Realtime
Provides a CloudFront real-time log configuration resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["cloudfront.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const exampleRole = new aws.iam.Role("example", {
name: "cloudfront-realtime-log-config-example",
assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const example = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: [
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
],
resources: [exampleAwsKinesisStream.arn],
}],
});
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
name: "cloudfront-realtime-log-config-example",
role: exampleRole.id,
policy: example.then(example => example.json),
});
const exampleRealtimeLogConfig = new aws.cloudfront.RealtimeLogConfig("example", {
name: "example",
samplingRate: 75,
fields: [
"timestamp",
"c-ip",
],
endpoint: {
streamType: "Kinesis",
kinesisStreamConfig: {
roleArn: exampleRole.arn,
streamArn: exampleAwsKinesisStream.arn,
},
},
}, {
dependsOn: [exampleRolePolicy],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["cloudfront.amazonaws.com"],
)],
actions=["sts:AssumeRole"],
)])
example_role = aws.iam.Role("example",
name="cloudfront-realtime-log-config-example",
assume_role_policy=assume_role.json)
example = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=[
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
],
resources=[example_aws_kinesis_stream["arn"]],
)])
example_role_policy = aws.iam.RolePolicy("example",
name="cloudfront-realtime-log-config-example",
role=example_role.id,
policy=example.json)
example_realtime_log_config = aws.cloudfront.RealtimeLogConfig("example",
name="example",
sampling_rate=75,
fields=[
"timestamp",
"c-ip",
],
endpoint=aws.cloudfront.RealtimeLogConfigEndpointArgs(
stream_type="Kinesis",
kinesis_stream_config=aws.cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs(
role_arn=example_role.arn,
stream_arn=example_aws_kinesis_stream["arn"],
),
),
opts=pulumi.ResourceOptions(depends_on=[example_role_policy]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"cloudfront.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var exampleRole = new Aws.Iam.Role("example", new()
{
Name = "cloudfront-realtime-log-config-example",
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
},
Resources = new[]
{
exampleAwsKinesisStream.Arn,
},
},
},
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("example", new()
{
Name = "cloudfront-realtime-log-config-example",
Role = exampleRole.Id,
Policy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleRealtimeLogConfig = new Aws.CloudFront.RealtimeLogConfig("example", new()
{
Name = "example",
SamplingRate = 75,
Fields = new[]
{
"timestamp",
"c-ip",
},
Endpoint = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointArgs
{
StreamType = "Kinesis",
KinesisStreamConfig = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs
{
RoleArn = exampleRole.Arn,
StreamArn = exampleAwsKinesisStream.Arn,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleRolePolicy,
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"cloudfront.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil);
if err != nil {
return err
}
exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
Name: pulumi.String("cloudfront-realtime-log-config-example"),
AssumeRolePolicy: pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
},
Resources: interface{}{
exampleAwsKinesisStream.Arn,
},
},
},
}, nil);
if err != nil {
return err
}
exampleRolePolicy, err := iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{
Name: pulumi.String("cloudfront-realtime-log-config-example"),
Role: exampleRole.ID(),
Policy: pulumi.String(example.Json),
})
if err != nil {
return err
}
_, err = cloudfront.NewRealtimeLogConfig(ctx, "example", &cloudfront.RealtimeLogConfigArgs{
Name: pulumi.String("example"),
SamplingRate: pulumi.Int(75),
Fields: pulumi.StringArray{
pulumi.String("timestamp"),
pulumi.String("c-ip"),
},
Endpoint: &cloudfront.RealtimeLogConfigEndpointArgs{
StreamType: pulumi.String("Kinesis"),
KinesisStreamConfig: &cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs{
RoleArn: exampleRole.Arn,
StreamArn: pulumi.Any(exampleAwsKinesisStream.Arn),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleRolePolicy,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.cloudfront.RealtimeLogConfig;
import com.pulumi.aws.cloudfront.RealtimeLogConfigArgs;
import com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointArgs;
import com.pulumi.aws.cloudfront.inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("cloudfront.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var exampleRole = new Role("exampleRole", RoleArgs.builder()
.name("cloudfront-realtime-log-config-example")
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStream",
"kinesis:PutRecord",
"kinesis:PutRecords")
.resources(exampleAwsKinesisStream.arn())
.build())
.build());
var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()
.name("cloudfront-realtime-log-config-example")
.role(exampleRole.id())
.policy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var exampleRealtimeLogConfig = new RealtimeLogConfig("exampleRealtimeLogConfig", RealtimeLogConfigArgs.builder()
.name("example")
.samplingRate(75)
.fields(
"timestamp",
"c-ip")
.endpoint(RealtimeLogConfigEndpointArgs.builder()
.streamType("Kinesis")
.kinesisStreamConfig(RealtimeLogConfigEndpointKinesisStreamConfigArgs.builder()
.roleArn(exampleRole.arn())
.streamArn(exampleAwsKinesisStream.arn())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleRolePolicy)
.build());
}
}Content copied to clipboard
resources:
exampleRole:
type: aws:iam:Role
name: example
properties:
name: cloudfront-realtime-log-config-example
assumeRolePolicy: ${assumeRole.json}
exampleRolePolicy:
type: aws:iam:RolePolicy
name: example
properties:
name: cloudfront-realtime-log-config-example
role: ${exampleRole.id}
policy: ${example.json}
exampleRealtimeLogConfig:
type: aws:cloudfront:RealtimeLogConfig
name: example
properties:
name: example
samplingRate: 75
fields:
- timestamp
- c-ip
endpoint:
streamType: Kinesis
kinesisStreamConfig:
roleArn: ${exampleRole.arn}
streamArn: ${exampleAwsKinesisStream.arn}
options:
dependson:
- ${exampleRolePolicy}
variables:
assumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- cloudfront.amazonaws.com
actions:
- sts:AssumeRole
example:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- kinesis:DescribeStreamSummary
- kinesis:DescribeStream
- kinesis:PutRecord
- kinesis:PutRecords
resources:
- ${exampleAwsKinesisStream.arn}Content copied to clipboard
Import
Using pulumi import, import CloudFront real-time log configurations using the ARN. For example:
$ pulumi import aws:cloudfront/realtimeLogConfig:RealtimeLogConfig example arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfigContent copied to clipboard
Properties
Link copied to clipboard
The fields that are included in each real-time log record. See the AWS documentation for supported values.