This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::ObservabilityAdmin::OrganizationCentralizationRule LogsEncryptionConfiguration
Configuration for encrypting centralized log groups. This configuration is only applied to destination log groups for which the corresponding source log groups are encrypted using Customer Managed KMS Keys.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "EncryptionConflictResolutionStrategy" :String, "EncryptionStrategy" :String, "KmsKeyArn" :String}
YAML
EncryptionConflictResolutionStrategy:StringEncryptionStrategy:StringKmsKeyArn:String
Properties
EncryptionConflictResolutionStrategy-
Conflict resolution strategy for centralization if the encryption strategy is set to CUSTOMER_MANAGED and the destination log group is encrypted with an AWS_OWNED KMS Key. ALLOW lets centralization go through while SKIP prevents centralization into the destination log group.
Required: No
Type: String
Allowed values:
ALLOW | SKIPUpdate requires: No interruption
EncryptionStrategy-
Configuration that determines the encryption strategy of the destination log groups. CUSTOMER_MANAGED uses the configured KmsKeyArn to encrypt newly created destination log groups.
Required: Yes
Type: String
Allowed values:
CUSTOMER_MANAGED | AWS_OWNEDUpdate requires: No interruption
KmsKeyArn-
KMS Key ARN belonging to the primary destination account and region, to encrypt newly created central log groups in the primary destination.
Required: No
Type: String
Pattern:
^arn:aws([a-z0-9\-]+)?:([a-zA-Z0-9\-]+):([a-z0-9\-]+)?:([0-9]{12})?:(.+)$Minimum:
1Maximum:
1011Update requires: No interruption
