Skip to content

feat: introduce transitional property vendedLogsConfig and new type VendedLogs #2289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aws-cdk-automation merged 6 commits into from
Dec 16, 2025
Merged

feat: introduce transitional property vendedLogsConfig and new type VendedLogs #2289

aws-cdk-automation merged 6 commits into from
Dec 16, 2025

Conversation

@ShadowCat567
Copy link
Contributor

@ShadowCat567 ShadowCat567 commented Dec 10, 2025
edited
Loading

Starts updating type for VendedLogs.
Adds a new properly onto Resource which will take the place of the current vendedLogs property, vendedLogsConfig.
In vendedLogsConfig, destination resources are now affiliated per log type instead of per resource and is an array of logTypes, which means its typing looks like this:

NEW
...
  vendedLogsConfig: VendedLogs[];
}

export interface VendedLogs {
  readonly permissionsVersion: string;
  readonly logType: string;
  readonly destinations: DeliveryDestination[];
}

instead of this:

OLD
...
  vendedLogs: VendedLog;
}

export interface VendedLog {
  readonly permissionsVersion: string;
  readonly logTypes: string[];
  readonly destinations: DestinationService[];
}

Why should we do this? Not all logTypes that a resource supports can deliver to the same destinations (most notably, TRACES can only deliver to XRAY and no other log type can deliver to XRAY)

@github-actions

This comment was marked as duplicate.

Sign in to view
@github-actions

This comment was marked as duplicate.

Sign in to view
aws-amplify-bot and others added 2 commits December 15, 2025 13:29
take out outputFormat
301c811
@github-actions
chore: self mutation
968e28b 
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions
Copy link
Contributor

github-actions bot commented Dec 15, 2025

@aws-cdk/aws-service-spec: Model database diff detected
📁 Download full diff

├[~] service aws-aps
│ └ resources
│    ├[~]  resource AWS::APS::Scraper
│    │  └ vendedLogsConfig
│    │     └[+] logType: APPLICATION_LOGS
│    │       ├permissionsVersion: V1
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::APS::Workspace
│       └ vendedLogsConfig
│          └[+] logType: MANAGED_PROMETHEUS_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-b2bi
│ └ resources
│    └[~]  resource AWS::B2BI::Transformer
│       └ vendedLogsConfig
│          └[+] logType: B2BI_EXECUTION_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-backupgateway
│ └ resources
│    └[~]  resource AWS::BackupGateway::Hypervisor
│       └ vendedLogsConfig
│          ├[+] logType: BGW_HYPERVISOR_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: DATA_ACCESS_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-bedrock
│ └ resources
│    ├[~]  resource AWS::Bedrock::Agent
│    │  └ vendedLogsConfig
│    │     └[+] logType: APPLICATION_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::Bedrock::AgentAlias
│    │  └ vendedLogsConfig
│    │     └[+] logType: EVENT_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::Bedrock::Flow
│    │  └ vendedLogsConfig
│    │     └[+] logType: APPLICATION_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::Bedrock::KnowledgeBase
│       └ vendedLogsConfig
│          ├[+] logType: APPLICATION_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: RUNTIME_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-bedrockagentcore
│ └ resources
│    ├[~]  resource AWS::BedrockAgentCore::BrowserCustom
│    │  ├ vendedLogs
│    │  │  └[+] vendedLogs
│    │  │    ├permissionsVersion: V2
│    │  │    ├logTypes: [USAGE_LOGS]
│    │  │    └destinations: [S3, CWL, FH]
│    │  └ vendedLogsConfig
│    │     └[+] logType: USAGE_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::BedrockAgentCore::CodeInterpreterCustom
│    │  ├ vendedLogs
│    │  │  └[+] vendedLogs
│    │  │    ├permissionsVersion: V2
│    │  │    ├logTypes: [APPLICATION_LOGS, USAGE_LOGS]
│    │  │    └destinations: [S3, CWL, FH]
│    │  └ vendedLogsConfig
│    │     ├[+] logType: APPLICATION_LOGS
│    │     │ ├permissionsVersion: V2
│    │     │ └destinations: [S3, CWL, FH]
│    │     └[+] logType: USAGE_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::BedrockAgentCore::Gateway
│    │  └ vendedLogsConfig
│    │     ├[+] logType: APPLICATION_LOGS
│    │     │ ├permissionsVersion: V2
│    │     │ └destinations: [S3, CWL, FH]
│    │     └[+] logType: TRACES
│    │       ├permissionsVersion: V2
│    │       └destinations: [XRAY]
│    ├[~]  resource AWS::BedrockAgentCore::Memory
│    │  └ vendedLogsConfig
│    │     ├[+] logType: APPLICATION_LOGS
│    │     │ ├permissionsVersion: V2
│    │     │ └destinations: [S3, CWL, FH]
│    │     └[+] logType: TRACES
│    │       ├permissionsVersion: V2
│    │       └destinations: [XRAY]
│    ├[~]  resource AWS::BedrockAgentCore::Runtime
│    │  └ vendedLogsConfig
│    │     ├[+] logType: APPLICATION_LOGS
│    │     │ ├permissionsVersion: V2
│    │     │ └destinations: [S3, CWL, FH]
│    │     ├[+] logType: TRACES
│    │     │ ├permissionsVersion: V2
│    │     │ └destinations: [XRAY]
│    │     └[+] logType: USAGE_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::BedrockAgentCore::WorkloadIdentity
│       ├ vendedLogs
│       │  └[+] vendedLogs
│       │    ├permissionsVersion: V2
│       │    ├logTypes: [APPLICATION_LOGS]
│       │    └destinations: [S3, CWL, FH]
│       └ vendedLogsConfig
│          └[+] logType: APPLICATION_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-cleanrooms
│ └ resources
│    └[~]  resource AWS::CleanRooms::Membership
│       └ vendedLogsConfig
│          └[+] logType: ANALYSIS_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-cloudfront
│ └ resources
│    └[~]  resource AWS::CloudFront::Distribution
│       └ vendedLogsConfig
│          ├[+] logType: CONNECTION_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: ACCESS_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-cognito
│ └ resources
│    └[~]  resource AWS::Cognito::UserPool
│       └ vendedLogsConfig
│          └[+] logType: APPLICATION_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-connect
│ └ resources
│    └[~]  resource AWS::Connect::Instance
│       └ vendedLogsConfig
│          └[+] logType: AMAZON_CONNECT_FLOW_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-ec2
│ └ resources
│    ├[~]  resource AWS::EC2::RouteServerPeer
│    │  └ vendedLogsConfig
│    │     └[+] logType: EVENT_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::EC2::VerifiedAccessInstance
│    │  └ vendedLogsConfig
│    │     └[+] logType: VERIFIED_ACCESS_LOGS
│    │       ├permissionsVersion: V1
│    │       └destinations: [S3, CWL, FH]
│    ├[~]  resource AWS::EC2::VPC
│    │  └ vendedLogsConfig
│    │     └[+] logType: ROUTE53_RESOLVER_QUERY_LOGS
│    │       ├permissionsVersion: V1
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::EC2::VPNConnection
│       └ vendedLogsConfig
│          ├[+] logType: EVENT_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: CONNECTION_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-eks
│ └ resources
│    └[~]  resource AWS::EKS::Cluster
│       └ vendedLogsConfig
│          ├[+] logType: AUTO_MODE_BLOCK_STORAGE_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: AUTO_MODE_COMPUTE_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: AUTO_MODE_IPAM_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: AUTO_MODE_LOAD_BALANCING_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-elasticache
│ └ resources
│    └[~]  resource AWS::ElastiCache::CacheCluster
│       └ vendedLogsConfig
│          └[+] logType: ELASTICACHE_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-elasticloadbalancingv2
│ └ resources
│    └[~]  resource AWS::ElasticLoadBalancingV2::LoadBalancer
│       └ vendedLogsConfig
│          └[+] logType: NLB_ACCESS_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-entityresolution
│ └ resources
│    ├[~]  resource AWS::EntityResolution::IdMappingWorkflow
│    │  └ vendedLogsConfig
│    │     └[+] logType: WORKFLOW_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::EntityResolution::MatchingWorkflow
│       └ vendedLogsConfig
│          └[+] logType: WORKFLOW_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-events
│ └ resources
│    └[~]  resource AWS::Events::EventBus
│       └ vendedLogsConfig
│          ├[+] logType: ERROR_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: INFO_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: TRACE_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-grafana
│ └ resources
│    └[~]  resource AWS::Grafana::Workspace
│       └ vendedLogsConfig
│          └[+] logType: APPLICATION_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-iotfleetwise
│ └ resources
│    ├[~]  resource AWS::IoTFleetWise::Campaign
│    │  └ vendedLogsConfig
│    │     └[+] logType: IOT_FLEETWISE_LOGS
│    │       ├permissionsVersion: V1
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::IoTFleetWise::Vehicle
│       └ vendedLogsConfig
│          └[+] logType: IOT_FLEETWISE_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-ivschat
│ └ resources
│    └[~]  resource AWS::IVSChat::Room
│       └ vendedLogsConfig
│          └[+] logType: IVS_CHAT_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-kafkaconnect
│ └ resources
│    └[~]  resource AWS::KafkaConnect::Connector
│       └ vendedLogsConfig
│          └[+] logType: APPLICATION_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-m2
│ └ resources
│    └[~]  resource AWS::M2::Application
│       └ vendedLogsConfig
│          ├[+] logType: CONFIG_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: BATCH_JOB_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: CONSOLE_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: DATASET_IMPORT_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-mediapackagev2
│ └ resources
│    └[~]  resource AWS::MediaPackageV2::ChannelGroup
│       └ vendedLogsConfig
│          ├[+] logType: EGRESS_ACCESS_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: INGRESS_ACCESS_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-mediatailor
│ └ resources
│    └[~]  resource AWS::MediaTailor::PlaybackConfiguration
│       └ vendedLogsConfig
│          ├[+] logType: AD_DECISION_SERVER_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: MANIFEST_SERVICE_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: TRANSCODE_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-msk
│ └ resources
│    └[~]  resource AWS::MSK::Cluster
│       └ vendedLogsConfig
│          └[+] logType: BROKER_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-networkfirewall
│ └ resources
│    └[~]  resource AWS::NetworkFirewall::Firewall
│       └ vendedLogsConfig
│          ├[+] logType: ALERT_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: FLOW_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: TLS_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-organizations
│ └ resources
│    └[~]  resource AWS::Organizations::Organization
│       └ vendedLogs
│          └[-] vendedLogs
│            ├permissionsVersion: V2
│            ├logTypes: [ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS]
│            └destinations: [S3, CWL, FH]
├[~] service aws-osis
│ └ resources
│    └[~]  resource AWS::OSIS::Pipeline
│       └ vendedLogsConfig
│          └[+] logType: PIPELINE_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-pcs
│ └ resources
│    └[~]  resource AWS::PCS::Cluster
│       └ vendedLogsConfig
│          ├[+] logType: PCS_JOBCOMP_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: PCS_SCHEDULER_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-pipes
│ └ resources
│    └[~]  resource AWS::Pipes::Pipe
│       └ vendedLogsConfig
│          └[+] logType: EXECUTION_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-qbusiness
│ └ resources
│    └[~]  resource AWS::QBusiness::Application
│       └ vendedLogsConfig
│          ├[+] logType: SYNC_JOB_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: EVENT_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-route53profiles
│ └ resources
│    └[~]  resource AWS::Route53Profiles::Profile
│       └ vendedLogsConfig
│          └[+] logType: ROUTE53_PROFILES_RESOLVER_QUERY_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-rum
│ └ resources
│    └[~]  resource AWS::RUM::AppMonitor
│       └ vendedLogsConfig
│          ├[+] logType: RUM_TELEMETRY_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          ├[+] logType: RUM_OTEL_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: RUM_OTEL_SPANS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-sagemaker
│ └ resources
│    └[~]  resource AWS::SageMaker::Workteam
│       └ vendedLogsConfig
│          └[+] logType: ACTIVITY_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL]
├[~] service aws-ses
│ └ resources
│    ├[~]  resource AWS::SES::MailManagerIngressPoint
│    │  └ vendedLogsConfig
│    │     ├[+] logType: APPLICATION_LOGS
│    │     │ ├permissionsVersion: V2
│    │     │ └destinations: [S3, CWL, FH]
│    │     └[+] logType: TRAFFIC_POLICY_DEBUG_LOGS
│    │       ├permissionsVersion: V2
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::SES::MailManagerRuleSet
│       └ vendedLogsConfig
│          └[+] logType: APPLICATION_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-shield
│ └ resources
│    └[~]  resource AWS::Shield::Protection
│       └ vendedLogsConfig
│          └[+] logType: FLOW_LOGS
│            ├permissionsVersion: V2
│            └destinations: [S3, CWL, FH]
├[~] service aws-stepfunctions
│ └ resources
│    └[~]  resource AWS::StepFunctions::StateMachine
│       └ vendedLogsConfig
│          ├[+] logType: EXPRESS_LOGS
│          │ ├permissionsVersion: V2
│          │ └destinations: [CWL]
│          └[+] logType: STANDARD_LOGS
│            ├permissionsVersion: V2
│            └destinations: [CWL]
├[~] service aws-transfer
│ └ resources
│    └[~]  resource AWS::Transfer::Server
│       └ vendedLogsConfig
│          └[+] logType: TRANSFER_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-vpclattice
│ └ resources
│    ├[~]  resource AWS::VpcLattice::ResourceConfiguration
│    │  └ vendedLogsConfig
│    │     └[+] logType: RESOURCE_ACCESS_LOGS
│    │       ├permissionsVersion: V1
│    │       └destinations: [S3, CWL, FH]
│    └[~]  resource AWS::VpcLattice::Service
│       └ vendedLogsConfig
│          └[+] logType: ACCESS_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
├[~] service aws-wafv2
│ └ resources
│    └[~]  resource AWS::WAFv2::WebACL
│       └ vendedLogsConfig
│          ├[+] logType: ACCESS_LOGS
│          │ ├permissionsVersion: V1
│          │ └destinations: [S3, CWL, FH]
│          └[+] logType: TOKEN_LOGS
│            ├permissionsVersion: V1
│            └destinations: [S3, CWL, FH]
└[~] service aws-wisdom
  └ resources
     └[~]  resource AWS::Wisdom::Assistant
        └ vendedLogsConfig
           └[+] logType: EVENT_LOGS
             ├permissionsVersion: V2
             └destinations: [S3, CWL, FH]

@ShadowCat567 ShadowCat567 changed the title feat: vendedLogsConfig feat: introduce transitional type vendedLogsConfig Dec 15, 2025
@ShadowCat567 ShadowCat567 marked this pull request as ready for review December 15, 2025 21:40
@ShadowCat567 ShadowCat567 changed the title feat: introduce transitional type vendedLogsConfig feat: introduce transitional property vendedLogsConfig and new type VendedLogs Dec 15, 2025
@aws-cdk-automation aws-cdk-automation added this pull request to the merge queue Dec 16, 2025
Merged via the queue into main with commit 489e1b3 Dec 16, 2025
17 checks passed
@aws-cdk-automation aws-cdk-automation deleted the vended-log-type branch December 16, 2025 17:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrgrain mrgrain mrgrain approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ShadowCat567 @mrgrain @aws-cdk-automation