import * as pulumi from "@pulumi/pulumi";
/**
 * The logstreamConfiguration resource allows you to configure streaming configuration or network flow logs to a supported security information and event management (SIEM) system. See https://tailscale.com/kb/1255/log-streaming for more information.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as tailscale from "@pulumi/tailscale";
 *
 * // Example configuration for a non-S3 logstreaming endpoint
 * const sampleLogstreamConfiguration = new tailscale.LogstreamConfiguration("sample_logstream_configuration", {
 *     logType: "configuration",
 *     destinationType: "panther",
 *     url: "https://example.com",
 *     token: "some-token",
 * });
 * // Example configuration for an AWS S3 logstreaming endpoint
 * const sampleLogstreamConfigurationS3 = new tailscale.LogstreamConfiguration("sample_logstream_configuration_s3", {
 *     logType: "configuration",
 *     destinationType: "s3",
 *     s3Bucket: tailscaleLogs.id,
 *     s3Region: "us-west-2",
 *     s3AuthenticationType: "rolearn",
 *     s3RoleArn: tailscaleLogsWriter.arn,
 *     s3ExternalId: prod.externalId,
 * });
 * // Example configuration for an S3-compatible logstreaming endpoint
 * const sampleLogstreamConfigurationS3Compatible = new tailscale.LogstreamConfiguration("sample_logstream_configuration_s3_compatible", {
 *     logType: "configuration",
 *     destinationType: "s3",
 *     url: "https://s3.example.com",
 *     s3Bucket: "example-bucket",
 *     s3Region: "us-west-2",
 *     s3AuthenticationType: "accesskey",
 *     s3AccessKeyId: "some-access-key",
 *     s3SecretAccessKey: "some-secret-key",
 * });
 * ```
 *
 * ## Import
 *
 * Logstream configuration can be imported using the logstream configuration id, e.g.,
 *
 * ```sh
 * $ pulumi import tailscale:index/logstreamConfiguration:LogstreamConfiguration sample_logstream_configuration 123456789
 * ```
 */
export declare class LogstreamConfiguration extends pulumi.CustomResource {
    /**
     * Get an existing LogstreamConfiguration resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LogstreamConfigurationState, opts?: pulumi.CustomResourceOptions): LogstreamConfiguration;
    /**
     * Returns true if the given object is an instance of LogstreamConfiguration.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is LogstreamConfiguration;
    /**
     * The compression algorithm with which to compress logs. One of `none`, `zstd` or `gzip`. Defaults to `none`.
     */
    readonly compressionFormat: pulumi.Output<string | undefined>;
    /**
     * The type of system to which logs are being streamed.
     */
    readonly destinationType: pulumi.Output<string>;
    /**
     * The type of log that is streamed to this endpoint. Either `configuration` for configuration audit logs, or `network` for network flow logs.
     */
    readonly logType: pulumi.Output<string>;
    /**
     * The S3 access key ID. Required if destination*type is s3 and s3*authentication_type is 'accesskey'.
     */
    readonly s3AccessKeyId: pulumi.Output<string | undefined>;
    /**
     * What type of authentication to use for S3. Required if destinationType is 's3'. Tailscale recommends using 'rolearn'.
     */
    readonly s3AuthenticationType: pulumi.Output<string | undefined>;
    /**
     * The S3 bucket name. Required if destinationType is 's3'.
     */
    readonly s3Bucket: pulumi.Output<string | undefined>;
    /**
     * The AWS External ID that Tailscale supplies when authenticating using role-based authentication. Required if destination*type is 's3' and s3*authentication*type is 'rolearn'. This can be obtained via the tailscale*aws*external*id resource.
     */
    readonly s3ExternalId: pulumi.Output<string | undefined>;
    /**
     * An optional S3 key prefix to prepend to the auto-generated S3 key name.
     */
    readonly s3KeyPrefix: pulumi.Output<string | undefined>;
    /**
     * The region in which the S3 bucket is located. Required if destinationType is 's3'.
     */
    readonly s3Region: pulumi.Output<string | undefined>;
    /**
     * ARN of the AWS IAM role that Tailscale should assume when using role-based authentication. Required if destination*type is 's3' and s3*authentication_type is 'rolearn'.
     */
    readonly s3RoleArn: pulumi.Output<string | undefined>;
    /**
     * The S3 secret access key. Required if destination*type is 's3' and s3*authentication_type is 'accesskey'.
     */
    readonly s3SecretAccessKey: pulumi.Output<string | undefined>;
    /**
     * The token/password with which log streams to this endpoint should be authenticated, required unless destinationType is 's3'.
     */
    readonly token: pulumi.Output<string | undefined>;
    /**
     * An optional number of minutes to wait in between uploading new logs. If the quantity of logs does not fit within a single upload, multiple uploads will be made.
     */
    readonly uploadPeriodMinutes: pulumi.Output<number | undefined>;
    /**
     * The URL to which log streams are being posted. If destinationType is 's3' and you want to use the official Amazon S3 endpoint, leave this empty.
     */
    readonly url: pulumi.Output<string | undefined>;
    /**
     * The username with which log streams to this endpoint are authenticated. Only required if destinationType is 'elastic', defaults to 'user' if not set.
     */
    readonly user: pulumi.Output<string | undefined>;
    /**
     * Create a LogstreamConfiguration resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: LogstreamConfigurationArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering LogstreamConfiguration resources.
 */
export interface LogstreamConfigurationState {
    /**
     * The compression algorithm with which to compress logs. One of `none`, `zstd` or `gzip`. Defaults to `none`.
     */
    compressionFormat?: pulumi.Input<string>;
    /**
     * The type of system to which logs are being streamed.
     */
    destinationType?: pulumi.Input<string>;
    /**
     * The type of log that is streamed to this endpoint. Either `configuration` for configuration audit logs, or `network` for network flow logs.
     */
    logType?: pulumi.Input<string>;
    /**
     * The S3 access key ID. Required if destination*type is s3 and s3*authentication_type is 'accesskey'.
     */
    s3AccessKeyId?: pulumi.Input<string>;
    /**
     * What type of authentication to use for S3. Required if destinationType is 's3'. Tailscale recommends using 'rolearn'.
     */
    s3AuthenticationType?: pulumi.Input<string>;
    /**
     * The S3 bucket name. Required if destinationType is 's3'.
     */
    s3Bucket?: pulumi.Input<string>;
    /**
     * The AWS External ID that Tailscale supplies when authenticating using role-based authentication. Required if destination*type is 's3' and s3*authentication*type is 'rolearn'. This can be obtained via the tailscale*aws*external*id resource.
     */
    s3ExternalId?: pulumi.Input<string>;
    /**
     * An optional S3 key prefix to prepend to the auto-generated S3 key name.
     */
    s3KeyPrefix?: pulumi.Input<string>;
    /**
     * The region in which the S3 bucket is located. Required if destinationType is 's3'.
     */
    s3Region?: pulumi.Input<string>;
    /**
     * ARN of the AWS IAM role that Tailscale should assume when using role-based authentication. Required if destination*type is 's3' and s3*authentication_type is 'rolearn'.
     */
    s3RoleArn?: pulumi.Input<string>;
    /**
     * The S3 secret access key. Required if destination*type is 's3' and s3*authentication_type is 'accesskey'.
     */
    s3SecretAccessKey?: pulumi.Input<string>;
    /**
     * The token/password with which log streams to this endpoint should be authenticated, required unless destinationType is 's3'.
     */
    token?: pulumi.Input<string>;
    /**
     * An optional number of minutes to wait in between uploading new logs. If the quantity of logs does not fit within a single upload, multiple uploads will be made.
     */
    uploadPeriodMinutes?: pulumi.Input<number>;
    /**
     * The URL to which log streams are being posted. If destinationType is 's3' and you want to use the official Amazon S3 endpoint, leave this empty.
     */
    url?: pulumi.Input<string>;
    /**
     * The username with which log streams to this endpoint are authenticated. Only required if destinationType is 'elastic', defaults to 'user' if not set.
     */
    user?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a LogstreamConfiguration resource.
 */
export interface LogstreamConfigurationArgs {
    /**
     * The compression algorithm with which to compress logs. One of `none`, `zstd` or `gzip`. Defaults to `none`.
     */
    compressionFormat?: pulumi.Input<string>;
    /**
     * The type of system to which logs are being streamed.
     */
    destinationType: pulumi.Input<string>;
    /**
     * The type of log that is streamed to this endpoint. Either `configuration` for configuration audit logs, or `network` for network flow logs.
     */
    logType: pulumi.Input<string>;
    /**
     * The S3 access key ID. Required if destination*type is s3 and s3*authentication_type is 'accesskey'.
     */
    s3AccessKeyId?: pulumi.Input<string>;
    /**
     * What type of authentication to use for S3. Required if destinationType is 's3'. Tailscale recommends using 'rolearn'.
     */
    s3AuthenticationType?: pulumi.Input<string>;
    /**
     * The S3 bucket name. Required if destinationType is 's3'.
     */
    s3Bucket?: pulumi.Input<string>;
    /**
     * The AWS External ID that Tailscale supplies when authenticating using role-based authentication. Required if destination*type is 's3' and s3*authentication*type is 'rolearn'. This can be obtained via the tailscale*aws*external*id resource.
     */
    s3ExternalId?: pulumi.Input<string>;
    /**
     * An optional S3 key prefix to prepend to the auto-generated S3 key name.
     */
    s3KeyPrefix?: pulumi.Input<string>;
    /**
     * The region in which the S3 bucket is located. Required if destinationType is 's3'.
     */
    s3Region?: pulumi.Input<string>;
    /**
     * ARN of the AWS IAM role that Tailscale should assume when using role-based authentication. Required if destination*type is 's3' and s3*authentication_type is 'rolearn'.
     */
    s3RoleArn?: pulumi.Input<string>;
    /**
     * The S3 secret access key. Required if destination*type is 's3' and s3*authentication_type is 'accesskey'.
     */
    s3SecretAccessKey?: pulumi.Input<string>;
    /**
     * The token/password with which log streams to this endpoint should be authenticated, required unless destinationType is 's3'.
     */
    token?: pulumi.Input<string>;
    /**
     * An optional number of minutes to wait in between uploading new logs. If the quantity of logs does not fit within a single upload, multiple uploads will be made.
     */
    uploadPeriodMinutes?: pulumi.Input<number>;
    /**
     * The URL to which log streams are being posted. If destinationType is 's3' and you want to use the official Amazon S3 endpoint, leave this empty.
     */
    url?: pulumi.Input<string>;
    /**
     * The username with which log streams to this endpoint are authenticated. Only required if destinationType is 'elastic', defaults to 'user' if not set.
     */
    user?: pulumi.Input<string>;
}