Cloudformation-coverage-roadmap: AWS::Logs::LogGroup-NewAttribute (KMSKeyId)

Created on 16 Aug 2019  路  6Comments  路  Source: aws-cloudformation/cloudformation-coverage-roadmap

Scope of Request

AWS::Logs::LogGroup should be able to accept a KMSKeyId parameter to turn on log group encryption via a CMK.

Expected behavior

When KMSKeyId is provided, the Log Group should have that Key ID associated with it. The result should be the same as providing the kmsKeyId parameter in the API call, or using AssociateKmsKey afterwards.

Suggest specific test cases

Create a stack with an AWS::KMS::Key and a AWS::Logs::LogGroup with the KMSKeyId option set to !Ref Key. Upon creation, DescribeLogGroups should show the associated kmsKeyId parameter equal to the Ref of the AWS::KMS::Key.

Helpful Links to speed up research and evaluation

API for CreateLogGroup https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogGroup.html

6. Category (required) - Will help with tagging and be easier to find by other users to +1

Use the categories as displayed in the AWS Management Console (simplified):

  1. Management (CloudTrail, Config...)
  2. Security (IAM, KMS...)
management & governance
Source
picture daroot
👍472

Most helpful comment

It's launched: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-kmskeyid

picture wbingli on 3 Nov 2020
🎉2

All 6 comments

Did anybody know the workaround how to associate a Log Group with a CMK in cloudformation?

ThomasSteinbach picture ThomasSteinbach on 19 Feb 2020

@ThomasSteinbach I believe the only work around now would be use to a lambda custom resource.

lloydpick picture lloydpick on 27 Feb 2020

AWS::Logs::LogGroup is open source: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs/tree/master/aws-logs-loggroup.

You are welcome to contribute for this.

wbingli picture wbingli on 25 Mar 2020
👍2

AWS::Logs::LogGroup is open source: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs/tree/master/aws-logs-loggroup.

You are welcome to contribute for this.

Yes! The door is wide open for anyone to be the first public contributor to an AWS Resource here. 鉂わ笍

rjlohan picture rjlohan on 25 Mar 2020

https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-logs/pull/27

PatMyron picture PatMyron on 14 May 2020

It's launched: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html#cfn-logs-loggroup-kmskeyid

wbingli picture wbingli on 3 Nov 2020
🎉2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TheDanBlanco picture TheDanBlanco  路  3Comments
fimbulvetr picture fimbulvetr  路  3Comments
rclark picture rclark  路  3Comments
grauj-aws picture grauj-aws  路  3Comments
baxang picture baxang  路  3Comments