@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Resource for managing an AWS WorkSpaces Web Session Logger. * * ## Example Usage * * ### Basic Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const exampleBucket = new aws.s3.Bucket("example", {bucket: "example-session-logs"}); * const example = aws.iam.getPolicyDocumentOutput({ * statements: [{ * effect: "Allow", * principals: [{ * type: "Service", * identifiers: ["workspaces-web.amazonaws.com"], * }], * actions: ["s3:PutObject"], * resources: [pulumi.interpolate`${exampleBucket.arn}/*`], * }], * }); * const exampleBucketPolicy = new aws.s3.BucketPolicy("example", { * bucket: exampleBucket.id, * policy: example.apply(example => example.json), * }); * const exampleSessionLogger = new aws.workspacesweb.SessionLogger("example", { * displayName: "example-session-logger", * eventFilter: { * all: {}, * }, * logConfiguration: { * s3: { * bucket: exampleBucket.id, * folderStructure: "Flat", * logFileFormat: "Json", * }, * }, * }, { * dependsOn: [exampleBucketPolicy], * }); * ``` * * ### Complete Configuration with KMS Encryption * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const exampleBucket = new aws.s3.Bucket("example", { * bucket: "example-session-logs", * forceDestroy: true, * }); * const example = aws.iam.getPolicyDocumentOutput({ * statements: [{ * effect: "Allow", * principals: [{ * type: "Service", * identifiers: ["workspaces-web.amazonaws.com"], * }], * actions: ["s3:PutObject"], * resources: [ * exampleBucket.arn, * pulumi.interpolate`${exampleBucket.arn}/*`, * ], * }], * }); * const exampleBucketPolicy = new aws.s3.BucketPolicy("example", { * bucket: exampleBucket.id, * policy: example.apply(example => example.json), * }); * const current = aws.getPartition({}); * const currentGetCallerIdentity = aws.getCallerIdentity({}); * const kmsKeyPolicy = Promise.all([current, currentGetCallerIdentity]).then(([current, currentGetCallerIdentity]) => aws.iam.getPolicyDocument({ * statements: [ * { * principals: [{ * type: "AWS", * identifiers: [`arn:${current.partition}:iam::${currentGetCallerIdentity.accountId}:root`], * }], * actions: ["kms:*"], * resources: ["*"], * }, * { * principals: [{ * type: "Service", * identifiers: ["workspaces-web.amazonaws.com"], * }], * actions: [ * "kms:Encrypt", * "kms:GenerateDataKey*", * "kms:ReEncrypt*", * "kms:Decrypt", * ], * resources: ["*"], * }, * ], * })); * const exampleKey = new aws.kms.Key("example", { * description: "KMS key for WorkSpaces Web Session Logger", * policy: kmsKeyPolicy.then(kmsKeyPolicy => kmsKeyPolicy.json), * }); * const exampleSessionLogger = new aws.workspacesweb.SessionLogger("example", { * displayName: "example-session-logger", * customerManagedKey: exampleKey.arn, * additionalEncryptionContext: { * Environment: "Production", * Application: "WorkSpacesWeb", * }, * eventFilter: { * includes: [ * "SessionStart", * "SessionEnd", * ], * }, * logConfiguration: { * s3: { * bucket: exampleBucket.id, * bucketOwner: currentGetCallerIdentity.then(currentGetCallerIdentity => currentGetCallerIdentity.accountId), * folderStructure: "NestedByDate", * keyPrefix: "workspaces-web-logs/", * logFileFormat: "JsonLines", * }, * }, * tags: { * Name: "example-session-logger", * Environment: "Production", * }, * }, { * dependsOn: [ * exampleBucketPolicy, * exampleKey, * ], * }); * ``` * * ## Import * * Using `pulumi import`, import WorkSpaces Web Session Logger using the `session_logger_arn`. For example: * * ```sh * $ pulumi import aws:workspacesweb/sessionLogger:SessionLogger example arn:aws:workspaces-web:us-west-2:123456789012:sessionLogger/session_logger-id-12345678 * ``` */ export declare class SessionLogger extends pulumi.CustomResource { /** * Get an existing SessionLogger resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SessionLoggerState, opts?: pulumi.CustomResourceOptions): SessionLogger; /** * Returns true if the given object is an instance of SessionLogger. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SessionLogger; /** * Map of additional encryption context key-value pairs. */ readonly additionalEncryptionContext: pulumi.Output<{ [key: string]: string; } | undefined>; /** * List of ARNs of the web portals associated with the session logger. */ readonly associatedPortalArns: pulumi.Output<string[]>; /** * ARN of the customer managed KMS key used to encrypt sensitive information. */ readonly customerManagedKey: pulumi.Output<string | undefined>; /** * Human-readable display name for the session logger resource. Forces replacement if changed. */ readonly displayName: pulumi.Output<string | undefined>; /** * Event filter that determines which events are logged. See Event Filter below. */ readonly eventFilter: pulumi.Output<outputs.workspacesweb.SessionLoggerEventFilter | undefined>; /** * Configuration block for specifying where logs are delivered. See Log Configuration below. * * The following arguments are optional: */ readonly logConfiguration: pulumi.Output<outputs.workspacesweb.SessionLoggerLogConfiguration | undefined>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * ARN of the session logger. */ readonly sessionLoggerArn: pulumi.Output<string>; /** * Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ readonly tagsAll: pulumi.Output<{ [key: string]: string; }>; /** * Create a SessionLogger resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: SessionLoggerArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SessionLogger resources. */ export interface SessionLoggerState { /** * Map of additional encryption context key-value pairs. */ additionalEncryptionContext?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * List of ARNs of the web portals associated with the session logger. */ associatedPortalArns?: pulumi.Input<pulumi.Input<string>[]>; /** * ARN of the customer managed KMS key used to encrypt sensitive information. */ customerManagedKey?: pulumi.Input<string>; /** * Human-readable display name for the session logger resource. Forces replacement if changed. */ displayName?: pulumi.Input<string>; /** * Event filter that determines which events are logged. See Event Filter below. */ eventFilter?: pulumi.Input<inputs.workspacesweb.SessionLoggerEventFilter>; /** * Configuration block for specifying where logs are delivered. See Log Configuration below. * * The following arguments are optional: */ logConfiguration?: pulumi.Input<inputs.workspacesweb.SessionLoggerLogConfiguration>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * ARN of the session logger. */ sessionLoggerArn?: pulumi.Input<string>; /** * Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; } /** * The set of arguments for constructing a SessionLogger resource. */ export interface SessionLoggerArgs { /** * Map of additional encryption context key-value pairs. */ additionalEncryptionContext?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * ARN of the customer managed KMS key used to encrypt sensitive information. */ customerManagedKey?: pulumi.Input<string>; /** * Human-readable display name for the session logger resource. Forces replacement if changed. */ displayName?: pulumi.Input<string>; /** * Event filter that determines which events are logged. See Event Filter below. */ eventFilter?: pulumi.Input<inputs.workspacesweb.SessionLoggerEventFilter>; /** * Configuration block for specifying where logs are delivered. See Log Configuration below. * * The following arguments are optional: */ logConfiguration?: pulumi.Input<inputs.workspacesweb.SessionLoggerLogConfiguration>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; }