2017/09/21 - Amazon CloudWatch Logs - 2 new 2 updated api methods
Disassociates the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group.
After the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
Note that it can take up to 5 minutes for this operation to take effect.
See also: AWS API Documentation
Request Syntax
client.disassociate_kms_key( logGroupName='string' )
string
[REQUIRED]
The name of the log group.
None
Associates the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group.
Associating an AWS KMS CMK with a log group overrides any existing associations between the log group and a CMK. After a CMK is associated with a log group, all newly ingested data for the log group is encrypted using the CMK. This association is stored as long as the data encrypted with the CMK is still within Amazon CloudWatch Logs. This enables Amazon CloudWatch Logs to decrypt this data whenever it is requested.
Note that it can take up to 5 minutes for this operation to take effect.
If you attempt to associate a CMK with a log group but the CMK does not exist or the CMK is disabled, you will receive an InvalidParameterException error.
See also: AWS API Documentation
Request Syntax
client.associate_kms_key( logGroupName='string', kmsKeyId='string' )
string
[REQUIRED]
The name of the log group.
string
[REQUIRED]
The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. For more information, see Amazon Resource Names - AWS Key Management Service (AWS KMS) .
None
{'kmsKeyId': 'string'}
Creates a log group with the specified name.
You can create up to 5000 log groups per account.
You must use the following guidelines when naming a log group:
Log group names must be unique within a region for an AWS account.
Log group names can be between 1 and 512 characters long.
Log group names consist of the following characters: a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), '/' (forward slash), and '.' (period).
If you associate a AWS Key Management Service (AWS KMS) customer master key (CMK) with the log group, ingested data is encrypted using the CMK. This association is stored as long as the data encrypted with the CMK is still within Amazon CloudWatch Logs. This enables Amazon CloudWatch Logs to decrypt this data whenever it is requested.
If you attempt to associate a CMK with the log group but the CMK does not exist or the CMK is disabled, you will receive an InvalidParameterException error.
See also: AWS API Documentation
Request Syntax
client.create_log_group( logGroupName='string', kmsKeyId='string', tags={ 'string': 'string' } )
string
[REQUIRED]
The name of the log group.
string
The Amazon Resource Name (ARN) of the CMK to use when encrypting log data. For more information, see Amazon Resource Names - AWS Key Management Service (AWS KMS) .
dict
The key-value pairs to use for the tags.
(string) --
(string) --
None
{'logGroups': {'kmsKeyId': 'string'}}
Lists the specified log groups. You can list all your log groups or filter the results by prefix. The results are ASCII-sorted by log group name.
See also: AWS API Documentation
Request Syntax
client.describe_log_groups( logGroupNamePrefix='string', nextToken='string', limit=123 )
string
The prefix to match.
string
The token for the next set of items to return. (You received this token from a previous call.)
integer
The maximum number of items returned. If you don't specify a value, the default is up to 50 items.
dict
Response Syntax
{ 'logGroups': [ { 'logGroupName': 'string', 'creationTime': 123, 'retentionInDays': 123, 'metricFilterCount': 123, 'arn': 'string', 'storedBytes': 123, 'kmsKeyId': 'string' }, ], 'nextToken': 'string' }
Response Structure
(dict) --
logGroups (list) --
The log groups.
(dict) --
Represents a log group.
logGroupName (string) --
The name of the log group.
creationTime (integer) --
The creation time of the log group, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
retentionInDays (integer) --
The number of days to retain the log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653.
metricFilterCount (integer) --
The number of metric filters.
arn (string) --
The Amazon Resource Name (ARN) of the log group.
storedBytes (integer) --
The number of bytes stored.
kmsKeyId (string) --
The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
nextToken (string) --
The token for the next set of items to return. The token expires after 24 hours.