Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Log Group support for CloudTrail #6162

Closed
1 of 2 tasks
DenSpirit opened this issue Feb 7, 2020 · 2 comments · Fixed by #8079
Closed
1 of 2 tasks

Log Group support for CloudTrail #6162

DenSpirit opened this issue Feb 7, 2020 · 2 comments · Fixed by #8079
Assignees
Labels
@aws-cdk/aws-cloudtrail Related to AWS CloudTrail effort/medium Medium work item – several days of effort feature-request A feature should be added or improved.

Comments

@DenSpirit
Copy link

It might be desirable for @aws-cdk/aws-cloudtrail's Trail construct to expose log group it creates, and/or accept existing log group.

Use Case

CloudTrail's log group export is useful for setting up metric filters on API events that happen in the account. With raw CloudFormation we needed to define LogGroup separately and were able to set up those. In CDK we'd need to use one of the escape hatches to reach it.

Proposed Solution

Should be a normal readonly property definition.
Implementation pending.

Other

ℹ️ enabling Trail construct to accept custom log group might interfere with retention configuration.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

@DenSpirit DenSpirit added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 7, 2020
@SomayaB SomayaB added the @aws-cdk/aws-cloudtrail Related to AWS CloudTrail label Feb 10, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Feb 11, 2020

I think we don't even have LogGroup support for Trails at all, let alone exposing one. Don't all CloudTrail logs go to S3?

@rix0rrr rix0rrr added the effort/medium Medium work item – several days of effort label Feb 11, 2020
@rix0rrr rix0rrr changed the title Access Log Group created by CloudTrail Log Group support for CloudTrail Feb 11, 2020
@DenSpirit
Copy link
Author

@rix0rrr In Trail construct there are two options present, sendToCloudWatchLogs and cloudWatchLogsRetention. Enabling sending to logs creates a log group as Cfn* resource, but the group is not stored in properties.

@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Mar 4, 2020
nija-at pushed a commit that referenced this issue May 19, 2020
Allow for users to set their own log group that CloudTrail must send
events to.

Expose a log group instance property that returns the user specified or
auto-created log group.

closes #6162
@mergify mergify bot closed this as completed in #8079 May 21, 2020
mergify bot pushed a commit that referenced this issue May 21, 2020
Allow for users to set their own log group that CloudTrail must send
events to.

Expose a log group instance property that returns the user specified or
auto-created log group.

closes #6162


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
karupanerura pushed a commit to karupanerura/aws-cdk that referenced this issue May 22, 2020
Allow for users to set their own log group that CloudTrail must send
events to.

Expose a log group instance property that returns the user specified or
auto-created log group.

closes aws#6162


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-cloudtrail Related to AWS CloudTrail effort/medium Medium work item – several days of effort feature-request A feature should be added or improved.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants