UNPKG

@pulumi/awsx

Version:

[![Actions Status](https://github.com/pulumi/pulumi-awsx/workflows/master/badge.svg)](https://github.com/pulumi/pulumi-awsx/actions) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fur

pulumi.com

pulumi/pulumi-awsx

75 lines 3.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
"use strict"; // Copyright 2016-2018, Pulumi Corporation. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. Object.defineProperty(exports, "__esModule", { value: true }); exports.Trail = void 0; const aws = require("@pulumi/aws"); const pulumi = require("@pulumi/pulumi"); class Trail extends pulumi.ComponentResource { /** * Create a Trail resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name, args, opts) { super("aws:cloudtrail:x:Trail", name, {}, opts); let bucketName; if (args.s3BucketName !== undefined) { bucketName = pulumi.output(args.s3BucketName); } else { this.bucket = bucketWithCloudTrailPolicy(name, this); bucketName = this.bucket.id; } let cloudWatchLogGroupArn = undefined; if (args.sendToCloudWatchLogs) { this.logGroup = new aws.cloudwatch.LogGroup(name, args.cloudWatchLogGroupArgs, { parent: this }); cloudWatchLogGroupArn = pulumi.interpolate `${this.logGroup.arn}:*`; } const trailArgs = { s3BucketName: bucketName, cloudWatchLogGroupArn: cloudWatchLogGroupArn, ...args, }; this.trail = new aws.cloudtrail.Trail(name, trailArgs, { parent: this }); } } exports.Trail = Trail; function bucketWithCloudTrailPolicy(name, parent) { const bucket = new aws.s3.Bucket(name, {}, { parent: parent }); const policy = new aws.s3.BucketPolicy(name, { bucket: bucket.id, policy: { Version: "2012-10-17", Statement: [{ Sid: "AWSCloudTrailAclCheck", Effect: "Allow", Principal: aws.iam.Principals.CloudtrailPrincipal, Action: ["s3:GetBucketAcl"], Resource: [bucket.arn], }, { Sid: "AWSCloudTrailWrite", Effect: "Allow", Principal: { Service: "cloudtrail.amazonaws.com" }, Action: ["s3:PutObject"], Resource: [pulumi.interpolate `${bucket.arn}/*`], Condition: { StringEquals: { "s3:x-amz-acl": "bucket-owner-full-control" } }, }], }, }, { parent: parent }); return bucket; } //# sourceMappingURL=trail.js.map