Class: Aws::CloudWatchLogs::Types::PutDataProtectionPolicyRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-cloudwatchlogs/types.rb

Overview

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#log_group_identifierString

Specify either the log group name or log group ARN.

Returns:

  • (String)


5210
5211
5212
5213
5214
5215
# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 5210

class PutDataProtectionPolicyRequest < Struct.new(
  :log_group_identifier,
  :policy_document)
  SENSITIVE = []
  include Aws::Structure
end

#policy_documentString

Specify the data protection policy, in JSON.

This policy must include two JSON blocks:

  • The first block must include both a ‘DataIdentifer` array and an `Operation` property with an `Audit` action. The `DataIdentifer` array lists the types of sensitive data that you want to mask. For more information about the available options, see [Types of data that you can mask].

    The ‘Operation` property with an `Audit` action is required to find the sensitive data terms. This `Audit` action must contain a `FindingsDestination` object. You can optionally use that `FindingsDestination` object to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.

  • The second block must include both a ‘DataIdentifer` array and an `Operation` property with an `Deidentify` action. The `DataIdentifer` array must exactly match the `DataIdentifer` array in the first block of the policy.

    The ‘Operation` property with the `Deidentify` action is what actually masks the data, and it must contain the ` “MaskConfig”: {}` object. The ` “MaskConfig”: {}` object must be empty.

For an example data protection policy, see the Examples section on this page.

The contents of the two ‘DataIdentifer` arrays must match exactly.

In addition to the two JSON blocks, the ‘policyDocument` can also include `Name`, `Description`, and `Version` fields. The `Name` is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.

The JSON specified in ‘policyDocument` can be up to 30,720 characters.

[1]: docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html

Returns:

  • (String)


5210
5211
5212
5213
5214
5215
# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 5210

class PutDataProtectionPolicyRequest < Struct.new(
  :log_group_identifier,
  :policy_document)
  SENSITIVE = []
  include Aws::Structure
end