UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

275 lines (274 loc) 15.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * Creates an *investigation group* in your account. * * Creating an investigation group is a one-time setup task for each Region in your account. It is a necessary task to be able to perform investigations. * * Settings in the investigation group help you centrally manage the common properties of your investigations, such as the following: * * - Who can access the investigations * - Whether investigation data is encrypted with a customer managed AWS Key Management Service key. * - How long investigations and their data are retained by default. * * Currently, you can have one investigation group in each Region in your account. Each investigation in a Region is a part of the investigation group in that Region * * To create an investigation group and set up CloudWatch investigations, you must be signed in to an IAM principal that has either the `AIOpsConsoleAdminPolicy` or the `AdministratorAccess` IAM policy attached, or to an account that has similar permissions. * * > You can configure CloudWatch alarms to start investigations and add events to investigations. If you create your investigation group with `CreateInvestigationGroup` and you want to enable alarms to do this, you must use `PutInvestigationGroupPolicy` to create a resource policy that grants this permission to CloudWatch alarms. * > * > For more information about configuring CloudWatch alarms, see [Using Amazon CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) * * @cloudformationResource AWS::AIOps::InvestigationGroup * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html */ export declare class CfnInvestigationGroup extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnInvestigationGroup from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnInvestigationGroup; /** * The Amazon Resource Name (ARN) of the investigation group. * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The date and time that the investigation group was created. * * @cloudformationAttribute CreatedAt */ readonly attrCreatedAt: string; /** * The name of the user who created the investigation group. * * @cloudformationAttribute CreatedBy */ readonly attrCreatedBy: string; /** * The date and time that the investigation group was most recently modified. * * @cloudformationAttribute LastModifiedAt */ readonly attrLastModifiedAt: string; /** * The name of the user who created the investigation group. * * @cloudformationAttribute LastModifiedBy */ readonly attrLastModifiedBy: string; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * Use this property to integrate CloudWatch investigations with chat applications. */ chatbotNotificationChannels?: Array<CfnInvestigationGroup.ChatbotNotificationChannelProperty | cdk.IResolvable> | cdk.IResolvable; /** * List of `sourceRoleArn` values that have been configured for cross-account access. */ crossAccountConfigurations?: Array<CfnInvestigationGroup.CrossAccountConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies the customer managed AWS KMS key that the investigation group uses to encrypt data, if there is one. */ encryptionConfig?: CfnInvestigationGroup.EncryptionConfigMapProperty | cdk.IResolvable; /** * Returns the JSON of the IAM resource policy associated with the specified investigation group in a string. */ investigationGroupPolicy?: string; /** * Specify `true` to enable CloudWatch investigations to have access to change events that are recorded by CloudTrail. */ isCloudTrailEventHistoryEnabled?: boolean | cdk.IResolvable; /** * Specify either the name or the ARN of the investigation group that you want to view. */ name: string; /** * Specifies how long that investigation data is kept. */ retentionInDays?: number; /** * The ARN of the IAM role that the investigation group uses for permissions to gather data. */ roleArn?: string; /** * Displays the custom tag keys for custom applications in your system that you have specified in the investigation group. */ tagKeyBoundaries?: Array<string>; /** * The list of key-value pairs to associate with the resource. */ tags?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnInvestigationGroupProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnInvestigationGroup { /** * Use this structure if you want to use a customer managed AWS KMS key to encrypt your investigation data. * * If you omit this parameter, CloudWatch investigations will use an AWS key to encrypt the data. For more information, see [Encryption of investigation data](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Investigations-Security.html#Investigations-KMS) . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-encryptionconfigmap.html */ interface EncryptionConfigMapProperty { /** * Displays whether investigation data is encrypted by a customer managed key or an AWS owned key. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-encryptionconfigmap.html#cfn-aiops-investigationgroup-encryptionconfigmap-encryptionconfigurationtype */ readonly encryptionConfigurationType?: string; /** * If the investigation group uses a customer managed key for encryption, this field displays the ID of that key. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-encryptionconfigmap.html#cfn-aiops-investigationgroup-encryptionconfigmap-kmskeyid */ readonly kmsKeyId?: string; } /** * Use this structure to integrate CloudWatch investigations with chat applications. * * This structure is a string array. For the first string, specify the ARN of an Amazon SNS topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see [Getting started with Amazon Q in chat applications](https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html) and [Resource type defined by AWS Chatbot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awschatbot.html#awschatbot-resources-for-iam-policies) . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-chatbotnotificationchannel.html */ interface ChatbotNotificationChannelProperty { /** * Returns the Amazon Resource Name (ARN) of any third-party chat integrations configured for the account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-chatbotnotificationchannel.html#cfn-aiops-investigationgroup-chatbotnotificationchannel-chatconfigurationarns */ readonly chatConfigurationArns?: Array<string>; /** * Returns the ARN of an Amazon SNS topic used for third-party chat integrations. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-chatbotnotificationchannel.html#cfn-aiops-investigationgroup-chatbotnotificationchannel-snstopicarn */ readonly snsTopicArn?: string; } /** * This structure contains information about the cross-account configuration in the account. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-crossaccountconfiguration.html */ interface CrossAccountConfigurationProperty { /** * The ARN of an existing role which will be used to do investigations on your behalf. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-aiops-investigationgroup-crossaccountconfiguration.html#cfn-aiops-investigationgroup-crossaccountconfiguration-sourcerolearn */ readonly sourceRoleArn?: string; } } /** * Properties for defining a `CfnInvestigationGroup` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html */ export interface CfnInvestigationGroupProps { /** * Use this property to integrate CloudWatch investigations with chat applications. * * This property is an array. For the first string, specify the ARN of an Amazon SNS topic. For the array of strings, specify the ARNs of one or more chat applications configurations that you want to associate with that topic. For more information about these configuration ARNs, see [Getting started with Amazon Q in chat applications](https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html) and [Resource type defined by AWS Chatbot](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awschatbot.html#awschatbot-resources-for-iam-policies) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-chatbotnotificationchannels */ readonly chatbotNotificationChannels?: Array<CfnInvestigationGroup.ChatbotNotificationChannelProperty | cdk.IResolvable> | cdk.IResolvable; /** * List of `sourceRoleArn` values that have been configured for cross-account access. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-crossaccountconfigurations */ readonly crossAccountConfigurations?: Array<CfnInvestigationGroup.CrossAccountConfigurationProperty | cdk.IResolvable> | cdk.IResolvable; /** * Specifies the customer managed AWS KMS key that the investigation group uses to encrypt data, if there is one. * * If not, the investigation group uses an AWS key to encrypt the data. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-encryptionconfig */ readonly encryptionConfig?: CfnInvestigationGroup.EncryptionConfigMapProperty | cdk.IResolvable; /** * Returns the JSON of the IAM resource policy associated with the specified investigation group in a string. * * For example, `{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"aiops.alarms.cloudwatch.amazonaws.com\"},\"Action\":[\"aiops:CreateInvestigation\",\"aiops:CreateInvestigationEvent\"],\"Resource\":\"*\",\"Condition\":{\"StringEquals\":{\"aws:SourceAccount\":\"111122223333\"},\"ArnLike\":{\"aws:SourceArn\":\"arn:aws:cloudwatch:us-east-1:111122223333:alarm:*\"}}}]}` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-investigationgrouppolicy */ readonly investigationGroupPolicy?: string; /** * Specify `true` to enable CloudWatch investigations to have access to change events that are recorded by CloudTrail. * * The default is `true` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-iscloudtraileventhistoryenabled */ readonly isCloudTrailEventHistoryEnabled?: boolean | cdk.IResolvable; /** * Specify either the name or the ARN of the investigation group that you want to view. * * This is used to set the name of the investigation group. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-name */ readonly name: string; /** * Specifies how long that investigation data is kept. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-retentionindays */ readonly retentionInDays?: number; /** * The ARN of the IAM role that the investigation group uses for permissions to gather data. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-rolearn */ readonly roleArn?: string; /** * Displays the custom tag keys for custom applications in your system that you have specified in the investigation group. * * Resource tags help CloudWatch investigations narrow the search space when it is unable to discover definite relationships between resources. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-tagkeyboundaries */ readonly tagKeyBoundaries?: Array<string>; /** * The list of key-value pairs to associate with the resource. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-aiops-investigationgroup.html#cfn-aiops-investigationgroup-tags */ readonly tags?: Array<cdk.CfnTag>; }