Resource: awsCloudfrontRealtimeLogConfig
Provides a CloudFront real-time log configuration resource.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["cloudfront.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
statement: [
{
actions: [
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
],
effect: "Allow",
resources: ["${aws_kinesis_stream.example.arn}"],
},
],
});
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example_2", {
assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
name: "cloudfront-realtime-log-config-example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleExample.overrideLogicalId("example");
const awsIamRolePolicyExample = new aws.iamRolePolicy.IamRolePolicy(
this,
"example_3",
{
name: "cloudfront-realtime-log-config-example",
policy: dataAwsIamPolicyDocumentExample.json,
role: awsIamRoleExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyExample.overrideLogicalId("example");
const awsCloudfrontRealtimeLogConfigExample =
new aws.cloudfrontRealtimeLogConfig.CloudfrontRealtimeLogConfig(
this,
"example_4",
{
depends_on: [`\${${awsIamRolePolicyExample.fqn}}`],
endpoint: {
kinesisStreamConfig: {
roleArn: awsIamRoleExample.arn,
streamArn: "${aws_kinesis_stream.example.arn}",
},
streamType: "Kinesis",
},
fields: ["timestamp", "c-ip"],
name: "example",
samplingRate: 75,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCloudfrontRealtimeLogConfigExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
endpoint- (Required) The Amazon Kinesis data streams where real-time log data is sent.fields- (Required) The fields that are included in each real-time log record. See the AWS documentation for supported values.name- (Required) The unique name to identify this real-time log configuration.samplingRate- (Required) The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. An integer between1and100, inclusive.
The endpoint object supports the following:
kinesisStreamConfig- (Required) The Amazon Kinesis data stream configuration.streamType- (Required) The type of data stream where real-time log data is sent. The only valid value iskinesis.
The kinesisStreamConfig object supports the following:
roleArn- (Required) The ARN of an IAM role that CloudFront can use to send real-time log data to the Kinesis data stream. See the AWS documentation for more information.streamArn- (Required) The ARN of the Kinesis data stream.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- The ID of the CloudFront real-time log configuration.arn- The ARN (Amazon Resource Name) of the CloudFront real-time log configuration.
Import
CloudFront real-time log configurations can be imported using the ARN, e.g.,