aws_sdk_cloudwatchlogs/client/
put_data_protection_policy.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
impl super::Client {
    /// Constructs a fluent builder for the [`PutDataProtectionPolicy`](crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder) operation.
    ///
    /// - The fluent builder is configurable:
    ///   - [`log_group_identifier(impl Into<String>)`](crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder::log_group_identifier) / [`set_log_group_identifier(Option<String>)`](crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder::set_log_group_identifier):<br>required: **true**<br><p>Specify either the log group name or log group ARN.</p><br>
    ///   - [`policy_document(impl Into<String>)`](crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder::policy_document) / [`set_policy_document(Option<String>)`](crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder::set_policy_document):<br>required: **true**<br><p>Specify the data protection policy, in JSON.</p> <p>This policy must include two JSON blocks:</p> <ul>  <li>   <p>The first block must include both a <code>DataIdentifer</code> array and an <code>Operation</code> property with an <code>Audit</code> action. The <code>DataIdentifer</code> array lists the types of sensitive data that you want to mask. For more information about the available options, see <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html">Types of data that you can mask</a>.</p>   <p>The <code>Operation</code> property with an <code>Audit</code> action is required to find the sensitive data terms. This <code>Audit</code> action must contain a <code>FindingsDestination</code> object. You can optionally use that <code>FindingsDestination</code> object to list one or more destinations to send audit findings to. If you specify destinations such as log groups, Firehose streams, and S3 buckets, they must already exist.</p></li>  <li>   <p>The second block must include both a <code>DataIdentifer</code> array and an <code>Operation</code> property with an <code>Deidentify</code> action. The <code>DataIdentifer</code> array must exactly match the <code>DataIdentifer</code> array in the first block of the policy.</p>   <p>The <code>Operation</code> property with the <code>Deidentify</code> action is what actually masks the data, and it must contain the <code> "MaskConfig": {}</code> object. The <code> "MaskConfig": {}</code> object must be empty.</p></li> </ul> <p>For an example data protection policy, see the <b>Examples</b> section on this page.</p><important>  <p>The contents of the two <code>DataIdentifer</code> arrays must match exactly.</p> </important> <p>In addition to the two JSON blocks, the <code>policyDocument</code> can also include <code>Name</code>, <code>Description</code>, and <code>Version</code> fields. The <code>Name</code> is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.</p> <p>The JSON specified in <code>policyDocument</code> can be up to 30,720 characters.</p><br>
    /// - On success, responds with [`PutDataProtectionPolicyOutput`](crate::operation::put_data_protection_policy::PutDataProtectionPolicyOutput) with field(s):
    ///   - [`log_group_identifier(Option<String>)`](crate::operation::put_data_protection_policy::PutDataProtectionPolicyOutput::log_group_identifier): <p>The log group name or ARN that you specified in your request.</p>
    ///   - [`policy_document(Option<String>)`](crate::operation::put_data_protection_policy::PutDataProtectionPolicyOutput::policy_document): <p>The data protection policy used for this log group.</p>
    ///   - [`last_updated_time(Option<i64>)`](crate::operation::put_data_protection_policy::PutDataProtectionPolicyOutput::last_updated_time): <p>The date and time that this policy was most recently updated.</p>
    /// - On failure, responds with [`SdkError<PutDataProtectionPolicyError>`](crate::operation::put_data_protection_policy::PutDataProtectionPolicyError)
    pub fn put_data_protection_policy(&self) -> crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder {
        crate::operation::put_data_protection_policy::builders::PutDataProtectionPolicyFluentBuilder::new(self.handle.clone())
    }
}