includeGlobalServiceEvents Boolean
    Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
    insightSelectors List<TrailInsightSelector>
    Configuration block for identifying unusual operational activity. See details below.
    isMultiRegionTrail Boolean
    Whether the trail is created in the current region or in all regions. Defaults to false.
    isOrganizationTrail Boolean
    Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
    kmsKeyId String
    KMS key ARN to use to encrypt the logs delivered by CloudTrail.
    name String
    Name of the trail.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    s3Bucket RequiredBucket
    S3 bucket designated for publishing log files.
    s3KeyPrefix String
    S3 key prefix that follows the name of the bucket you have designated for log file delivery.
    snsTopicName String
    Name of the Amazon SNS topic defined for notification of log file delivery. Specify the SNS topic ARN if it resides in another region.
    tags Map<String,String>
    Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    advancedEventSelectors pulumiAws.types.input.TrailAdvancedEventSelector[]
    Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
    cloudWatchLogsGroup awsx.OptionalLogGroup
    Log group to which CloudTrail logs will be delivered.
    enableLogFileValidation boolean
    Whether log file integrity validation is enabled. Defaults to false.
    enableLogging boolean
    Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
    eventSelectors pulumiAws.types.input.TrailEventSelector[]
    Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
    includeGlobalServiceEvents boolean
    Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
    insightSelectors pulumiAws.types.input.TrailInsightSelector[]
    Configuration block for identifying unusual operational activity. See details below.
    isMultiRegionTrail boolean
    Whether the trail is created in the current region or in all regions. Defaults to false.
    isOrganizationTrail boolean
    Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
    kmsKeyId string
    KMS key ARN to use to encrypt the logs delivered by CloudTrail.
    name string
    Name of the trail.
    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    s3Bucket awsx.RequiredBucket
    S3 bucket designated for publishing log files.
    s3KeyPrefix string
    S3 key prefix that follows the name of the bucket you have designated for log file delivery.
    snsTopicName string
    Name of the Amazon SNS topic defined for notification of log file delivery. Specify the SNS topic ARN if it resides in another region.
    tags {[key: string]: string}
    Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    advanced_event_selectors Sequence[pulumi_aws.cloudtrail.TrailAdvancedEventSelectorArgs]
    Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
    cloud_watch_logs_group awsx.OptionalLogGroupArgs
    Log group to which CloudTrail logs will be delivered.
    enable_log_file_validation bool
    Whether log file integrity validation is enabled. Defaults to false.
    enable_logging bool
    Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
    event_selectors Sequence[pulumi_aws.cloudtrail.TrailEventSelectorArgs]
    Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
    include_global_service_events bool
    Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
    insight_selectors Sequence[pulumi_aws.cloudtrail.TrailInsightSelectorArgs]
    Configuration block for identifying unusual operational activity. See details below.
    is_multi_region_trail bool
    Whether the trail is created in the current region or in all regions. Defaults to false.
    is_organization_trail bool
    Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
    kms_key_id str
    KMS key ARN to use to encrypt the logs delivered by CloudTrail.
    name str
    Name of the trail.
    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    s3_bucket awsx.RequiredBucketArgs
    S3 bucket designated for publishing log files.
    s3_key_prefix str
    S3 key prefix that follows the name of the bucket you have designated for log file delivery.
    sns_topic_name str
    Name of the Amazon SNS topic defined for notification of log file delivery. Specify the SNS topic ARN if it resides in another region.
    tags Mapping[str, str]
    Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    advancedEventSelectors List<Property Map>
    Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with event_selector.
    cloudWatchLogsGroup Property Map
    Log group to which CloudTrail logs will be delivered.
    enableLogFileValidation Boolean
    Whether log file integrity validation is enabled. Defaults to false.
    enableLogging Boolean
    Enables logging for the trail. Defaults to true. Setting this to false will pause logging.
    eventSelectors List<Property Map>
    Specifies an event selector for enabling data event logging. Fields documented below. Please note the CloudTrail limits when configuring these. Conflicts with advanced_event_selector.
    includeGlobalServiceEvents Boolean
    Whether the trail is publishing events from global services such as IAM to the log files. Defaults to true.
    insightSelectors List<Property Map>
    Configuration block for identifying unusual operational activity. See details below.
    isMultiRegionTrail Boolean
    Whether the trail is created in the current region or in all regions. Defaults to false.
    isOrganizationTrail Boolean
    Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to false.
    kmsKeyId String
    KMS key ARN to use to encrypt the logs delivered by CloudTrail.
    name String
    Name of the trail.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    s3Bucket Property Map
    S3 bucket designated for publishing log files.
    s3KeyPrefix String
    S3 key prefix that follows the name of the bucket you have designated for log file delivery.
    snsTopicName String
    Name of the Amazon SNS topic defined for notification of log file delivery. Specify the SNS topic ARN if it resides in another region.
    tags Map<String>
    Map of tags to assign to the trail. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Trail resource produces the following output properties:

    AwsTrail Pulumi.Aws.CloudTrail.Trail
    The CloudTrail Trail. This type is defined in the AWS Classic package.
    Bucket Pulumi.Aws.S3.Bucket
    The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
    LogGroup Pulumi.Aws.CloudWatch.LogGroup
    The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
    Trail Trail
    The CloudTrail Trail. This type is defined in the AWS Classic package.
    Bucket Bucket
    The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
    LogGroup LogGroup
    The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
    trail Trail
    The CloudTrail Trail. This type is defined in the AWS Classic package.
    bucket Bucket
    The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
    logGroup LogGroup
    The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
    trail pulumiAws.Trail
    The CloudTrail Trail. This type is defined in the AWS Classic package.
    bucket pulumiAws.s3.Bucket
    The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
    logGroup pulumiAws.cloudwatch.LogGroup
    The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
    trail pulumi_aws.cloudtrail.Trail
    The CloudTrail Trail. This type is defined in the AWS Classic package.
    bucket pulumi_aws.s3.Bucket
    The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
    log_group pulumi_aws.cloudwatch.LogGroup
    The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.
    trail aws::Trail
    The CloudTrail Trail. This type is defined in the AWS Classic package.
    bucket aws:s3:Bucket
    The managed S3 Bucket where the Trail will place its logs. This type is defined in the AWS Classic package.
    logGroup aws:cloudwatch:LogGroup
    The managed Cloudwatch Log Group. This type is defined in the AWS Classic package.

    Supporting Types

    Bucket, BucketArgs

    AccelerationStatus string
    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAccelerateConfiguration instead.

    Deprecated: acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.

    Acl string
    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.
    BucketName string
    Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here. The name must not be in the format [bucket_name]--[azid]--x-s3. Use the aws.s3.DirectoryBucket resource to manage S3 Express buckets.
    BucketPrefix string
    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
    CorsRules List<Pulumi.Aws.S3.Inputs.BucketCorsRule>
    Rule of Cross-Origin Resource Sharing. See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketCorsConfiguration instead.

    Deprecated: cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.

    ForceDestroy bool
    Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful pulumi up run before a destroy is required to update this value in the resource state. Without a successful pulumi up after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful pulumi up is required to set this value in state before it will take effect on a destroy operation.
    Grants List<Pulumi.Aws.S3.Inputs.BucketGrant>
    An ACL policy grant. See Grant below for details. Conflicts with acl. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.

    Deprecated: grant is deprecated. Use the aws.s3.BucketAcl resource instead.

    LifecycleRules List<Pulumi.Aws.S3.Inputs.BucketLifecycleRule>
    Configuration of object lifecycle management. See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLifecycleConfiguration instead.

    Deprecated: lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.

    Logging Pulumi.Aws.S3.Inputs.BucketLogging

    Configuration of S3 bucket logging parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLogging instead.

    This type is defined in the AWS Classic package.

    Deprecated: logging is deprecated. Use the aws.s3.BucketLogging resource instead.

    ObjectLockConfiguration Pulumi.Aws.S3.Inputs.BucketObjectLockConfiguration

    Configuration of S3 object locking. See Object Lock Configuration below for details. The provider wil only perform drift detection if a configuration value is provided. Use the object_lock_enabled parameter and the resource aws.s3.BucketObjectLockConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.

    ObjectLockEnabled bool
    Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.
    Policy string
    Valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketPolicy instead.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    ReplicationConfiguration Pulumi.Aws.S3.Inputs.BucketReplicationConfiguration

    Configuration of replication configuration. See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketReplicationConfig instead.

    This type is defined in the AWS Classic package.

    Deprecated: replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.

    RequestPayer string
    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketRequestPaymentConfiguration instead.

    Deprecated: request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.

    ServerSideEncryptionConfiguration Pulumi.Aws.S3.Inputs.BucketServerSideEncryptionConfiguration

    Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketServerSideEncryptionConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.

    Tags Dictionary<string, string>

    Map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    The following arguments are deprecated, and will be removed in a future major version:

    Versioning Pulumi.Aws.S3.Inputs.BucketVersioning

    Configuration of the S3 bucket versioning state. See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketVersioning instead.

    This type is defined in the AWS Classic package.

    Deprecated: versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.

    Website Pulumi.Aws.S3.Inputs.BucketWebsite

    Configuration of the S3 bucket website. See Website below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketWebsiteConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.

    AccelerationStatus string
    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAccelerateConfiguration instead.

    Deprecated: acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.

    Acl string
    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.
    Bucket string
    Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here. The name must not be in the format [bucket_name]--[azid]--x-s3. Use the aws.s3.DirectoryBucket resource to manage S3 Express buckets.
    BucketPrefix string
    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
    CorsRules BucketCorsRule
    Rule of Cross-Origin Resource Sharing. See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketCorsConfiguration instead.

    Deprecated: cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.

    ForceDestroy bool
    Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful pulumi up run before a destroy is required to update this value in the resource state. Without a successful pulumi up after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful pulumi up is required to set this value in state before it will take effect on a destroy operation.
    Grants BucketGrant
    An ACL policy grant. See Grant below for details. Conflicts with acl. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.

    Deprecated: grant is deprecated. Use the aws.s3.BucketAcl resource instead.

    LifecycleRules BucketLifecycleRule
    Configuration of object lifecycle management. See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLifecycleConfiguration instead.

    Deprecated: lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.

    Logging BucketLoggingType

    Configuration of S3 bucket logging parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLogging instead.

    This type is defined in the AWS Classic package.

    Deprecated: logging is deprecated. Use the aws.s3.BucketLogging resource instead.

    ObjectLockConfiguration BucketObjectLockConfigurationType

    Configuration of S3 object locking. See Object Lock Configuration below for details. The provider wil only perform drift detection if a configuration value is provided. Use the object_lock_enabled parameter and the resource aws.s3.BucketObjectLockConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.

    ObjectLockEnabled bool
    Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.
    Policy string
    Valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketPolicy instead.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    ReplicationConfiguration BucketReplicationConfiguration

    Configuration of replication configuration. See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketReplicationConfig instead.

    This type is defined in the AWS Classic package.

    Deprecated: replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.

    RequestPayer string
    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketRequestPaymentConfiguration instead.

    Deprecated: request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.

    ServerSideEncryptionConfiguration BucketServerSideEncryptionConfigurationType

    Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketServerSideEncryptionConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.

    Tags map[string]string

    Map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    The following arguments are deprecated, and will be removed in a future major version:

    Versioning BucketVersioningType

    Configuration of the S3 bucket versioning state. See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketVersioning instead.

    This type is defined in the AWS Classic package.

    Deprecated: versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.

    Website BucketWebsite

    Configuration of the S3 bucket website. See Website below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketWebsiteConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.

    accelerationStatus String
    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAccelerateConfiguration instead.

    Deprecated: acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.

    acl String
    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.
    bucket String
    Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here. The name must not be in the format [bucket_name]--[azid]--x-s3. Use the aws.s3.DirectoryBucket resource to manage S3 Express buckets.
    bucketPrefix String
    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
    corsRules List<BucketCorsRule>
    Rule of Cross-Origin Resource Sharing. See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketCorsConfiguration instead.

    Deprecated: cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.

    forceDestroy Boolean
    Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful pulumi up run before a destroy is required to update this value in the resource state. Without a successful pulumi up after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful pulumi up is required to set this value in state before it will take effect on a destroy operation.
    grants List<BucketGrant>
    An ACL policy grant. See Grant below for details. Conflicts with acl. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.

    Deprecated: grant is deprecated. Use the aws.s3.BucketAcl resource instead.

    lifecycleRules List<BucketLifecycleRule>
    Configuration of object lifecycle management. See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLifecycleConfiguration instead.

    Deprecated: lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.

    logging BucketLogging

    Configuration of S3 bucket logging parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLogging instead.

    This type is defined in the AWS Classic package.

    Deprecated: logging is deprecated. Use the aws.s3.BucketLogging resource instead.

    objectLockConfiguration BucketObjectLockConfiguration

    Configuration of S3 object locking. See Object Lock Configuration below for details. The provider wil only perform drift detection if a configuration value is provided. Use the object_lock_enabled parameter and the resource aws.s3.BucketObjectLockConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.

    objectLockEnabled Boolean
    Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.
    policy String
    Valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketPolicy instead.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    replicationConfiguration BucketReplicationConfiguration

    Configuration of replication configuration. See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketReplicationConfig instead.

    This type is defined in the AWS Classic package.

    Deprecated: replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.

    requestPayer String
    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketRequestPaymentConfiguration instead.

    Deprecated: request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.

    serverSideEncryptionConfiguration BucketServerSideEncryptionConfiguration

    Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketServerSideEncryptionConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.

    tags Map<String,String>

    Map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    The following arguments are deprecated, and will be removed in a future major version:

    versioning BucketVersioning

    Configuration of the S3 bucket versioning state. See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketVersioning instead.

    This type is defined in the AWS Classic package.

    Deprecated: versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.

    website BucketWebsite

    Configuration of the S3 bucket website. See Website below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketWebsiteConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.

    accelerationStatus string
    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAccelerateConfiguration instead.

    Deprecated: acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.

    acl string
    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.
    bucket string
    Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here. The name must not be in the format [bucket_name]--[azid]--x-s3. Use the aws.s3.DirectoryBucket resource to manage S3 Express buckets.
    bucketPrefix string
    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
    corsRules pulumiAws.types.input.s3.BucketCorsRule[]
    Rule of Cross-Origin Resource Sharing. See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketCorsConfiguration instead.

    Deprecated: cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.

    forceDestroy boolean
    Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful pulumi up run before a destroy is required to update this value in the resource state. Without a successful pulumi up after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful pulumi up is required to set this value in state before it will take effect on a destroy operation.
    grants pulumiAws.types.input.s3.BucketGrant[]
    An ACL policy grant. See Grant below for details. Conflicts with acl. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.

    Deprecated: grant is deprecated. Use the aws.s3.BucketAcl resource instead.

    lifecycleRules pulumiAws.types.input.s3.BucketLifecycleRule[]
    Configuration of object lifecycle management. See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLifecycleConfiguration instead.

    Deprecated: lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.

    logging pulumiAws.types.input.s3.BucketLogging

    Configuration of S3 bucket logging parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLogging instead.

    This type is defined in the AWS Classic package.

    Deprecated: logging is deprecated. Use the aws.s3.BucketLogging resource instead.

    objectLockConfiguration pulumiAws.types.input.s3.BucketObjectLockConfiguration

    Configuration of S3 object locking. See Object Lock Configuration below for details. The provider wil only perform drift detection if a configuration value is provided. Use the object_lock_enabled parameter and the resource aws.s3.BucketObjectLockConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.

    objectLockEnabled boolean
    Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.
    policy string
    Valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketPolicy instead.
    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    replicationConfiguration pulumiAws.types.input.s3.BucketReplicationConfiguration

    Configuration of replication configuration. See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketReplicationConfig instead.

    This type is defined in the AWS Classic package.

    Deprecated: replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.

    requestPayer string
    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketRequestPaymentConfiguration instead.

    Deprecated: request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.

    serverSideEncryptionConfiguration pulumiAws.types.input.s3.BucketServerSideEncryptionConfiguration

    Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketServerSideEncryptionConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.

    tags {[key: string]: string}

    Map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    The following arguments are deprecated, and will be removed in a future major version:

    versioning pulumiAws.types.input.s3.BucketVersioning

    Configuration of the S3 bucket versioning state. See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketVersioning instead.

    This type is defined in the AWS Classic package.

    Deprecated: versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.

    website pulumiAws.types.input.s3.BucketWebsite

    Configuration of the S3 bucket website. See Website below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketWebsiteConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.

    acceleration_status str
    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAccelerateConfiguration instead.

    Deprecated: acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.

    acl str
    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.
    bucket str
    Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here. The name must not be in the format [bucket_name]--[azid]--x-s3. Use the aws.s3.DirectoryBucket resource to manage S3 Express buckets.
    bucket_prefix str
    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
    cors_rules Sequence[pulumi_aws.s3.BucketCorsRuleArgs]
    Rule of Cross-Origin Resource Sharing. See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketCorsConfiguration instead.

    Deprecated: cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.

    force_destroy bool
    Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful pulumi up run before a destroy is required to update this value in the resource state. Without a successful pulumi up after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful pulumi up is required to set this value in state before it will take effect on a destroy operation.
    grants Sequence[pulumi_aws.s3.BucketGrantArgs]
    An ACL policy grant. See Grant below for details. Conflicts with acl. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.

    Deprecated: grant is deprecated. Use the aws.s3.BucketAcl resource instead.

    lifecycle_rules Sequence[pulumi_aws.s3.BucketLifecycleRuleArgs]
    Configuration of object lifecycle management. See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLifecycleConfiguration instead.

    Deprecated: lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.

    logging pulumi_aws.s3.BucketLoggingArgs

    Configuration of S3 bucket logging parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLogging instead.

    This type is defined in the AWS Classic package.

    Deprecated: logging is deprecated. Use the aws.s3.BucketLogging resource instead.

    object_lock_configuration pulumi_aws.s3.BucketObjectLockConfigurationArgs

    Configuration of S3 object locking. See Object Lock Configuration below for details. The provider wil only perform drift detection if a configuration value is provided. Use the object_lock_enabled parameter and the resource aws.s3.BucketObjectLockConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.

    object_lock_enabled bool
    Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.
    policy str
    Valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketPolicy instead.
    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    replication_configuration pulumi_aws.s3.BucketReplicationConfigurationArgs

    Configuration of replication configuration. See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketReplicationConfig instead.

    This type is defined in the AWS Classic package.

    Deprecated: replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.

    request_payer str
    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketRequestPaymentConfiguration instead.

    Deprecated: request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.

    server_side_encryption_configuration pulumi_aws.s3.BucketServerSideEncryptionConfigurationArgs

    Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketServerSideEncryptionConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.

    tags Mapping[str, str]

    Map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    The following arguments are deprecated, and will be removed in a future major version:

    versioning pulumi_aws.s3.BucketVersioningArgs

    Configuration of the S3 bucket versioning state. See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketVersioning instead.

    This type is defined in the AWS Classic package.

    Deprecated: versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.

    website pulumi_aws.s3.BucketWebsiteArgs

    Configuration of the S3 bucket website. See Website below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketWebsiteConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.

    accelerationStatus String
    Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended. Cannot be used in cn-north-1 or us-gov-west-1. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAccelerateConfiguration instead.

    Deprecated: acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.

    acl String
    The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.
    bucket String
    Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here. The name must not be in the format [bucket_name]--[azid]--x-s3. Use the aws.s3.DirectoryBucket resource to manage S3 Express buckets.
    bucketPrefix String
    Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
    corsRules List<Property Map>
    Rule of Cross-Origin Resource Sharing. See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketCorsConfiguration instead.

    Deprecated: cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.

    forceDestroy Boolean
    Boolean that indicates all objects (including any locked objects) should be deleted from the bucket when the bucket is destroyed so that the bucket can be destroyed without error. These objects are not recoverable. This only deletes objects when the bucket is destroyed, not when setting this parameter to true. Once this parameter is set to true, there must be a successful pulumi up run before a destroy is required to update this value in the resource state. Without a successful pulumi up after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful pulumi up is required to set this value in state before it will take effect on a destroy operation.
    grants List<Property Map>
    An ACL policy grant. See Grant below for details. Conflicts with acl. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketAcl instead.

    Deprecated: grant is deprecated. Use the aws.s3.BucketAcl resource instead.

    lifecycleRules List<Property Map>
    Configuration of object lifecycle management. See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLifecycleConfiguration instead.

    Deprecated: lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.

    logging Property Map

    Configuration of S3 bucket logging parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketLogging instead.

    This type is defined in the AWS Classic package.

    Deprecated: logging is deprecated. Use the aws.s3.BucketLogging resource instead.

    objectLockConfiguration Property Map

    Configuration of S3 object locking. See Object Lock Configuration below for details. The provider wil only perform drift detection if a configuration value is provided. Use the object_lock_enabled parameter and the resource aws.s3.BucketObjectLockConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.

    objectLockEnabled Boolean
    Indicates whether this bucket has an Object Lock configuration enabled. Valid values are true or false. This argument is not supported in all regions or partitions.
    policy String
    Valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketPolicy instead.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    replicationConfiguration Property Map

    Configuration of replication configuration. See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketReplicationConfig instead.

    This type is defined in the AWS Classic package.

    Deprecated: replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.

    requestPayer String
    Specifies who should bear the cost of Amazon S3 data transfer. Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur the costs of any data transfer. See Requester Pays Buckets developer guide for more information. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketRequestPaymentConfiguration instead.

    Deprecated: request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.

    serverSideEncryptionConfiguration Property Map

    Configuration of server-side encryption configuration. See Server Side Encryption Configuration below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketServerSideEncryptionConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.

    tags Map<String>

    Map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    The following arguments are deprecated, and will be removed in a future major version:

    versioning Property Map

    Configuration of the S3 bucket versioning state. See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketVersioning instead.

    This type is defined in the AWS Classic package.

    Deprecated: versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.

    website Property Map

    Configuration of the S3 bucket website. See Website below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource aws.s3.BucketWebsiteConfiguration instead.

    This type is defined in the AWS Classic package.

    Deprecated: website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.

    ExistingBucket, ExistingBucketArgs

    Arn string
    Arn of the bucket. Only one of [arn] or [name] can be specified.
    Name string
    Name of the bucket. Only one of [arn] or [name] can be specified.
    Arn string
    Arn of the bucket. Only one of [arn] or [name] can be specified.
    Name string
    Name of the bucket. Only one of [arn] or [name] can be specified.
    arn String
    Arn of the bucket. Only one of [arn] or [name] can be specified.
    name String
    Name of the bucket. Only one of [arn] or [name] can be specified.
    arn string
    Arn of the bucket. Only one of [arn] or [name] can be specified.
    name string
    Name of the bucket. Only one of [arn] or [name] can be specified.
    arn str
    Arn of the bucket. Only one of [arn] or [name] can be specified.
    name str
    Name of the bucket. Only one of [arn] or [name] can be specified.
    arn String
    Arn of the bucket. Only one of [arn] or [name] can be specified.
    name String
    Name of the bucket. Only one of [arn] or [name] can be specified.

    ExistingLogGroup, ExistingLogGroupArgs

    Arn string
    Arn of the log group. Only one of [arn] or [name] can be specified.
    Name string
    Name of the log group. Only one of [arn] or [name] can be specified.
    Region string
    Region of the log group. If not specified, the provider region will be used.
    Arn string
    Arn of the log group. Only one of [arn] or [name] can be specified.
    Name string
    Name of the log group. Only one of [arn] or [name] can be specified.
    Region string
    Region of the log group. If not specified, the provider region will be used.
    arn String
    Arn of the log group. Only one of [arn] or [name] can be specified.
    name String
    Name of the log group. Only one of [arn] or [name] can be specified.
    region String
    Region of the log group. If not specified, the provider region will be used.
    arn string
    Arn of the log group. Only one of [arn] or [name] can be specified.
    name string
    Name of the log group. Only one of [arn] or [name] can be specified.
    region string
    Region of the log group. If not specified, the provider region will be used.
    arn str
    Arn of the log group. Only one of [arn] or [name] can be specified.
    name str
    Name of the log group. Only one of [arn] or [name] can be specified.
    region str
    Region of the log group. If not specified, the provider region will be used.
    arn String
    Arn of the log group. Only one of [arn] or [name] can be specified.
    name String
    Name of the log group. Only one of [arn] or [name] can be specified.
    region String
    Region of the log group. If not specified, the provider region will be used.

    LogGroup, LogGroupArgs

    KmsKeyId string
    The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
    LogGroupClass string
    Specified the log class of the log group. Possible values are: STANDARD, INFREQUENT_ACCESS, or DELIVERY.
    Name string
    The name of the log group. If omitted, this provider will assign a random, unique name.
    NamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    RetentionInDays int
    Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. If log_group_class is set to DELIVERY, this argument is ignored and retention_in_days is forcibly set to 2.
    SkipDestroy bool
    Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
    Tags Dictionary<string, string>
    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    KmsKeyId string
    The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
    LogGroupClass string
    Specified the log class of the log group. Possible values are: STANDARD, INFREQUENT_ACCESS, or DELIVERY.
    Name string
    The name of the log group. If omitted, this provider will assign a random, unique name.
    NamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    RetentionInDays int
    Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. If log_group_class is set to DELIVERY, this argument is ignored and retention_in_days is forcibly set to 2.
    SkipDestroy bool
    Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
    Tags map[string]string
    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    kmsKeyId String
    The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
    logGroupClass String
    Specified the log class of the log group. Possible values are: STANDARD, INFREQUENT_ACCESS, or DELIVERY.
    name String
    The name of the log group. If omitted, this provider will assign a random, unique name.
    namePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    retentionInDays Integer
    Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. If log_group_class is set to DELIVERY, this argument is ignored and retention_in_days is forcibly set to 2.
    skipDestroy Boolean
    Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
    tags Map<String,String>
    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    kmsKeyId string
    The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
    logGroupClass string
    Specified the log class of the log group. Possible values are: STANDARD, INFREQUENT_ACCESS, or DELIVERY.
    name string
    The name of the log group. If omitted, this provider will assign a random, unique name.
    namePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    retentionInDays number
    Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. If log_group_class is set to DELIVERY, this argument is ignored and retention_in_days is forcibly set to 2.
    skipDestroy boolean
    Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
    tags {[key: string]: string}
    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    kms_key_id str
    The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
    log_group_class str
    Specified the log class of the log group. Possible values are: STANDARD, INFREQUENT_ACCESS, or DELIVERY.
    name str
    The name of the log group. If omitted, this provider will assign a random, unique name.
    name_prefix str
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    retention_in_days int
    Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. If log_group_class is set to DELIVERY, this argument is ignored and retention_in_days is forcibly set to 2.
    skip_destroy bool
    Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
    tags Mapping[str, str]
    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    kmsKeyId String
    The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
    logGroupClass String
    Specified the log class of the log group. Possible values are: STANDARD, INFREQUENT_ACCESS, or DELIVERY.
    name String
    The name of the log group. If omitted, this provider will assign a random, unique name.
    namePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    retentionInDays Number
    Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. If log_group_class is set to DELIVERY, this argument is ignored and retention_in_days is forcibly set to 2.
    skipDestroy Boolean
    Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
    tags Map<String>
    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    OptionalLogGroup, OptionalLogGroupArgs

    Args Pulumi.Awsx.Awsx.Inputs.LogGroup
    Arguments to use instead of the default values during creation.
    Enable bool
    Enable creation of the log group.
    Existing Pulumi.Awsx.Awsx.Inputs.ExistingLogGroup
    Identity of an existing log group to use. Cannot be used in combination with args or opts.
    Args LogGroup
    Arguments to use instead of the default values during creation.
    Enable bool
    Enable creation of the log group.
    Existing ExistingLogGroup
    Identity of an existing log group to use. Cannot be used in combination with args or opts.
    args LogGroup
    Arguments to use instead of the default values during creation.
    enable Boolean
    Enable creation of the log group.
    existing ExistingLogGroup
    Identity of an existing log group to use. Cannot be used in combination with args or opts.
    args awsx.LogGroup
    Arguments to use instead of the default values during creation.
    enable boolean
    Enable creation of the log group.
    existing awsx.ExistingLogGroup
    Identity of an existing log group to use. Cannot be used in combination with args or opts.
    args awsx.LogGroup
    Arguments to use instead of the default values during creation.
    enable bool
    Enable creation of the log group.
    existing awsx.ExistingLogGroup
    Identity of an existing log group to use. Cannot be used in combination with args or opts.
    args Property Map
    Arguments to use instead of the default values during creation.
    enable Boolean
    Enable creation of the log group.
    existing Property Map
    Identity of an existing log group to use. Cannot be used in combination with args or opts.

    RequiredBucket, RequiredBucketArgs

    Args Pulumi.Awsx.Awsx.Inputs.Bucket
    Arguments to use instead of the default values during creation.
    Existing Pulumi.Awsx.Awsx.Inputs.ExistingBucket
    Identity of an existing bucket to use. Cannot be used in combination with args.
    Args Bucket
    Arguments to use instead of the default values during creation.
    Existing ExistingBucket
    Identity of an existing bucket to use. Cannot be used in combination with args.
    args Bucket
    Arguments to use instead of the default values during creation.
    existing ExistingBucket
    Identity of an existing bucket to use. Cannot be used in combination with args.
    args awsx.Bucket
    Arguments to use instead of the default values during creation.
    existing awsx.ExistingBucket
    Identity of an existing bucket to use. Cannot be used in combination with args.
    args awsx.Bucket
    Arguments to use instead of the default values during creation.
    existing awsx.ExistingBucket
    Identity of an existing bucket to use. Cannot be used in combination with args.
    args Property Map
    Arguments to use instead of the default values during creation.
    existing Property Map
    Identity of an existing bucket to use. Cannot be used in combination with args.

    Package Details

    Repository
    AWSx (Pulumi Crosswalk for AWS) pulumi/pulumi-awsx
    License
    Apache-2.0
    awsx logo
    AWSx (Pulumi Crosswalk for AWS) v3.0.0 published on Tuesday, Jul 22, 2025 by Pulumi