Package software.amazon.awscdk.services.logs

Interface DataProtectionPolicyProps

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
DataProtectionPolicyProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-13T16:10:08.993Z") @Stability(Stable) public interface DataProtectionPolicyProps extends software.amazon.jsii.JsiiSerializable
Properties for creating a data protection policy.

Example: 

 import software.amazon.awscdk.services.kinesisfirehose.*;
 LogGroup logGroupDestination = LogGroup.Builder.create(this, "LogGroupLambdaAudit")
         .logGroupName("auditDestinationForCDK")
         .build();
 Bucket bucket = new Bucket(this, "audit-bucket");
 S3Bucket s3Destination = new S3Bucket(bucket);
 DeliveryStream deliveryStream = DeliveryStream.Builder.create(this, "Delivery Stream")
         .destination(s3Destination)
         .build();
 DataProtectionPolicy dataProtectionPolicy = DataProtectionPolicy.Builder.create()
         .name("data protection policy")
         .description("policy description")
         .identifiers(List.of(DataIdentifier.DRIVERSLICENSE_US,  // managed data identifier
             new DataIdentifier("EmailAddress"),  // forward compatibility for new managed data identifiers
             new CustomDataIdentifier("EmployeeId", "EmployeeId-\\d{9}"))) // custom data identifier
         .logGroupAuditDestination(logGroupDestination)
         .s3BucketAuditDestination(bucket)
         .deliveryStreamNameAuditDestination(deliveryStream.getDeliveryStreamName())
         .build();
 LogGroup.Builder.create(this, "LogGroupLambda")
         .logGroupName("cdkIntegLogGroup")
         .dataProtectionPolicy(dataProtectionPolicy)
         .build();

  • Method Details

    • getIdentifiers

      @Stability(Stable) @NotNull List<DataIdentifier> getIdentifiers()
      List of data protection identifiers.

      Managed data identifiers must be in the following list: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-managed-data-identifiers.html Custom data identifiers must have a valid regex defined: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-custom-data-identifiers.html#custom-data-identifiers-constraints

    • getDeliveryStreamNameAuditDestination

      @Stability(Stable) @Nullable default String getDeliveryStreamNameAuditDestination()
      Amazon Data Firehose delivery stream to send audit findings to.

      The delivery stream must already exist.

      Default: - no firehose delivery stream audit destination

    • getDescription

      @Stability(Stable) @Nullable default String getDescription()
      Description of the data protection policy.

      Default: - 'cdk generated data protection policy'

    • getLogGroupAuditDestination

      @Stability(Stable) @Nullable default ILogGroup getLogGroupAuditDestination()
      CloudWatch Logs log group to send audit findings to.

      The log group must already exist prior to creating the data protection policy.

      Default: - no CloudWatch Logs audit destination

    • getName

      @Stability(Stable) @Nullable default String getName()
      Name of the data protection policy.

      Default: - 'data-protection-policy-cdk'

    • getS3BucketAuditDestination

      @Stability(Stable) @Nullable default IBucketRef getS3BucketAuditDestination()
      S3 bucket to send audit findings to.

      The bucket must already exist.

      Default: - no S3 bucket audit destination

    • builder

      @Stability(Stable) static DataProtectionPolicyProps.Builder builder()
      Returns:
      a DataProtectionPolicyProps.Builder of DataProtectionPolicyProps