Class LogGroupsConfig

SecurityConfig / CloudWatchConfig / LogGroupsConfig

CloudWatch log group configuration. Use this configuration to deploy CloudWatch log groups to your environment. You can also import existing log groups into your accelerator configuration. Log groups define groups of log streams that share the same retention, monitoring, and access control settings.

Example

CloudWatch Log Group that is using a CMK that is being managed by Landing Zone Accelerator on AWS.

- logGroupName: Log1
  logRetentionInDays: 365
  terminationProtected: true
  encryption:
    kmsKeyName: key1
  deploymentTargets:
    accounts:
      - Production

CloudWatch Log Group that uses the Landing Zone Accelerator on AWS CMK for CloudWatch Logs Groups.

- logGroupName: Log1
  logRetentionInDays: 365
  terminationProtected: true
  encryption:
    useLzaManagedKey: true
  deploymentTargets:
    organizationalUnits:
      - Infrastructure

CloudWatch Log Group that uses an existing KMS Key that's not managed by Landing Zone Accelerator on AWS.

- logGroupName: Log1
  logRetentionInDays: 365
  terminationProtected: true
  encryption:
    kmsKeyArn: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  deploymentTargets:
    accounts:
      - Production

Hierarchy

  • LogGroupsConfig

Implements

Constructors

constructor

Properties

deploymentTargets encryption logGroupName logRetentionInDays terminationProtected

Constructors

constructor

Properties

Readonly deploymentTargets

deploymentTargets: DeploymentTargets = ...

Deployment targets for CloudWatch Logs

See

DeploymentTargets

Readonly encryption

encryption: undefined | EncryptionConfig = undefined

(OPTIONAL) The encryption configuration of the AWS CloudWatch Logs Group.

Remarks

CAUTION: If importing an existing AWS CloudWatch Logs Group that has encryption enabled. If specifying the encryption configuration with any KMS parameter under the encryption configuration, Landing Zone Accelerator on AWS will associate a new key with the log group. The same situation is applied for a log group that is created by Landing Zone Accelerator on AWS where specifying a new KMS parameter will update the KMS key used to encrypt the log group. It is recommend to verify if any processes or applications are using the previous key, and has access to the new key before updating.

Readonly logGroupName

logGroupName: string = ''

Name of the CloudWatch log group

Remarks

If importing an existing log group, this must be the name of the group as it exists in your account.

Readonly logRetentionInDays

logRetentionInDays: 3653 = 3653

(OPTIONAL) How long, in days, the log contents will be retained.

To retain all logs, set this value to undefined.

Default

undefined

Readonly terminationProtected

terminationProtected: undefined | boolean = undefined

(OPTIONAL) Set this property to false if you would like the log group to be deleted if it is removed from the solution configuration file.

Default

true

Settings

Member Visibility

Theme

Generated using TypeDoc