Class CentralLogBucketConfig

GlobalConfig / LoggingConfig / CentralLogBucketConfig

Accelerator global S3 central logging configuration

Example

centralLogBucket:
  applyAcceleratorManagedPolicy: true
  lifecycleRules:
    - enabled: true
      id: CentralLifecycleRule-01
      abortIncompleteMultipartUpload: 14
      expiration: 3563
      expiredObjectDeleteMarker: false
      noncurrentVersionExpiration: 3653
      noncurrentVersionTransitions:
        - storageClass: GLACIER
          transitionAfter: 365
      transitions:
        - storageClass: GLACIER
          transitionAfter: 365
      prefix: PREFIX
    - enabled: true
      id: CentralLifecycleRule-02
      abortIncompleteMultipartUpload: 14
      expiredObjectDeleteMarker: true
      noncurrentVersionExpiration: 3653
      noncurrentVersionTransitions:
        - storageClass: GLACIER
          transitionAfter: 365
      transitions:
        - storageClass: GLACIER
          transitionAfter: 365
      prefix: PREFIX
  s3ResourcePolicyAttachments:
    - policy: s3-policies/policy1.json
  kmsResourcePolicyAttachments:
    - policy: kms-policies/policy1.json
  importedBucket:
    name: central-log-bucket
    applyAcceleratorManagedBucketPolicy: true
    createAcceleratorManagedKey: false

Hierarchy

  • CentralLogBucketConfig

Implements

Constructors

constructor

Properties

customPolicyOverrides importedBucket kmsResourcePolicyAttachments lifecycleRules s3ResourcePolicyAttachments

Constructors

constructor

Properties

Readonly customPolicyOverrides

customPolicyOverrides: undefined | CustomS3ResourceAndKmsPolicyOverridesConfig = undefined

Custom policy overrides configuration.

Remarks

Use this configuration to provide JSON string policy file for bucket resource policy and KMS key policy. Bucket resource policy and kms key policy will be over written by content of this file, so when using these option policy files must contain complete policy document. When customPolicyOverrides.s3Policy defined importedBucket.applyAcceleratorManagedBucketPolicy can not be set to true also s3ResourcePolicyAttachments property can not be defined. When customPolicyOverrides.kmsPolicy defined kmsResourcePolicyAttachments property can not be defined.

Use the following configuration to apply custom bucket resource policy and KMS policy overrides through policy JSON file.

customPolicyOverrides:
  s3Policy: path/to/policy.json
  kmsPolicy: kms/full-central-logs-bucket-key-policy.json

Default

undefined

Readonly importedBucket

importedBucket: undefined | ImportedCustomerManagedEncryptionKeyBucketConfig = undefined

Imported bucket configuration.

Remarks

Use this configuration when accelerator will import existing CentralLogs bucket.

Use the following configuration to imported CentralLogs bucket, manage bucket resource policy and kms policy through solution.

importedBucket:
   name: existing-central-log-bucket
   applyAcceleratorManagedBucketPolicy: true
   createAcceleratorManagedKey: true

Default

undefined

Readonly kmsResourcePolicyAttachments

kmsResourcePolicyAttachments: undefined | {
    policy: string;
}[] = undefined

JSON policy files.

Remarks

Policy statements from these files will be added to the bucket encryption key policy. This property can not be used when customPolicyOverrides.kmsPolicy property has value. When imported CentralLogs bucket used with createAcceleratorManagedKey set to false, this property can not have any value.

Readonly lifecycleRules

lifecycleRules: undefined | LifeCycleRule[] = undefined

Declaration of (S3 Bucket) Lifecycle rules. Configure additional resource policy attachments

Readonly s3ResourcePolicyAttachments

s3ResourcePolicyAttachments: undefined | {
    policy: string;
}[] = undefined

JSON policy files.

Remarks

Policy statements from these files will be added to the bucket resource policy. This property can not be used when customPolicyOverrides.s3Policy property has value.

Note: When Block Public Access is enabled for S3 on the AWS account, you can't specify a policy that would make the S3 Bucket public.

Settings

Member Visibility

Theme

Generated using TypeDoc