aws logo
AWS Classic v5.29.1, Feb 4 23

aws.wafv2.WebAclLoggingConfiguration

Creates a WAFv2 Web ACL Logging Configuration resource.

Note: To start logging from a WAFv2 Web ACL, an Amazon Kinesis Data Firehose (e.g., aws.kinesis.FirehoseDeliveryStream resource must also be created with a PUT source (not a stream) and in the region that you are operating. If you are capturing logs for Amazon CloudFront, always create the firehose in US East (N. Virginia). Be sure to give the data firehose, cloudwatch log group, and/or s3 bucket a name that starts with the prefix aws-waf-logs-.

Example Usage

With Redacted Fields

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
    {
        LogDestinationConfigs = new[]
        {
            aws_kinesis_firehose_delivery_stream.Example.Arn,
        },
        ResourceArn = aws_wafv2_web_acl.Example.Arn,
        RedactedFields = new[]
        {
            new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs
            {
                SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
                {
                    Name = "user-agent",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
			LogDestinationConfigs: pulumi.StringArray{
				aws_kinesis_firehose_delivery_stream.Example.Arn,
			},
			ResourceArn: pulumi.Any(aws_wafv2_web_acl.Example.Arn),
			RedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{
				&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{
					SingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{
						Name: pulumi.String("user-agent"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()        
            .logDestinationConfigs(aws_kinesis_firehose_delivery_stream.example().arn())
            .resourceArn(aws_wafv2_web_acl.example().arn())
            .redactedFields(WebAclLoggingConfigurationRedactedFieldArgs.builder()
                .singleHeader(WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs.builder()
                    .name("user-agent")
                    .build())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.wafv2.WebAclLoggingConfiguration("example",
    log_destination_configs=[aws_kinesis_firehose_delivery_stream["example"]["arn"]],
    resource_arn=aws_wafv2_web_acl["example"]["arn"],
    redacted_fields=[aws.wafv2.WebAclLoggingConfigurationRedactedFieldArgs(
        single_header=aws.wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs(
            name="user-agent",
        ),
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
    logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],
    resourceArn: aws_wafv2_web_acl.example.arn,
    redactedFields: [{
        singleHeader: {
            name: "user-agent",
        },
    }],
});
resources:
  example:
    type: aws:wafv2:WebAclLoggingConfiguration
    properties:
      logDestinationConfigs:
        - ${aws_kinesis_firehose_delivery_stream.example.arn}
      resourceArn: ${aws_wafv2_web_acl.example.arn}
      redactedFields:
        - singleHeader:
            name: user-agent

With Logging Filter

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
    {
        LogDestinationConfigs = new[]
        {
            aws_kinesis_firehose_delivery_stream.Example.Arn,
        },
        ResourceArn = aws_wafv2_web_acl.Example.Arn,
        LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs
        {
            DefaultBehavior = "KEEP",
            Filters = new[]
            {
                new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
                {
                    Behavior = "DROP",
                    Conditions = new[]
                    {
                        new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                        {
                            ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
                            {
                                Action = "COUNT",
                            },
                        },
                        new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                        {
                            LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
                            {
                                LabelName = "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
                            },
                        },
                    },
                    Requirement = "MEETS_ALL",
                },
                new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
                {
                    Behavior = "KEEP",
                    Conditions = new[]
                    {
                        new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                        {
                            ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
                            {
                                Action = "ALLOW",
                            },
                        },
                    },
                    Requirement = "MEETS_ANY",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
			LogDestinationConfigs: pulumi.StringArray{
				aws_kinesis_firehose_delivery_stream.Example.Arn,
			},
			ResourceArn: pulumi.Any(aws_wafv2_web_acl.Example.Arn),
			LoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{
				DefaultBehavior: pulumi.String("KEEP"),
				Filters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{
					&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
						Behavior: pulumi.String("DROP"),
						Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
							&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
								ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
									Action: pulumi.String("COUNT"),
								},
							},
							&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
								LabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{
									LabelName: pulumi.String("awswaf:111122223333:rulegroup:testRules:LabelNameZ"),
								},
							},
						},
						Requirement: pulumi.String("MEETS_ALL"),
					},
					&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
						Behavior: pulumi.String("KEEP"),
						Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
							&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
								ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
									Action: pulumi.String("ALLOW"),
								},
							},
						},
						Requirement: pulumi.String("MEETS_ANY"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationLoggingFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()        
            .logDestinationConfigs(aws_kinesis_firehose_delivery_stream.example().arn())
            .resourceArn(aws_wafv2_web_acl.example().arn())
            .loggingFilter(WebAclLoggingConfigurationLoggingFilterArgs.builder()
                .defaultBehavior("KEEP")
                .filters(                
                    WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
                        .behavior("DROP")
                        .conditions(                        
                            WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                                .actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
                                    .action("COUNT")
                                    .build())
                                .build(),
                            WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                                .labelNameCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs.builder()
                                    .labelName("awswaf:111122223333:rulegroup:testRules:LabelNameZ")
                                    .build())
                                .build())
                        .requirement("MEETS_ALL")
                        .build(),
                    WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
                        .behavior("KEEP")
                        .conditions(WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                            .actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
                                .action("ALLOW")
                                .build())
                            .build())
                        .requirement("MEETS_ANY")
                        .build())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.wafv2.WebAclLoggingConfiguration("example",
    log_destination_configs=[aws_kinesis_firehose_delivery_stream["example"]["arn"]],
    resource_arn=aws_wafv2_web_acl["example"]["arn"],
    logging_filter=aws.wafv2.WebAclLoggingConfigurationLoggingFilterArgs(
        default_behavior="KEEP",
        filters=[
            aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs(
                behavior="DROP",
                conditions=[
                    aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(
                        action_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs(
                            action="COUNT",
                        ),
                    ),
                    aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(
                        label_name_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs(
                            label_name="awswaf:111122223333:rulegroup:testRules:LabelNameZ",
                        ),
                    ),
                ],
                requirement="MEETS_ALL",
            ),
            aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs(
                behavior="KEEP",
                conditions=[aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(
                    action_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs(
                        action="ALLOW",
                    ),
                )],
                requirement="MEETS_ANY",
            ),
        ],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
    logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],
    resourceArn: aws_wafv2_web_acl.example.arn,
    loggingFilter: {
        defaultBehavior: "KEEP",
        filters: [
            {
                behavior: "DROP",
                conditions: [
                    {
                        actionCondition: {
                            action: "COUNT",
                        },
                    },
                    {
                        labelNameCondition: {
                            labelName: "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
                        },
                    },
                ],
                requirement: "MEETS_ALL",
            },
            {
                behavior: "KEEP",
                conditions: [{
                    actionCondition: {
                        action: "ALLOW",
                    },
                }],
                requirement: "MEETS_ANY",
            },
        ],
    },
});
resources:
  example:
    type: aws:wafv2:WebAclLoggingConfiguration
    properties:
      logDestinationConfigs:
        - ${aws_kinesis_firehose_delivery_stream.example.arn}
      resourceArn: ${aws_wafv2_web_acl.example.arn}
      loggingFilter:
        defaultBehavior: KEEP
        filters:
          - behavior: DROP
            conditions:
              - actionCondition:
                  action: COUNT
              - labelNameCondition:
                  labelName: awswaf:111122223333:rulegroup:testRules:LabelNameZ
            requirement: MEETS_ALL
          - behavior: KEEP
            conditions:
              - actionCondition:
                  action: ALLOW
            requirement: MEETS_ANY

Create WebAclLoggingConfiguration Resource

new WebAclLoggingConfiguration(name: string, args: WebAclLoggingConfigurationArgs, opts?: CustomResourceOptions);
@overload
def WebAclLoggingConfiguration(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               log_destination_configs: Optional[Sequence[str]] = None,
                               logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
                               redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None,
                               resource_arn: Optional[str] = None)
@overload
def WebAclLoggingConfiguration(resource_name: str,
                               args: WebAclLoggingConfigurationArgs,
                               opts: Optional[ResourceOptions] = None)
func NewWebAclLoggingConfiguration(ctx *Context, name string, args WebAclLoggingConfigurationArgs, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)
public WebAclLoggingConfiguration(string name, WebAclLoggingConfigurationArgs args, CustomResourceOptions? opts = null)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclLoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args WebAclLoggingConfigurationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

WebAclLoggingConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The WebAclLoggingConfiguration resource accepts the following input properties:

LogDestinationConfigs List<string>

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

ResourceArn string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

LoggingFilter Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

RedactedFields List<Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs>

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

LogDestinationConfigs []string

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

ResourceArn string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

LoggingFilter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

RedactedFields []WebAclLoggingConfigurationRedactedFieldArgs

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

logDestinationConfigs List<String>

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

resourceArn String

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

loggingFilter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redactedFields List<WebAclLoggingConfigurationRedactedFieldArgs>

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

logDestinationConfigs string[]

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

resourceArn string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

loggingFilter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redactedFields WebAclLoggingConfigurationRedactedFieldArgs[]

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

log_destination_configs Sequence[str]

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

resource_arn str

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

logging_filter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redacted_fields Sequence[WebAclLoggingConfigurationRedactedFieldArgs]

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

logDestinationConfigs List<String>

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

resourceArn String

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

loggingFilter Property Map

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redactedFields List<Property Map>

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

Outputs

All input properties are implicitly available as output properties. Additionally, the WebAclLoggingConfiguration resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing WebAclLoggingConfiguration Resource

Get an existing WebAclLoggingConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WebAclLoggingConfigurationState, opts?: CustomResourceOptions): WebAclLoggingConfiguration
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        log_destination_configs: Optional[Sequence[str]] = None,
        logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
        redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None,
        resource_arn: Optional[str] = None) -> WebAclLoggingConfiguration
func GetWebAclLoggingConfiguration(ctx *Context, name string, id IDInput, state *WebAclLoggingConfigurationState, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)
public static WebAclLoggingConfiguration Get(string name, Input<string> id, WebAclLoggingConfigurationState? state, CustomResourceOptions? opts = null)
public static WebAclLoggingConfiguration get(String name, Output<String> id, WebAclLoggingConfigurationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
LogDestinationConfigs List<string>

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

LoggingFilter Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

RedactedFields List<Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs>

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

ResourceArn string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

LogDestinationConfigs []string

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

LoggingFilter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

RedactedFields []WebAclLoggingConfigurationRedactedFieldArgs

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

ResourceArn string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

logDestinationConfigs List<String>

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

loggingFilter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redactedFields List<WebAclLoggingConfigurationRedactedFieldArgs>

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

resourceArn String

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

logDestinationConfigs string[]

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

loggingFilter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redactedFields WebAclLoggingConfigurationRedactedFieldArgs[]

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

resourceArn string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

log_destination_configs Sequence[str]

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

logging_filter WebAclLoggingConfigurationLoggingFilterArgs

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redacted_fields Sequence[WebAclLoggingConfigurationRedactedFieldArgs]

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

resource_arn str

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

logDestinationConfigs List<String>

The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.

loggingFilter Property Map

A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.

redactedFields List<Property Map>

The parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

resourceArn String

The Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

Supporting Types

WebAclLoggingConfigurationLoggingFilter

DefaultBehavior string

Default handling for logs that don't match any of the specified filtering conditions. Valid values: KEEP or DROP.

Filters List<Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilter>

Filter(s) that you want to apply to the logs. See Filter below for more details.

DefaultBehavior string

Default handling for logs that don't match any of the specified filtering conditions. Valid values: KEEP or DROP.

Filters []WebAclLoggingConfigurationLoggingFilterFilter

Filter(s) that you want to apply to the logs. See Filter below for more details.

defaultBehavior String

Default handling for logs that don't match any of the specified filtering conditions. Valid values: KEEP or DROP.

filters List<WebAclLoggingConfigurationLoggingFilterFilter>

Filter(s) that you want to apply to the logs. See Filter below for more details.

defaultBehavior string

Default handling for logs that don't match any of the specified filtering conditions. Valid values: KEEP or DROP.

filters WebAclLoggingConfigurationLoggingFilterFilter[]

Filter(s) that you want to apply to the logs. See Filter below for more details.

default_behavior str

Default handling for logs that don't match any of the specified filtering conditions. Valid values: KEEP or DROP.

filters Sequence[WebAclLoggingConfigurationLoggingFilterFilter]

Filter(s) that you want to apply to the logs. See Filter below for more details.

defaultBehavior String

Default handling for logs that don't match any of the specified filtering conditions. Valid values: KEEP or DROP.

filters List<Property Map>

Filter(s) that you want to apply to the logs. See Filter below for more details.

WebAclLoggingConfigurationLoggingFilterFilter

Behavior string

How to handle logs that satisfy the filter's conditions and requirement. Valid values: KEEP or DROP.

Conditions List<Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterCondition>

Match condition(s) for the filter. See Condition below for more details.

Requirement string

Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.

Behavior string

How to handle logs that satisfy the filter's conditions and requirement. Valid values: KEEP or DROP.

Conditions []WebAclLoggingConfigurationLoggingFilterFilterCondition

Match condition(s) for the filter. See Condition below for more details.

Requirement string

Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.

behavior String

How to handle logs that satisfy the filter's conditions and requirement. Valid values: KEEP or DROP.

conditions List<WebAclLoggingConfigurationLoggingFilterFilterCondition>

Match condition(s) for the filter. See Condition below for more details.

requirement String

Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.

behavior string

How to handle logs that satisfy the filter's conditions and requirement. Valid values: KEEP or DROP.

conditions WebAclLoggingConfigurationLoggingFilterFilterCondition[]

Match condition(s) for the filter. See Condition below for more details.

requirement string

Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.

behavior str

How to handle logs that satisfy the filter's conditions and requirement. Valid values: KEEP or DROP.

conditions Sequence[WebAclLoggingConfigurationLoggingFilterFilterCondition]

Match condition(s) for the filter. See Condition below for more details.

requirement str

Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.

behavior String

How to handle logs that satisfy the filter's conditions and requirement. Valid values: KEEP or DROP.

conditions List<Property Map>

Match condition(s) for the filter. See Condition below for more details.

requirement String

Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: MEETS_ALL or MEETS_ANY.

WebAclLoggingConfigurationLoggingFilterFilterCondition

ActionCondition Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition

A single action condition. See Action Condition below for more details.

LabelNameCondition Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition

A single label name condition. See Label Name Condition below for more details.

ActionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition

A single action condition. See Action Condition below for more details.

LabelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition

A single label name condition. See Label Name Condition below for more details.

actionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition

A single action condition. See Action Condition below for more details.

labelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition

A single label name condition. See Label Name Condition below for more details.

actionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition

A single action condition. See Action Condition below for more details.

labelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition

A single label name condition. See Label Name Condition below for more details.

action_condition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition

A single action condition. See Action Condition below for more details.

label_name_condition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition

A single label name condition. See Label Name Condition below for more details.

actionCondition Property Map

A single action condition. See Action Condition below for more details.

labelNameCondition Property Map

A single label name condition. See Label Name Condition below for more details.

WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition

Action string

The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.

Action string

The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.

action String

The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.

action string

The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.

action str

The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.

action String

The action setting that a log record must contain in order to meet the condition. Valid values: ALLOW, BLOCK, COUNT.

WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition

LabelName string

The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

LabelName string

The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

labelName String

The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

labelName string

The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

label_name str

The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

labelName String

The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

WebAclLoggingConfigurationRedactedField

AllQueryArguments Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldAllQueryArguments

Redact all query arguments.

Deprecated:

Not supported by WAFv2 API

Body Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldBody

Redact the request body, which immediately follows the request headers.

Deprecated:

Not supported by WAFv2 API

Method Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldMethod

Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.

QueryString Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldQueryString

Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.

SingleHeader Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeader

Redact a single header. See Single Header below for details.

SingleQueryArgument Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleQueryArgument

Redact a single query argument. See Single Query Argument below for details.

Deprecated:

Not supported by WAFv2 API

UriPath Pulumi.Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldUriPath

Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclLoggingConfigurationRedactedFieldAllQueryArguments

Redact all query arguments.

Deprecated:

Not supported by WAFv2 API

Body WebAclLoggingConfigurationRedactedFieldBody

Redact the request body, which immediately follows the request headers.

Deprecated:

Not supported by WAFv2 API

Method WebAclLoggingConfigurationRedactedFieldMethod

Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.

QueryString WebAclLoggingConfigurationRedactedFieldQueryString

Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.

SingleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader

Redact a single header. See Single Header below for details.

SingleQueryArgument WebAclLoggingConfigurationRedactedFieldSingleQueryArgument

Redact a single query argument. See Single Query Argument below for details.

Deprecated:

Not supported by WAFv2 API

UriPath WebAclLoggingConfigurationRedactedFieldUriPath

Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclLoggingConfigurationRedactedFieldAllQueryArguments

Redact all query arguments.

Deprecated:

Not supported by WAFv2 API

body WebAclLoggingConfigurationRedactedFieldBody

Redact the request body, which immediately follows the request headers.

Deprecated:

Not supported by WAFv2 API

method WebAclLoggingConfigurationRedactedFieldMethod

Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.

queryString WebAclLoggingConfigurationRedactedFieldQueryString

Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.

singleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader

Redact a single header. See Single Header below for details.

singleQueryArgument WebAclLoggingConfigurationRedactedFieldSingleQueryArgument

Redact a single query argument. See Single Query Argument below for details.

Deprecated:

Not supported by WAFv2 API

uriPath WebAclLoggingConfigurationRedactedFieldUriPath

Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclLoggingConfigurationRedactedFieldAllQueryArguments

Redact all query arguments.

Deprecated:

Not supported by WAFv2 API

body WebAclLoggingConfigurationRedactedFieldBody

Redact the request body, which immediately follows the request headers.

Deprecated:

Not supported by WAFv2 API

method WebAclLoggingConfigurationRedactedFieldMethod

Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.

queryString WebAclLoggingConfigurationRedactedFieldQueryString

Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.

singleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader

Redact a single header. See Single Header below for details.

singleQueryArgument WebAclLoggingConfigurationRedactedFieldSingleQueryArgument

Redact a single query argument. See Single Query Argument below for details.

Deprecated:

Not supported by WAFv2 API

uriPath WebAclLoggingConfigurationRedactedFieldUriPath

Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclLoggingConfigurationRedactedFieldAllQueryArguments

Redact all query arguments.

Deprecated:

Not supported by WAFv2 API

body WebAclLoggingConfigurationRedactedFieldBody

Redact the request body, which immediately follows the request headers.

Deprecated:

Not supported by WAFv2 API

method WebAclLoggingConfigurationRedactedFieldMethod

Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.

query_string WebAclLoggingConfigurationRedactedFieldQueryString

Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.

single_header WebAclLoggingConfigurationRedactedFieldSingleHeader

Redact a single header. See Single Header below for details.

single_query_argument WebAclLoggingConfigurationRedactedFieldSingleQueryArgument

Redact a single query argument. See Single Query Argument below for details.

Deprecated:

Not supported by WAFv2 API

uri_path WebAclLoggingConfigurationRedactedFieldUriPath

Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map

Redact all query arguments.

Deprecated:

Not supported by WAFv2 API

body Property Map

Redact the request body, which immediately follows the request headers.

Deprecated:

Not supported by WAFv2 API

method Property Map

Redact the HTTP method. Must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.

queryString Property Map

Redact the query string. Must be specified as an empty configuration block {}. This is the part of a URL that appears after a ? character, if any.

singleHeader Property Map

Redact a single header. See Single Header below for details.

singleQueryArgument Property Map

Redact a single query argument. See Single Query Argument below for details.

Deprecated:

Not supported by WAFv2 API

uriPath Property Map

Redact the request URI path. Must be specified as an empty configuration block {}. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclLoggingConfigurationRedactedFieldSingleHeader

Name string

The name of the query header to redact. This setting must be provided as lower case characters.

Name string

The name of the query header to redact. This setting must be provided as lower case characters.

name String

The name of the query header to redact. This setting must be provided as lower case characters.

name string

The name of the query header to redact. This setting must be provided as lower case characters.

name str

The name of the query header to redact. This setting must be provided as lower case characters.

name String

The name of the query header to redact. This setting must be provided as lower case characters.

WebAclLoggingConfigurationRedactedFieldSingleQueryArgument

Name string

The name of the query header to redact. This setting must be provided as lower case characters.

Deprecated:

Not supported by WAFv2 API

Name string

The name of the query header to redact. This setting must be provided as lower case characters.

Deprecated:

Not supported by WAFv2 API

name String

The name of the query header to redact. This setting must be provided as lower case characters.

Deprecated:

Not supported by WAFv2 API

name string

The name of the query header to redact. This setting must be provided as lower case characters.

Deprecated:

Not supported by WAFv2 API

name str

The name of the query header to redact. This setting must be provided as lower case characters.

Deprecated:

Not supported by WAFv2 API

name String

The name of the query header to redact. This setting must be provided as lower case characters.

Deprecated:

Not supported by WAFv2 API

Import

WAFv2 Web ACL Logging Configurations can be imported using the WAFv2 Web ACL ARN e.g.,

 $ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.