DataProtectionPolicy
- class aws_cdk.aws_logs.DataProtectionPolicy(*, identifiers, delivery_stream_name_audit_destination=None, description=None, log_group_audit_destination=None, name=None, s3_bucket_audit_destination=None)
- Bases: - object- Creates a data protection policy for CloudWatch Logs log groups. - ExampleMetadata:
- infused 
 - Example: - import aws_cdk.aws_kinesisfirehose as firehose log_group_destination = logs.LogGroup(self, "LogGroupLambdaAudit", log_group_name="auditDestinationForCDK" ) bucket = s3.Bucket(self, "audit-bucket") s3_destination = firehose.S3Bucket(bucket) delivery_stream = firehose.DeliveryStream(self, "Delivery Stream", destination=s3_destination ) data_protection_policy = logs.DataProtectionPolicy( name="data protection policy", description="policy description", identifiers=[logs.DataIdentifier.DRIVERSLICENSE_US, # managed data identifier logs.DataIdentifier("EmailAddress"), # forward compatibility for new managed data identifiers logs.CustomDataIdentifier("EmployeeId", "EmployeeId-\d{9}") ], # custom data identifier log_group_audit_destination=log_group_destination, s3_bucket_audit_destination=bucket, delivery_stream_name_audit_destination=delivery_stream.delivery_stream_name ) logs.LogGroup(self, "LogGroupLambda", log_group_name="cdkIntegLogGroup", data_protection_policy=data_protection_policy ) - Parameters:
- identifiers ( - Sequence[- DataIdentifier]) – List of data protection identifiers. Managed data identifiers must be in the following list: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-managed-data-identifiers.html Custom data identifiers must have a valid regex defined: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL-custom-data-identifiers.html#custom-data-identifiers-constraints
- delivery_stream_name_audit_destination ( - Optional[- str]) – Amazon Data Firehose delivery stream to send audit findings to. The delivery stream must already exist. Default: - no firehose delivery stream audit destination
- description ( - Optional[- str]) – Description of the data protection policy. Default: - ‘cdk generated data protection policy’
- log_group_audit_destination ( - Optional[- ILogGroup]) – CloudWatch Logs log group to send audit findings to. The log group must already exist prior to creating the data protection policy. Default: - no CloudWatch Logs audit destination
- name ( - Optional[- str]) – Name of the data protection policy. Default: - ‘data-protection-policy-cdk’
- s3_bucket_audit_destination ( - Optional[- IBucketRef]) – S3 bucket to send audit findings to. The bucket must already exist. Default: - no S3 bucket audit destination