public MyStack()
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
{
RetentionInDays = 14,
});
var ad_log_policyPolicyDocument = exampleLogGroup.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Effect = "Allow",
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"ds.amazonaws.com",
},
Type = "Service",
},
},
Resources =
{
arn,
},
},
},
}));
var ad_log_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("ad-log-policyLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
{
PolicyDocument = ad_log_policyPolicyDocument.Apply(ad_log_policyPolicyDocument => ad_log_policyPolicyDocument.Json),
PolicyName = "ad-log-policy",
});
var exampleLogService = new Aws.DirectoryService.LogService("exampleLogService", new Aws.DirectoryService.LogServiceArgs
{
DirectoryId = aws_directory_service_directory.Example.Id,
LogGroupName = exampleLogGroup.Name,
});
}
public MyStack()
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
{
});
var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("exampleLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
{
PolicyDocument = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""es.amazonaws.com""
},
""Action"": [
""logs:PutLogEvents"",
""logs:PutLogEventsBatch"",
""logs:CreateLogStream""
],
""Resource"": ""arn:aws:logs:*""
}
]
}
",
PolicyName = "example",
});
var exampleDomain = new Aws.ElasticSearch.Domain("exampleDomain", new Aws.ElasticSearch.DomainArgs
{
LogPublishingOptions =
{
new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs
{
CloudwatchLogGroupArn = exampleLogGroup.Arn,
LogType = "INDEX_SLOW_LOGS",
},
},
});
}
public MyStack()
{
var elasticsearch_log_publishing_policyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutLogEventsBatch",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"es.amazonaws.com",
},
Type = "Service",
},
},
Resources =
{
"arn:aws:logs:*",
},
},
},
}));
var elasticsearch_log_publishing_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("elasticsearch-log-publishing-policyLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
{
PolicyDocument = elasticsearch_log_publishing_policyPolicyDocument.Apply(elasticsearch_log_publishing_policyPolicyDocument => elasticsearch_log_publishing_policyPolicyDocument.Json),
PolicyName = "elasticsearch-log-publishing-policy",
});
}
public MyStack()
{
var route53_query_logging_policyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"route53.amazonaws.com",
},
Type = "Service",
},
},
Resources =
{
"arn:aws:logs:*:*:log-group:/aws/route53/*",
},
},
},
}));
var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("route53-query-logging-policyLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
{
PolicyDocument = route53_query_logging_policyPolicyDocument.Apply(route53_query_logging_policyPolicyDocument => route53_query_logging_policyPolicyDocument.Json),
PolicyName = "route53-query-logging-policy",
});
}
public MyStack()
{
var us_east_1 = new Aws.Provider("us-east-1", new Aws.ProviderArgs
{
Region = "us-east-1",
});
var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup("awsRoute53ExampleCom", new Aws.CloudWatch.LogGroupArgs
{
RetentionInDays = 30,
}, new CustomResourceOptions
{
Provider = "aws.us-east-1",
});
var route53_query_logging_policyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"logs:CreateLogStream",
"logs:PutLogEvents",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"route53.amazonaws.com",
},
Type = "Service",
},
},
Resources =
{
"arn:aws:logs:*:*:log-group:/aws/route53/*",
},
},
},
}));
var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy("route53-query-logging-policyLogResourcePolicy", new Aws.CloudWatch.LogResourcePolicyArgs
{
PolicyDocument = route53_query_logging_policyPolicyDocument.Apply(route53_query_logging_policyPolicyDocument => route53_query_logging_policyPolicyDocument.Json),
PolicyName = "route53-query-logging-policy",
}, new CustomResourceOptions
{
Provider = "aws.us-east-1",
});
var exampleComZone = new Aws.Route53.Zone("exampleComZone", new Aws.Route53.ZoneArgs
{
});
var exampleComQueryLog = new Aws.Route53.QueryLog("exampleComQueryLog", new Aws.Route53.QueryLogArgs
{
CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,
ZoneId = exampleComZone.ZoneId,
}, new CustomResourceOptions
{
DependsOn =
{
"aws_cloudwatch_log_resource_policy.route53-query-logging-policy",
},
});
}
