pulumi-aws-kotlin/com.pulumi.aws.directoryservice.kotlin/LogServiceArgs

LogServiceArgs

data class LogServiceArgs(val directoryId: Output<String>? = null, val logGroupName: Output<String>? = null) : ConvertibleToJava<LogServiceArgs>

Provides a Log subscription for AWS Directory Service that pushes logs to cloudwatch.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudwatch.LogGroup;
import com.pulumi.aws.cloudwatch.LogGroupArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.cloudwatch.LogResourcePolicy;
import com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;
import com.pulumi.aws.directoryservice.LogService;
import com.pulumi.aws.directoryservice.LogServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleLogGroup = new LogGroup("exampleLogGroup", LogGroupArgs.builder()
            .retentionInDays(14)
            .build());
        final var ad-log-policyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions(
                    "logs:CreateLogStream",
                    "logs:PutLogEvents")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("ds.amazonaws.com")
                    .type("Service")
                    .build())
                .resources(exampleLogGroup.arn().applyValue(arn -> String.format("%s:*", arn)))
                .effect("Allow")
                .build())
            .build());
        var ad_log_policyLogResourcePolicy = new LogResourcePolicy("ad-log-policyLogResourcePolicy", LogResourcePolicyArgs.builder()
            .policyDocument(ad_log_policyPolicyDocument.applyValue(ad_log_policyPolicyDocument -> ad_log_policyPolicyDocument.json()))
            .policyName("ad-log-policy")
            .build());
        var exampleLogService = new LogService("exampleLogService", LogServiceArgs.builder()
            .directoryId(aws_directory_service_directory.example().id())
            .logGroupName(exampleLogGroup.name())
            .build());
    }
}
Content copied to clipboard

Import

Directory Service Log Subscriptions can be imported using the directory id, e.g.,

$ pulumi import aws:directoryservice/logService:LogService msad d-1234567890
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(directoryId: Output<String>? = null, logGroupName: Output<String>? = null)

Properties

Link copied to clipboard
val directoryId: Output<String>? = null

ID of directory.

Link copied to clipboard
val logGroupName: Output<String>? = null

Name of the cloudwatch log group to which the logs should be published. The log group should be already created and the directory service principal should be provided with required permission to create stream and publish logs. Changing this value would delete the current subscription and create a new one. A directory can only have one log subscription at a time.

Functions

Link copied to clipboard
open override fun toJava(): LogServiceArgs