/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace CloudWatchLogs { namespace Model { /** */ class PutDataProtectionPolicyRequest : public CloudWatchLogsRequest { public: AWS_CLOUDWATCHLOGS_API PutDataProtectionPolicyRequest() = default; // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "PutDataProtectionPolicy"; } AWS_CLOUDWATCHLOGS_API Aws::String SerializePayload() const override; AWS_CLOUDWATCHLOGS_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; ///@{ /** *

Specify either the log group name or log group ARN.

*/ inline const Aws::String& GetLogGroupIdentifier() const { return m_logGroupIdentifier; } inline bool LogGroupIdentifierHasBeenSet() const { return m_logGroupIdentifierHasBeenSet; } template void SetLogGroupIdentifier(LogGroupIdentifierT&& value) { m_logGroupIdentifierHasBeenSet = true; m_logGroupIdentifier = std::forward(value); } template PutDataProtectionPolicyRequest& WithLogGroupIdentifier(LogGroupIdentifierT&& value) { SetLogGroupIdentifier(std::forward(value)); return *this; } ///@} ///@{ /** *

Specify the data protection policy, in JSON.

This policy must include * two JSON blocks:

The first block must include both a * DataIdentifer array and an Operation property with an * Audit action. The DataIdentifer array lists the types * of sensitive data that you want to mask. For more information about the * available options, see Types * of data that you can mask.

The Operation property with * an Audit action is required to find the sensitive data terms. This * Audit action must contain a FindingsDestination * object. You can optionally use that FindingsDestination object to * list one or more destinations to send audit findings to. If you specify * destinations such as log groups, Firehose streams, and S3 buckets, they must * already exist.
The second block must include both a * DataIdentifer array and an Operation property with an * Deidentify action. The DataIdentifer array must * exactly match the DataIdentifer array in the first block of the * policy.

The Operation property with the * Deidentify action is what actually masks the data, and it must * contain the "MaskConfig": {} object. The "MaskConfig": * {} object must be empty.

For an example data * protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match * exactly.

In addition to the two JSON blocks, the * policyDocument can also include Name, * Description, and Version fields. The Name * is used as a dimension when CloudWatch Logs reports audit findings metrics to * CloudWatch.

The JSON specified in policyDocument can be up * to 30,720 characters.

*/ inline const Aws::String& GetPolicyDocument() const { return m_policyDocument; } inline bool PolicyDocumentHasBeenSet() const { return m_policyDocumentHasBeenSet; } template void SetPolicyDocument(PolicyDocumentT&& value) { m_policyDocumentHasBeenSet = true; m_policyDocument = std::forward(value); } template PutDataProtectionPolicyRequest& WithPolicyDocument(PolicyDocumentT&& value) { SetPolicyDocument(std::forward(value)); return *this; } ///@} private: Aws::String m_logGroupIdentifier; Aws::String m_policyDocument; bool m_logGroupIdentifierHasBeenSet = false; bool m_policyDocumentHasBeenSet = false; }; } // namespace Model } // namespace CloudWatchLogs } // namespace Aws