/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { namespace CloudWatchLogs { namespace Model { /** */ class PutAccountPolicyRequest : public CloudWatchLogsRequest { public: AWS_CLOUDWATCHLOGS_API PutAccountPolicyRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "PutAccountPolicy"; } AWS_CLOUDWATCHLOGS_API Aws::String SerializePayload() const override; AWS_CLOUDWATCHLOGS_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

A name for the policy. This must be unique within the account.

*/ inline const Aws::String& GetPolicyName() const{ return m_policyName; } /** *

A name for the policy. This must be unique within the account.

*/ inline bool PolicyNameHasBeenSet() const { return m_policyNameHasBeenSet; } /** *

A name for the policy. This must be unique within the account.

*/ inline void SetPolicyName(const Aws::String& value) { m_policyNameHasBeenSet = true; m_policyName = value; } /** *

A name for the policy. This must be unique within the account.

*/ inline void SetPolicyName(Aws::String&& value) { m_policyNameHasBeenSet = true; m_policyName = std::move(value); } /** *

A name for the policy. This must be unique within the account.

*/ inline void SetPolicyName(const char* value) { m_policyNameHasBeenSet = true; m_policyName.assign(value); } /** *

A name for the policy. This must be unique within the account.

*/ inline PutAccountPolicyRequest& WithPolicyName(const Aws::String& value) { SetPolicyName(value); return *this;} /** *

A name for the policy. This must be unique within the account.

*/ inline PutAccountPolicyRequest& WithPolicyName(Aws::String&& value) { SetPolicyName(std::move(value)); return *this;} /** *

A name for the policy. This must be unique within the account.

*/ inline PutAccountPolicyRequest& WithPolicyName(const char* value) { SetPolicyName(value); return *this;} /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

In addition to the two JSON blocks, the * policyDocument can also include Name, * Description, and Version fields. The Name * is different than the operation's policyName parameter, and is used * as a dimension when CloudWatch Logs reports audit findings metrics to * CloudWatch.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline const Aws::String& GetPolicyDocument() const{ return m_policyDocument; } /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline bool PolicyDocumentHasBeenSet() const { return m_policyDocumentHasBeenSet; } /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline void SetPolicyDocument(const Aws::String& value) { m_policyDocumentHasBeenSet = true; m_policyDocument = value; } /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline void SetPolicyDocument(Aws::String&& value) { m_policyDocumentHasBeenSet = true; m_policyDocument = std::move(value); } /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline void SetPolicyDocument(const char* value) { m_policyDocumentHasBeenSet = true; m_policyDocument.assign(value); } /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline PutAccountPolicyRequest& WithPolicyDocument(const Aws::String& value) { SetPolicyDocument(value); return *this;} /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline PutAccountPolicyRequest& WithPolicyDocument(Aws::String&& value) { SetPolicyDocument(std::move(value)); return *this;} /** *

Specify the policy, in JSON.

Data protection policy

A * data protection policy must include two JSON blocks:

The first * block must include both a DataIdentifer array and an * Operation property with an Audit action. The * DataIdentifer array lists the types of sensitive data that you want * to mask. For more information about the available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

The JSON specified in policyDocument can be up * to 30,720 characters long.

Subscription filter policy

A * subscription filter policy can include the following attributes in a JSON * block:

DestinationArn The ARN of the destination to * deliver log events to. Supported destinations are:
- An Kinesis * Data Streams data stream in the same account as the subscription policy, for * same-account delivery.
- An Firehose data stream in the same * account as the subscription policy, for same-account delivery.
- *
  A Lambda function in the same account as the subscription policy, for * same-account delivery.
- A logical destination in a different * account created with PutDestination, * for cross-account delivery. Kinesis Data Streams and Firehose are supported as * logical destinations.
RoleArn The ARN of * an IAM role that grants CloudWatch Logs permissions to deliver ingested log * events to the destination stream. You don't need to provide the ARN when you are * working with a logical destination for cross-account delivery.
*
FilterPattern A filter pattern for subscribing to a filtered stream * of log events.
DistributionThe method used to * distribute log data to the destination. By default, log data is grouped by log * stream, but the grouping can be set to Random for a more even * distribution. This property is only applicable when the destination is an * Kinesis Data Streams data stream.

*/ inline PutAccountPolicyRequest& WithPolicyDocument(const char* value) { SetPolicyDocument(value); return *this;} /** *

The type of policy that you're creating or updating.

*/ inline const PolicyType& GetPolicyType() const{ return m_policyType; } /** *

The type of policy that you're creating or updating.

*/ inline bool PolicyTypeHasBeenSet() const { return m_policyTypeHasBeenSet; } /** *

The type of policy that you're creating or updating.

*/ inline void SetPolicyType(const PolicyType& value) { m_policyTypeHasBeenSet = true; m_policyType = value; } /** *

The type of policy that you're creating or updating.

*/ inline void SetPolicyType(PolicyType&& value) { m_policyTypeHasBeenSet = true; m_policyType = std::move(value); } /** *

The type of policy that you're creating or updating.

*/ inline PutAccountPolicyRequest& WithPolicyType(const PolicyType& value) { SetPolicyType(value); return *this;} /** *

The type of policy that you're creating or updating.

*/ inline PutAccountPolicyRequest& WithPolicyType(PolicyType&& value) { SetPolicyType(std::move(value)); return *this;} /** *

Currently the only valid value for this parameter is ALL, which * specifies that the data protection policy applies to all log groups in the * account. If you omit this parameter, the default of ALL is * used.

*/ inline const Scope& GetScope() const{ return m_scope; } /** *

*/ inline bool ScopeHasBeenSet() const { return m_scopeHasBeenSet; } /** *

*/ inline void SetScope(const Scope& value) { m_scopeHasBeenSet = true; m_scope = value; } /** *

*/ inline void SetScope(Scope&& value) { m_scopeHasBeenSet = true; m_scope = std::move(value); } /** *

*/ inline PutAccountPolicyRequest& WithScope(const Scope& value) { SetScope(value); return *this;} /** *

*/ inline PutAccountPolicyRequest& WithScope(Scope&& value) { SetScope(std::move(value)); return *this;} /** *

Use this parameter to apply the subscription filter policy to a subset of log * groups in the account. Currently, the only supported filter is * LogGroupName NOT IN []. The selectionCriteria string * can be up to 25KB in length. The length is determined by using its UTF-8 * bytes.

Using the selectionCriteria parameter is useful to * help prevent infinite loops. For more information, see Log * recursion prevention.