Resource: awsCloudwatchLogDataProtectionPolicy
Provides a CloudWatch Log Data Protection Policy resource.
Read more about protecting sensitive user data in the User Guide.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCloudwatchLogGroupExample =
new aws.cloudwatchLogGroup.CloudwatchLogGroup(this, "example", {
name: "example",
});
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example_1", {
bucket: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketExample.overrideLogicalId("example");
const awsCloudwatchLogDataProtectionPolicyExample =
new aws.cloudwatchLogDataProtectionPolicy.CloudwatchLogDataProtectionPolicy(
this,
"example_2",
{
logGroupName: awsCloudwatchLogGroupExample.name,
policyDocument:
'${jsonencode({\n Name = "Example"\n Version = "2021-06-01"\n\n Statement = [\n {\n Sid = "Audit"\n DataIdentifier = ["arn:aws:dataprotection::aws:data-identifier/EmailAddress"]\n Operation = {\n Audit = {\n FindingsDestination = {\n S3 = {\n Bucket = aws_s3_bucket.example.bucket\n }\n }\n }\n }\n },\n {\n Sid = "Redact"\n DataIdentifier = ["arn:aws:dataprotection::aws:data-identifier/EmailAddress"]\n Operation = {\n Deidentify = {\n MaskConfig = {}\n }\n }\n }\n ]\n })}',
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCloudwatchLogDataProtectionPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
logGroupName- (Required) The name of the log group under which the log stream is to be created.policyDocument- (Required) Specifies the data protection policy in JSON. Read more at Data protection policy syntax.
Attributes Reference
No additional attributes are exported.
Import
This resource can be imported using the logGroupName. For example: