LoggingConfiguration

A WAFv2 Logging Configuration Resource Provider

Create a LoggingConfiguration Resource

new LoggingConfiguration(name: string, args: LoggingConfigurationArgs, opts?: CustomResourceOptions);
@overload
def LoggingConfiguration(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         log_destination_configs: Optional[Sequence[str]] = None,
                         logging_filter: Optional[LoggingFilterPropertiesArgs] = None,
                         redacted_fields: Optional[Sequence[LoggingConfigurationFieldToMatchArgs]] = None,
                         resource_arn: Optional[str] = None)
@overload
def LoggingConfiguration(resource_name: str,
                         args: LoggingConfigurationArgs,
                         opts: Optional[ResourceOptions] = None)
func NewLoggingConfiguration(ctx *Context, name string, args LoggingConfigurationArgs, opts ...ResourceOption) (*LoggingConfiguration, error)
public LoggingConfiguration(string name, LoggingConfigurationArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args LoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args LoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args LoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args LoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

LoggingConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The LoggingConfiguration resource accepts the following input properties:

LogDestinationConfigs List<string>
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
ResourceArn string
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
LoggingFilter Pulumi.AwsNative.WAFv2.Inputs.LoggingFilterPropertiesArgs
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
RedactedFields List<Pulumi.AwsNative.WAFv2.Inputs.LoggingConfigurationFieldToMatchArgs>
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
LogDestinationConfigs []string
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
ResourceArn string
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
LoggingFilter LoggingFilterPropertiesArgs
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
RedactedFields []LoggingConfigurationFieldToMatchArgs
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
logDestinationConfigs string[]
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
resourceArn string
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
loggingFilter LoggingFilterPropertiesArgs
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
redactedFields LoggingConfigurationFieldToMatchArgs[]
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
log_destination_configs Sequence[str]
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
resource_arn str
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
logging_filter LoggingFilterPropertiesArgs
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
redacted_fields Sequence[LoggingConfigurationFieldToMatchArgs]
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.

Outputs

All input properties are implicitly available as output properties. Additionally, the LoggingConfiguration resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
ManagedByFirewallManager bool
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
Id string
The provider-assigned unique ID for this managed resource.
ManagedByFirewallManager bool
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
id string
The provider-assigned unique ID for this managed resource.
managedByFirewallManager boolean
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
id str
The provider-assigned unique ID for this managed resource.
managed_by_firewall_manager bool
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.

Supporting Types

LoggingConfigurationCondition

LoggingConfigurationConditionActionConditionProperties

Action Pulumi.AwsNative.WAFv2.LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
Action LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
action LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
action LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

LoggingConfigurationConditionActionConditionPropertiesAction

Allow
ALLOW
Block
BLOCK
Count
COUNT
Captcha
CAPTCHA
ExcludedAsCount
EXCLUDED_AS_COUNT
LoggingConfigurationConditionActionConditionPropertiesActionAllow
ALLOW
LoggingConfigurationConditionActionConditionPropertiesActionBlock
BLOCK
LoggingConfigurationConditionActionConditionPropertiesActionCount
COUNT
LoggingConfigurationConditionActionConditionPropertiesActionCaptcha
CAPTCHA
LoggingConfigurationConditionActionConditionPropertiesActionExcludedAsCount
EXCLUDED_AS_COUNT
Allow
ALLOW
Block
BLOCK
Count
COUNT
Captcha
CAPTCHA
ExcludedAsCount
EXCLUDED_AS_COUNT
ALLOW
ALLOW
BLOCK
BLOCK
COUNT
COUNT
CAPTCHA
CAPTCHA
EXCLUDED_AS_COUNT
EXCLUDED_AS_COUNT

LoggingConfigurationConditionLabelNameConditionProperties

LabelName string
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
LabelName string
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName string
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
label_name str
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

LoggingConfigurationFieldToMatch

JsonBody Pulumi.AwsNative.WAFv2.Inputs.LoggingConfigurationFieldToMatchJsonBodyProperties
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Method object
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString object
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader Pulumi.AwsNative.WAFv2.Inputs.LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn’t case sensitive.
UriPath object
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
JsonBody LoggingConfigurationFieldToMatchJsonBodyProperties
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Method interface{}
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString interface{}
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn’t case sensitive.
UriPath interface{}
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
jsonBody LoggingConfigurationFieldToMatchJsonBodyProperties
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
method any
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString any
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn’t case sensitive.
uriPath any
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
json_body LoggingConfigurationFieldToMatchJsonBodyProperties
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
method Any
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string Any
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn’t case sensitive.
uri_path Any
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

LoggingConfigurationFieldToMatchJsonBodyProperties

MatchPattern Pulumi.AwsNative.WAFv2.Inputs.LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchPatternProperties
The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
MatchScope Pulumi.AwsNative.WAFv2.LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScope
The parts of the JSON to match against using the MatchPattern. If you specify All, AWS WAF matches against keys and values.
InvalidFallbackBehavior Pulumi.AwsNative.WAFv2.LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehavior
What AWS WAF should do if it fails to completely parse the JSON body.
MatchPattern LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchPatternProperties
The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
MatchScope LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScope
The parts of the JSON to match against using the MatchPattern. If you specify All, AWS WAF matches against keys and values.
InvalidFallbackBehavior LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehavior
What AWS WAF should do if it fails to completely parse the JSON body.
matchPattern LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchPatternProperties
The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
matchScope LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScope
The parts of the JSON to match against using the MatchPattern. If you specify All, AWS WAF matches against keys and values.
invalidFallbackBehavior LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehavior
What AWS WAF should do if it fails to completely parse the JSON body.
match_pattern LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchPatternProperties
The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
match_scope LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScope
The parts of the JSON to match against using the MatchPattern. If you specify All, AWS WAF matches against keys and values.
invalid_fallback_behavior LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehavior
What AWS WAF should do if it fails to completely parse the JSON body.

LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
EvaluateAsString
EVALUATE_AS_STRING
LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehaviorMatch
MATCH
LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehaviorNoMatch
NO_MATCH
LoggingConfigurationFieldToMatchJsonBodyPropertiesInvalidFallbackBehaviorEvaluateAsString
EVALUATE_AS_STRING
Match
MATCH
NoMatch
NO_MATCH
EvaluateAsString
EVALUATE_AS_STRING
MATCH
MATCH
NO_MATCH
NO_MATCH
EVALUATE_AS_STRING
EVALUATE_AS_STRING

LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchPatternProperties

All object
Match all of the elements. See also MatchScope in JsonBody. You must specify either this setting or the IncludedPaths setting, but not both.
IncludedPaths List<string>
Match only the specified include paths. See also MatchScope in JsonBody.
All interface{}
Match all of the elements. See also MatchScope in JsonBody. You must specify either this setting or the IncludedPaths setting, but not both.
IncludedPaths []string
Match only the specified include paths. See also MatchScope in JsonBody.
all any
Match all of the elements. See also MatchScope in JsonBody. You must specify either this setting or the IncludedPaths setting, but not both.
includedPaths string[]
Match only the specified include paths. See also MatchScope in JsonBody.
all Any
Match all of the elements. See also MatchScope in JsonBody. You must specify either this setting or the IncludedPaths setting, but not both.
included_paths Sequence[str]
Match only the specified include paths. See also MatchScope in JsonBody.

LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScope

All
ALL
Key
KEY
Value
VALUE
LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScopeAll
ALL
LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScopeKey
KEY
LoggingConfigurationFieldToMatchJsonBodyPropertiesMatchScopeValue
VALUE
All
ALL
Key
KEY
Value
VALUE
ALL
ALL
KEY
KEY
VALUE
VALUE

LoggingConfigurationFieldToMatchSingleHeaderProperties

Name string
The name of the query header to inspect.
Name string
The name of the query header to inspect.
name string
The name of the query header to inspect.
name str
The name of the query header to inspect.

LoggingConfigurationFilter

Behavior Pulumi.AwsNative.WAFv2.LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter’s conditions and requirement.
Conditions List<Pulumi.AwsNative.WAFv2.Inputs.LoggingConfigurationCondition>
Match conditions for the filter.
Requirement Pulumi.AwsNative.WAFv2.LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
Behavior LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter’s conditions and requirement.
Conditions []LoggingConfigurationCondition
Match conditions for the filter.
Requirement LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
behavior LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter’s conditions and requirement.
conditions LoggingConfigurationCondition[]
Match conditions for the filter.
requirement LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
behavior LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter’s conditions and requirement.
conditions Sequence[LoggingConfigurationCondition]
Match conditions for the filter.
requirement LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

LoggingConfigurationFilterBehavior

Keep
KEEP
Drop
DROP
LoggingConfigurationFilterBehaviorKeep
KEEP
LoggingConfigurationFilterBehaviorDrop
DROP
Keep
KEEP
Drop
DROP
KEEP
KEEP
DROP
DROP

LoggingConfigurationFilterRequirement

MeetsAll
MEETS_ALL
MeetsAny
MEETS_ANY
LoggingConfigurationFilterRequirementMeetsAll
MEETS_ALL
LoggingConfigurationFilterRequirementMeetsAny
MEETS_ANY
MeetsAll
MEETS_ALL
MeetsAny
MEETS_ANY
MEETS_ALL
MEETS_ALL
MEETS_ANY
MEETS_ANY

LoggingConfigurationLoggingFilterPropertiesDefaultBehavior

Keep
KEEP
Drop
DROP
LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorKeep
KEEP
LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorDrop
DROP
Keep
KEEP
Drop
DROP
KEEP
KEEP
DROP
DROP

LoggingFilterProperties

DefaultBehavior Pulumi.AwsNative.WAFv2.LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don’t match any of the specified filtering conditions.
Filters List<Pulumi.AwsNative.WAFv2.Inputs.LoggingConfigurationFilter>
The filters that you want to apply to the logs.
DefaultBehavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don’t match any of the specified filtering conditions.
Filters []LoggingConfigurationFilter
The filters that you want to apply to the logs.
defaultBehavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don’t match any of the specified filtering conditions.
filters LoggingConfigurationFilter[]
The filters that you want to apply to the logs.
default_behavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don’t match any of the specified filtering conditions.
filters Sequence[LoggingConfigurationFilter]
The filters that you want to apply to the logs.

Package Details

Repository
https://github.com/pulumi/pulumi-aws-native
License
Apache-2.0