Open peterwoodworth opened 1 year ago
Please see the discussion here to see what the current behavior is like. The properties should probably be uppercase in the template. it's not clear to me whether this causes any bugs in actual behavior, or just the console.
after looking into this issue, I believe the problem is that in the logs.generated.ts file, the CloudFormation DataProtectionPolicy is being passed the entire object (as shown in the image) rather than setting each attribute with the uppercase letter.
My pull request previously changed the object variables to uppercase letters, but that did not follow the enforced naming convention.
import * as cdk from "aws-cdk-lib"; import { Construct } from "constructs";
export class DataProtectionStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props);
const dataProtectionPolicy = new cdk.aws_logs.DataProtectionPolicy({
Name: "EmailAndLatLngProrectionPolicy", // Use uppercase 'Name' instead of 'name'
Description: "cdk generated data protection policy", // Use uppercase 'Description'
PolicyDocument: {
Version: "2021-06-01",
Statement: [
{
Sid: "audit-statement-cdk",
DataIdentifier: [
{
Arn: cdk.Fn.join("", [
"arn:",
cdk.Aws.PARTITION,
":dataprotection::aws:data-identifier/EmailAddress",
]),
},
{
Arn: cdk.Fn.join("", [
"arn:",
cdk.Aws.PARTITION,
":dataprotection::aws:data-identifier/LatLong",
]),
},
],
Operation: {
Audit: {
FindingsDestination: {},
},
},
},
{
Sid: "redact-statement-cdk",
DataIdentifier: [
{
Arn: cdk.Fn.join("", [
"arn:",
cdk.Aws.PARTITION,
":dataprotection::aws:data-identifier/EmailAddress",
]),
},
{
Arn: cdk.Fn.join("", [
"arn:",
cdk.Aws.PARTITION,
":dataprotection::aws:data-identifier/LatLong",
]),
},
],
Operation: {
Deidentify: {
MaskConfig: {},
},
},
},
],
},
});
new cdk.aws_logs.LogGroup(this, "TestLogGroup", {
logGroupName: "TestLogGroup",
dataProtectionPolicy,
});
} }
Just confirming my understanding:
PascalCased
DataProtectionPolicy
construct in aws-logs
generates properties with camelCased
property names
dataIdentifier
instead of DataIdentifier
camelCased
property names are not recognised by CloudFormation, and so the configuration is not applied.I have tried to sort this by explicitly specifying the keys in an object in the generation of the CfnLogGroup
in log-group.ts
.
I'm not sure if I need to go one level deeper to do the same for Statement
, but the docs suggest so. It feels a little hacky to do ever deeper explicit specification of keys - if anyone else has any suggestions for a better approach, I'm very open to it!
PR incoming.
Discussed in https://github.com/aws/aws-cdk/discussions/26669