class DataProtectionPolicy
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Logs.DataProtectionPolicy |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awslogs#DataProtectionPolicy |
 Java | software.amazon.awscdk.services.logs.DataProtectionPolicy |
 Python | aws_cdk.aws_logs.DataProtectionPolicy |
 TypeScript (source) | aws-cdk-lib » aws_logs » DataProtectionPolicy |
Creates a data protection policy for CloudWatch Logs log groups.
Example
import * as firehose from 'aws-cdk-lib/aws-kinesisfirehose';
const logGroupDestination = new logs.LogGroup(this, 'LogGroupLambdaAudit', {
logGroupName: 'auditDestinationForCDK',
});
const bucket = new s3.Bucket(this, 'audit-bucket');
const s3Destination = new firehose.S3Bucket(bucket);
const deliveryStream = new firehose.DeliveryStream(this, 'Delivery Stream', {
destination: s3Destination,
});
const dataProtectionPolicy = new logs.DataProtectionPolicy({
name: 'data protection policy',
description: 'policy description',
identifiers: [
logs.DataIdentifier.DRIVERSLICENSE_US, // managed data identifier
new logs.DataIdentifier('EmailAddress'), // forward compatibility for new managed data identifiers
new logs.CustomDataIdentifier('EmployeeId', 'EmployeeId-\\d{9}')], // custom data identifier
logGroupAuditDestination: logGroupDestination,
s3BucketAuditDestination: bucket,
deliveryStreamNameAuditDestination: deliveryStream.deliveryStreamName,
});
new logs.LogGroup(this, 'LogGroupLambda', {
logGroupName: 'cdkIntegLogGroup',
dataProtectionPolicy: dataProtectionPolicy,
});
Initializer
new DataProtectionPolicy(props: DataProtectionPolicyProps)
Parameters