Policy: AWS > Redshift > Cluster > Audit Logging > Bucket

The name of an S3 Bucket to which the cluster audit logs will be delivered.

The S3 Bucket must already exist and the Redshift service must be allowed write access. The bucket can reside in any account but must be in the same region as the cluster. For more information refer here.

example: testbucket turbotbucket

Targets

This policy targets the following resource types:

AWS > Redshift > Cluster

Primary Policy

This policy is used with the following primary policy:

AWS > Redshift > Cluster > Audit Logging

Controls

Setting this policy configures this control:

AWS > Redshift > Cluster > Audit Logging

Policy Specification

Schema Type	`string`
Default template	`{% if $.turbotLoggingBucket %}"{{ $.turbotLoggingBucket }}"{% else %}""{% endif %}`
Default template input	`\| { turbotLoggingBucket: policy(uri: "aws#/policy/types/loggingBucketDefault") }`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceLogging

Policy Type URI

tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingBucket

GraphQL

query policyType(id: "tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingBucket") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingBucket'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingBucket'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingBucket"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-redshift#/policy/types/clusterAuditLoggingBucket"