This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::ObservabilityAdmin::OrganizationCentralizationRule Defines how telemetry data should be centralized across an AWS Organization, including source and destination configurations. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::ObservabilityAdmin::OrganizationCentralizationRule", "Properties" : { "[Rule](#cfn-observabilityadmin-organizationcentralizationrule-rule)" : CentralizationRule, "[RuleName](#cfn-observabilityadmin-organizationcentralizationrule-rulename)" : String, "[Tags](#cfn-observabilityadmin-organizationcentralizationrule-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::ObservabilityAdmin::OrganizationCentralizationRule Properties: [Rule](#cfn-observabilityadmin-organizationcentralizationrule-rule): CentralizationRule [RuleName](#cfn-observabilityadmin-organizationcentralizationrule-rulename): String [Tags](#cfn-observabilityadmin-organizationcentralizationrule-tags): - Tag ``` ## Properties `Rule` Property description not available. *Required*: Yes *Type*: [CentralizationRule](aws-properties-observabilityadmin-organizationcentralizationrule-centralizationrule.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RuleName` The name of the organization centralization rule. *Required*: Yes *Type*: String *Pattern*: `^[0-9A-Za-z-]+$` *Minimum*: `1` *Maximum*: `100` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` A key-value pair to filter resources based on tags associated with the resource. For more information about tags, see [What are tags?](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/what-are-tags.html) *Required*: No *Type*: Array of [Tag](aws-properties-observabilityadmin-organizationcentralizationrule-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref ### Fn::GetAtt #### `RuleArn` The Amazon Resource Name (ARN) of the organization centralization rule. # AWS::ObservabilityAdmin::OrganizationCentralizationRule CentralizationRule Defines how telemetry data should be centralized across an AWS Organization, including source and destination configurations. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Destination](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrule-destination)" : CentralizationRuleDestination, "[Source](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrule-source)" : CentralizationRuleSource } ``` ### YAML ``` [Destination](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrule-destination): CentralizationRuleDestination [Source](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrule-source): CentralizationRuleSource ``` ## Properties `Destination` Configuration determining where the telemetry data should be centralized, backed up, as well as encryption configuration for the primary and backup destinations. *Required*: Yes *Type*: [CentralizationRuleDestination](aws-properties-observabilityadmin-organizationcentralizationrule-centralizationruledestination.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Source` Configuration determining the source of the telemetry data to be centralized. *Required*: Yes *Type*: [CentralizationRuleSource](aws-properties-observabilityadmin-organizationcentralizationrule-centralizationrulesource.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule CentralizationRuleDestination Configuration specifying the primary destination for centralized telemetry data. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Account](#cfn-observabilityadmin-organizationcentralizationrule-centralizationruledestination-account)" : String, "[DestinationLogsConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-centralizationruledestination-destinationlogsconfiguration)" : DestinationLogsConfiguration, "[Region](#cfn-observabilityadmin-organizationcentralizationrule-centralizationruledestination-region)" : String } ``` ### YAML ``` [Account](#cfn-observabilityadmin-organizationcentralizationrule-centralizationruledestination-account): String [DestinationLogsConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-centralizationruledestination-destinationlogsconfiguration): DestinationLogsConfiguration [Region](#cfn-observabilityadmin-organizationcentralizationrule-centralizationruledestination-region): String ``` ## Properties `Account` The destination account (within the organization) to which the telemetry data should be centralized. *Required*: No *Type*: String *Pattern*: `^[0-9]{12}$` *Minimum*: `12` *Maximum*: `12` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DestinationLogsConfiguration` Log specific configuration for centralization destination log groups. *Required*: No *Type*: [DestinationLogsConfiguration](aws-properties-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Region` The primary destination region to which telemetry data should be centralized. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule CentralizationRuleSource Configuration specifying the source of telemetry data to be centralized. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Regions](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrulesource-regions)" : [ String, ... ], "[Scope](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrulesource-scope)" : String, "[SourceLogsConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrulesource-sourcelogsconfiguration)" : SourceLogsConfiguration } ``` ### YAML ``` [Regions](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrulesource-regions): - String [Scope](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrulesource-scope): String [SourceLogsConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-centralizationrulesource-sourcelogsconfiguration): SourceLogsConfiguration ``` ## Properties `Regions` The list of source regions from which telemetry data should be centralized. *Required*: Yes *Type*: Array of String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Scope` The organizational scope from which telemetry data should be centralized, specified using organization id, accounts or organizational unit ids. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `2000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SourceLogsConfiguration` Log specific configuration for centralization source log groups. *Required*: No *Type*: [SourceLogsConfiguration](aws-properties-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule DestinationLogsConfiguration Configuration for centralization destination log groups, including encryption and backup settings. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BackupConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration-backupconfiguration)" : LogsBackupConfiguration, "[LogGroupNameConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration-loggroupnameconfiguration)" : LogGroupNameConfiguration, "[LogsEncryptionConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration-logsencryptionconfiguration)" : LogsEncryptionConfiguration } ``` ### YAML ``` [BackupConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration-backupconfiguration): LogsBackupConfiguration [LogGroupNameConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration-loggroupnameconfiguration): LogGroupNameConfiguration [LogsEncryptionConfiguration](#cfn-observabilityadmin-organizationcentralizationrule-destinationlogsconfiguration-logsencryptionconfiguration): LogsEncryptionConfiguration ``` ## Properties `BackupConfiguration` Configuration defining the backup region and an optional KMS key for the backup destination. *Required*: No *Type*: [LogsBackupConfiguration](aws-properties-observabilityadmin-organizationcentralizationrule-logsbackupconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogGroupNameConfiguration` Configuration that specifies a naming pattern for destination log groups created during centralization. The pattern supports static text and dynamic variables that are replaced with source attributes when log groups are created. *Required*: No *Type*: [LogGroupNameConfiguration](aws-properties-observabilityadmin-organizationcentralizationrule-loggroupnameconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogsEncryptionConfiguration` The encryption configuration for centralization destination log groups. *Required*: No *Type*: [LogsEncryptionConfiguration](aws-properties-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule LogGroupNameConfiguration Configuration that specifies a naming pattern for destination log groups created during centralization. The pattern supports static text and dynamic variables that are replaced with source attributes when log groups are created. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[LogGroupNamePattern](#cfn-observabilityadmin-organizationcentralizationrule-loggroupnameconfiguration-loggroupnamepattern)" : String } ``` ### YAML ``` [LogGroupNamePattern](#cfn-observabilityadmin-organizationcentralizationrule-loggroupnameconfiguration-loggroupnamepattern): String ``` ## Properties `LogGroupNamePattern` The pattern used to generate destination log group names during centralization. The pattern can contain static text and dynamic variables that are replaced with source attributes. If a variable cannot be resolved, it inherits the value from its parent variable in the hierarchy. The pattern must be between 1 and 512 characters. Supported variables: + **\$1\$1source.logGroup\$1** — The original log group name from the source account. + **\$1\$1source.accountId\$1** — The AWS account ID where the log originated. + **\$1\$1source.region\$1** — The AWS Region where the log originated. + **\$1\$1source.org.id\$1** — The AWS Organization ID of the source account. + **\$1\$1source.org.ouId\$1** — The organizational unit ID of the source account. + **\$1\$1source.org.rootId\$1** — The organization Root ID. + **\$1\$1source.org.path\$1** — The organizational path from account to root. *Required*: Yes *Type*: String *Pattern*: `^(?:[\._\-/#A-Za-z0-9]+|\$\{[A-Za-z]+(?:\.[A-Za-z]+){1,2}\})+$` *Minimum*: `1` *Maximum*: `512` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule LogsBackupConfiguration Configuration for backing up centralized log data to a secondary region. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[KmsKeyArn](#cfn-observabilityadmin-organizationcentralizationrule-logsbackupconfiguration-kmskeyarn)" : String, "[Region](#cfn-observabilityadmin-organizationcentralizationrule-logsbackupconfiguration-region)" : String } ``` ### YAML ``` [KmsKeyArn](#cfn-observabilityadmin-organizationcentralizationrule-logsbackupconfiguration-kmskeyarn): String [Region](#cfn-observabilityadmin-organizationcentralizationrule-logsbackupconfiguration-region): String ``` ## Properties `KmsKeyArn` KMS Key ARN belonging to the primary destination account and backup region, to encrypt newly created central log groups in the backup destination. *Required*: No *Type*: String *Pattern*: `^arn:aws([a-z0-9\-]+)?:([a-zA-Z0-9\-]+):([a-z0-9\-]+)?:([0-9]{12})?:(.+)$` *Minimum*: `1` *Maximum*: `1011` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Region` Logs specific backup destination region within the primary destination account to which log data should be centralized. *Required*: Yes *Type*: String *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule LogsEncryptionConfiguration Configuration for encrypting centralized log groups. This configuration is only applied to destination log groups for which the corresponding source log groups are encrypted using Customer Managed KMS Keys. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EncryptionConflictResolutionStrategy](#cfn-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration-encryptionconflictresolutionstrategy)" : String, "[EncryptionStrategy](#cfn-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration-encryptionstrategy)" : String, "[KmsKeyArn](#cfn-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration-kmskeyarn)" : String } ``` ### YAML ``` [EncryptionConflictResolutionStrategy](#cfn-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration-encryptionconflictresolutionstrategy): String [EncryptionStrategy](#cfn-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration-encryptionstrategy): String [KmsKeyArn](#cfn-observabilityadmin-organizationcentralizationrule-logsencryptionconfiguration-kmskeyarn): String ``` ## Properties `EncryptionConflictResolutionStrategy` Conflict resolution strategy for centralization if the encryption strategy is set to CUSTOMER\$1MANAGED and the destination log group is encrypted with an AWS\$1OWNED KMS Key. ALLOW lets centralization go through while SKIP prevents centralization into the destination log group. *Required*: No *Type*: String *Allowed values*: `ALLOW | SKIP` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EncryptionStrategy` Configuration that determines the encryption strategy of the destination log groups. CUSTOMER\$1MANAGED uses the configured KmsKeyArn to encrypt newly created destination log groups. *Required*: Yes *Type*: String *Allowed values*: `CUSTOMER_MANAGED | AWS_OWNED` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `KmsKeyArn` KMS Key ARN belonging to the primary destination account and region, to encrypt newly created central log groups in the primary destination. *Required*: No *Type*: String *Pattern*: `^arn:aws([a-z0-9\-]+)?:([a-zA-Z0-9\-]+):([a-z0-9\-]+)?:([0-9]{12})?:(.+)$` *Minimum*: `1` *Maximum*: `1011` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule SourceLogsConfiguration Configuration for selecting and handling source log groups for centralization. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DataSourceSelectionCriteria](#cfn-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration-datasourceselectioncriteria)" : String, "[EncryptedLogGroupStrategy](#cfn-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration-encryptedloggroupstrategy)" : String, "[LogGroupSelectionCriteria](#cfn-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration-loggroupselectioncriteria)" : String } ``` ### YAML ``` [DataSourceSelectionCriteria](#cfn-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration-datasourceselectioncriteria): String [EncryptedLogGroupStrategy](#cfn-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration-encryptedloggroupstrategy): String [LogGroupSelectionCriteria](#cfn-observabilityadmin-organizationcentralizationrule-sourcelogsconfiguration-loggroupselectioncriteria): String ``` ## Properties `DataSourceSelectionCriteria` The selection criteria that specifies which data sources to centralize. The selection criteria uses the same filter expression format as `LogGroupSelectionCriteria`, but operates on `DataSourceName` and `DataSourceType` operands. When both `LogGroupSelectionCriteria` and `DataSourceSelectionCriteria` are specified, a log event must match both criteria to be centralized. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `2000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EncryptedLogGroupStrategy` A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization. *Required*: Yes *Type*: String *Allowed values*: `ALLOW | SKIP` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LogGroupSelectionCriteria` The selection criteria that specifies which source log groups to centralize. The selection criteria uses the same format as OAM link filters. *Required*: No *Type*: String *Minimum*: `1` *Maximum*: `2000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ObservabilityAdmin::OrganizationCentralizationRule Tag A key-value pair to filter resources in the organization based on tags associated with the resource. Fore more information about tags, see [What are tags?](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/what-are-tags.html) ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-observabilityadmin-organizationcentralizationrule-tag-key)" : String, "[Value](#cfn-observabilityadmin-organizationcentralizationrule-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-observabilityadmin-organizationcentralizationrule-tag-key): String [Value](#cfn-observabilityadmin-organizationcentralizationrule-tag-value): String ``` ## Properties `Key` One part of a key-value pair that makes up a tag associated with the organization's centralization rule resource. A key is a general label that acts like a category for more specific tag values. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` One part of a key-value pair that make up a tag associated with the organization's centralization rule resource. A value acts as a descriptor within a tag category (key). The value can be empty or null. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)