I'm trying to set up logging for my Cloudfront distributions. In the AWS console I see a legacy s3 option, and then v2 CloudWatch, Kinesis and S3 options. In pulumi, with either the aws classic or the aws native (cloud control) module I only see options for s3 or kinesis. I would like to use Cloudwatch if I can as that's where all my ECS logs go. Is there a way to do this with pulumi?

It doesn't seem to be possible to configure this through CloudFormation (yet): AWS::CloudFront::Distribution Logging only has an S3 option. This usually means that it's not possible to configure it via

aws-native

either, because both use the AWS Cloud Control API.

Yeah, so I made the Cloudwatch log groups with pulumi (they need to be in the us-east-1 region as Cloudfront is one of those global services) and then clicked the buttons in the web ui to connect them to the Cloudfronts. I left a note for future me to add pulumi to do the linking up when either of the providers' upstreams has implemented it. I wasn't aware the update was so recent. I haven't looked at Cloudfront in months, and then decided I should do something about the logs and found I timed it just right to use the new feature.