Interface CfnAccountPolicyProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnAccountPolicyProps.Jsii$Proxy
CfnAccountPolicy.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.logs.*;
CfnAccountPolicyProps cfnAccountPolicyProps = CfnAccountPolicyProps.builder()
.policyDocument("policyDocument")
.policyName("policyName")
.policyType("policyType")
// the properties below are optional
.scope("scope")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnAccountPolicyPropsstatic final classAn implementation forCfnAccountPolicyProps -
Method Summary
Modifier and TypeMethodDescriptionbuilder()Specify the data protection policy, in JSON.A name for the policy.Currently the only valid value for this parameter isDATA_PROTECTION_POLICY.default StringgetScope()Currently the only valid value for this parameter isALL, which specifies that the data protection policy applies to all log groups in the account.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getPolicyDocument
Specify the data protection policy, in JSON.This policy must include two JSON blocks:
- The first block must include both a
DataIdentiferarray and anOperationproperty with anAuditaction. TheDataIdentiferarray lists the types of sensitive data that you want to mask. For more information about the available options, see Types of data that you can mask .
The
Operationproperty with anAuditaction is required to find the sensitive data terms. ThisAuditaction must contain aFindingsDestinationobject. You can optionally use thatFindingsDestinationobject to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Kinesis Data Firehose streams, and S3 buckets, they must already exist.- The second block must include both a
DataIdentiferarray and anOperationproperty with anDeidentifyaction. TheDataIdentiferarray must exactly match theDataIdentiferarray in the first block of the policy.
The
Operationproperty with theDeidentifyaction is what actually masks the data, and it must contain the"MaskConfig": {}object. The"MaskConfig": {}object must be empty.The contents of the two
DataIdentiferarrays must match exactly.- See Also:
- The first block must include both a
-
getPolicyName
A name for the policy.This must be unique within the account.
- See Also:
-
getPolicyType
Currently the only valid value for this parameter isDATA_PROTECTION_POLICY.- See Also:
-
getScope
Currently the only valid value for this parameter isALL, which specifies that the data protection policy applies to all log groups in the account.If you omit this parameter, the default of
ALLis used.- See Also:
-
builder
- Returns:
- a
CfnAccountPolicyProps.BuilderofCfnAccountPolicyProps
-