get
Generates a CloudWatch Log Group Data Protection Policy document in JSON format for use with the aws.cloudwatch.LogDataProtectionPolicy resource.
For more information about data protection policies, see the Help protect sensitive log data with masking.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.CloudwatchFunctions;
import com.pulumi.aws.cloudwatch.inputs.GetLogDataProtectionPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogDataProtectionPolicy;
import com.pulumi.aws.cloudwatch.LogDataProtectionPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleLogDataProtectionPolicyDocument = CloudwatchFunctions.getLogDataProtectionPolicyDocument(GetLogDataProtectionPolicyDocumentArgs.builder()
.name("Example")
.statements(
GetLogDataProtectionPolicyDocumentStatementArgs.builder()
.sid("Audit")
.dataIdentifiers(
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US")
.operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()
.audit(GetLogDataProtectionPolicyDocumentStatementOperationAuditArgs.builder()
.findingsDestination(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationArgs.builder()
.cloudwatchLogs(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationCloudwatchLogsArgs.builder()
.logGroup(aws_cloudwatch_log_group.audit().name())
.build())
.firehose(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationFirehoseArgs.builder()
.deliveryStream(aws_kinesis_firehose_delivery_stream.audit().name())
.build())
.s3(GetLogDataProtectionPolicyDocumentStatementOperationAuditFindingsDestinationS3Args.builder()
.bucket(aws_s3_bucket.audit().bucket())
.build())
.build())
.build())
.build())
.build(),
GetLogDataProtectionPolicyDocumentStatementArgs.builder()
.sid("Deidentify")
.dataIdentifiers(
"arn:aws:dataprotection::aws:data-identifier/EmailAddress",
"arn:aws:dataprotection::aws:data-identifier/DriversLicense-US")
.operation(GetLogDataProtectionPolicyDocumentStatementOperationArgs.builder()
.deidentify(GetLogDataProtectionPolicyDocumentStatementOperationDeidentifyArgs.builder()
.maskConfig()
.build())
.build())
.build())
.build());
var exampleLogDataProtectionPolicy = new LogDataProtectionPolicy("exampleLogDataProtectionPolicy", LogDataProtectionPolicyArgs.builder()
.logGroupName(aws_cloudwatch_log_group.example().name())
.policyDocument(exampleLogDataProtectionPolicyDocument.applyValue(getLogDataProtectionPolicyDocumentResult -> getLogDataProtectionPolicyDocumentResult.json()))
.build());
}
}Return
A collection of values returned by getLogDataProtectionPolicyDocument.
Parameters
A collection of arguments for invoking getLogDataProtectionPolicyDocument.
Return
A collection of values returned by getLogDataProtectionPolicyDocument.
Parameters
The name of the data protection policy document.
Configures the data protection policy.
There must be exactly two statements: the first with an
auditoperation, and the second with adeidentifyoperation. The following arguments are optional:
See also
Return
A collection of values returned by getLogDataProtectionPolicyDocument.
Parameters
Builder for com.pulumi.aws.cloudwatch.kotlin.inputs.GetLogDataProtectionPolicyDocumentPlainArgs.