LogGroupProps

class aws_cdk.aws_logs.LogGroupProps(*, encryption_key=None, log_group_name=None, removal_policy=None, retention=None)

Bases: object

Properties for a LogGroup.

Parameters:

  • encryption_key (Optional[IKey]) – The KMS Key to encrypt the log group with. Default: - log group is encrypted with the default master key

  • log_group_name (Optional[str]) – Name of the log group. Default: Automatically generated

  • removal_policy (Optional[RemovalPolicy]) – Determine the removal policy of this log group. Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs. Default: RemovalPolicy.Retain

  • retention (Optional[RetentionDays]) – How long, in days, the log contents will be retained. To retain all logs, set this value to RetentionDays.INFINITE. Default: RetentionDays.TWO_YEARS

ExampleMetadata:

infused

Example:

# vpc: ec2.Vpc

kms_key = kms.Key(self, "KmsKey")

# Pass the KMS key in the `encryptionKey` field to associate the key to the log group
log_group = logs.LogGroup(self, "LogGroup",
    encryption_key=kms_key
)

# Pass the KMS key in the `encryptionKey` field to associate the key to the S3 bucket
exec_bucket = s3.Bucket(self, "EcsExecBucket",
    encryption_key=kms_key
)

cluster = ecs.Cluster(self, "Cluster",
    vpc=vpc,
    execute_command_configuration=ecs.ExecuteCommandConfiguration(
        kms_key=kms_key,
        log_configuration=ecs.ExecuteCommandLogConfiguration(
            cloud_watch_log_group=log_group,
            cloud_watch_encryption_enabled=True,
            s3_bucket=exec_bucket,
            s3_encryption_enabled=True,
            s3_key_prefix="exec-command-output"
        ),
        logging=ecs.ExecuteCommandLogging.OVERRIDE
    )
)

Attributes

encryption_key

The KMS Key to encrypt the log group with.

Default:

  • log group is encrypted with the default master key

log_group_name

Name of the log group.

Default:

Automatically generated

removal_policy

Determine the removal policy of this log group.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

Default:

RemovalPolicy.Retain

retention

How long, in days, the log contents will be retained.

To retain all logs, set this value to RetentionDays.INFINITE.

Default:

RetentionDays.TWO_YEARS