74 lines
2.5 KiB
TypeScript
74 lines
2.5 KiB
TypeScript
import type { Construct } from 'constructs';
|
|
import type { ILogGroupRef } from './logs.generated';
|
|
import type { ILogSubscriptionDestination, LogSubscriptionDestinationConfig } from './subscription-filter';
|
|
import * as iam from '../../aws-iam';
|
|
import * as cdk from '../../core';
|
|
/**
|
|
* Properties for a CrossAccountDestination
|
|
*/
|
|
export interface CrossAccountDestinationProps {
|
|
/**
|
|
* The name of the log destination.
|
|
*
|
|
* @default Automatically generated
|
|
*/
|
|
readonly destinationName?: string;
|
|
/**
|
|
* The role to assume that grants permissions to write to 'target'.
|
|
*
|
|
* The role must be assumable by 'logs.{REGION}.amazonaws.com'.
|
|
*/
|
|
readonly role: iam.IRoleRef;
|
|
/**
|
|
* The log destination target's ARN
|
|
*/
|
|
readonly targetArn: string;
|
|
}
|
|
/**
|
|
* A new CloudWatch Logs Destination for use in cross-account scenarios
|
|
*
|
|
* CrossAccountDestinations are used to subscribe a Kinesis stream in a
|
|
* different account to a CloudWatch Subscription.
|
|
*
|
|
* For cross-account scenarios, you need to manually create a
|
|
* `CrossAccountDestination` in the destination account. The integration
|
|
* classes in the `aws-cdk-lib/aws-logs-destinations` package (such as
|
|
* `KinesisDestination`) only handle same-account scenarios and do not
|
|
* automatically create `CrossAccountDestination` for cross-account usage.
|
|
*
|
|
* @resource AWS::Logs::Destination
|
|
*/
|
|
export declare class CrossAccountDestination extends cdk.Resource implements ILogSubscriptionDestination {
|
|
/** Uniquely identifies this class. */
|
|
static readonly PROPERTY_INJECTION_ID: string;
|
|
/**
|
|
* Policy object of this CrossAccountDestination object
|
|
*/
|
|
readonly policyDocument: iam.PolicyDocument;
|
|
/**
|
|
* The inner resource
|
|
*/
|
|
private readonly resource;
|
|
/**
|
|
* The name of this CrossAccountDestination object
|
|
* @attribute
|
|
*/
|
|
get destinationName(): string;
|
|
/**
|
|
* The ARN of this CrossAccountDestination object
|
|
* @attribute
|
|
*/
|
|
get destinationArn(): string;
|
|
constructor(scope: Construct, id: string, props: CrossAccountDestinationProps);
|
|
addToPolicy(statement: iam.PolicyStatement): void;
|
|
bind(_scope: Construct, _sourceLogGroup: ILogGroupRef): LogSubscriptionDestinationConfig;
|
|
/**
|
|
* Generate a unique Destination name in case the user didn't supply one
|
|
*/
|
|
private generateUniqueName;
|
|
/**
|
|
* Return a stringified JSON version of the PolicyDocument
|
|
*/
|
|
private lazyStringifiedPolicyDocument;
|
|
}
|