Class: Aws::CloudWatchLogs::Types::PutDataProtectionPolicyRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::CloudWatchLogs::Types::PutDataProtectionPolicyRequest
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-cloudwatchlogs/types.rb
Overview
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#log_group_identifier ⇒ String
Specify either the log group name or log group ARN.
-
#policy_document ⇒ String
Specify the data protection policy, in JSON.
Instance Attribute Details
#log_group_identifier ⇒ String
Specify either the log group name or log group ARN.
5210 5211 5212 5213 5214 5215 |
# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 5210 class PutDataProtectionPolicyRequest < Struct.new( :log_group_identifier, :policy_document) SENSITIVE = [] include Aws::Structure end |
#policy_document ⇒ String
Specify the data protection policy, in JSON.
This policy must include two JSON blocks:
-
The first block must include both a ‘DataIdentifer` array and an `Operation` property with an `Audit` action. The `DataIdentifer` array lists the types of sensitive data that you want to mask. For more information about the available options, see [Types of data that you can mask].
The ‘Operation` property with an `Audit` action is required to find the sensitive data terms. This `Audit` action must contain a `FindingsDestination` object. You can optionally use that `FindingsDestination` object to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.
-
The second block must include both a ‘DataIdentifer` array and an `Operation` property with an `Deidentify` action. The `DataIdentifer` array must exactly match the `DataIdentifer` array in the first block of the policy.
The ‘Operation` property with the `Deidentify` action is what actually masks the data, and it must contain the ` “MaskConfig”: {}` object. The ` “MaskConfig”: {}` object must be empty.
For an example data protection policy, see the Examples section on this page.
The contents of the two ‘DataIdentifer` arrays must match exactly.
In addition to the two JSON blocks, the ‘policyDocument` can also include `Name`, `Description`, and `Version` fields. The `Name` is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.
The JSON specified in ‘policyDocument` can be up to 30,720 characters.
[1]: docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
5210 5211 5212 5213 5214 5215 |
# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 5210 class PutDataProtectionPolicyRequest < Struct.new( :log_group_identifier, :policy_document) SENSITIVE = [] include Aws::Structure end |