aws.wafv2.WebAclLoggingConfiguration
Creates a WAFv2 Web ACL Logging Configuration resource.
Note: To start logging from a WAFv2 Web ACL, an Amazon Kinesis Data Firehose (e.g.,
aws.kinesis.FirehoseDeliveryStream
resource must also be created with a PUT source (not a stream) and in the region that you are operating. If you are capturing logs for Amazon CloudFront, always create the firehose in US East (N. Virginia). Be sure to give the data firehose, cloudwatch log group, and/or s3 bucket a name that starts with the prefixaws-waf-logs-
.
Example Usage
With Redacted Fields
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
{
LogDestinationConfigs = new[]
{
aws_kinesis_firehose_delivery_stream.Example.Arn,
},
ResourceArn = aws_wafv2_web_acl.Example.Arn,
RedactedFields = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs
{
SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
{
Name = "user-agent",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
LogDestinationConfigs: pulumi.StringArray{
aws_kinesis_firehose_delivery_stream.Example.Arn,
},
ResourceArn: pulumi.Any(aws_wafv2_web_acl.Example.Arn),
RedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{
&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{
SingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{
Name: pulumi.String("user-agent"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()
.logDestinationConfigs(aws_kinesis_firehose_delivery_stream.example().arn())
.resourceArn(aws_wafv2_web_acl.example().arn())
.redactedFields(WebAclLoggingConfigurationRedactedFieldArgs.builder()
.singleHeader(WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs.builder()
.name("user-agent")
.build())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclLoggingConfiguration("example",
log_destination_configs=[aws_kinesis_firehose_delivery_stream["example"]["arn"]],
resource_arn=aws_wafv2_web_acl["example"]["arn"],
redacted_fields=[aws.wafv2.WebAclLoggingConfigurationRedactedFieldArgs(
single_header=aws.wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs(
name="user-agent",
),
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],
resourceArn: aws_wafv2_web_acl.example.arn,
redactedFields: [{
singleHeader: {
name: "user-agent",
},
}],
});
resources:
example:
type: aws:wafv2:WebAclLoggingConfiguration
properties:
logDestinationConfigs:
- ${aws_kinesis_firehose_delivery_stream.example.arn}
resourceArn: ${aws_wafv2_web_acl.example.arn}
redactedFields:
- singleHeader:
name: user-agent
With Logging Filter
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
{
LogDestinationConfigs = new[]
{
aws_kinesis_firehose_delivery_stream.Example.Arn,
},
ResourceArn = aws_wafv2_web_acl.Example.Arn,
LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs
{
DefaultBehavior = "KEEP",
Filters = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
{
Behavior = "DROP",
Conditions = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
{
Action = "COUNT",
},
},
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
{
LabelName = "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
},
},
},
Requirement = "MEETS_ALL",
},
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
{
Behavior = "KEEP",
Conditions = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
{
Action = "ALLOW",
},
},
},
Requirement = "MEETS_ANY",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
LogDestinationConfigs: pulumi.StringArray{
aws_kinesis_firehose_delivery_stream.Example.Arn,
},
ResourceArn: pulumi.Any(aws_wafv2_web_acl.Example.Arn),
LoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{
DefaultBehavior: pulumi.String("KEEP"),
Filters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
Behavior: pulumi.String("DROP"),
Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
Action: pulumi.String("COUNT"),
},
},
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
LabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{
LabelName: pulumi.String("awswaf:111122223333:rulegroup:testRules:LabelNameZ"),
},
},
},
Requirement: pulumi.String("MEETS_ALL"),
},
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
Behavior: pulumi.String("KEEP"),
Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
Action: pulumi.String("ALLOW"),
},
},
},
Requirement: pulumi.String("MEETS_ANY"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationLoggingFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()
.logDestinationConfigs(aws_kinesis_firehose_delivery_stream.example().arn())
.resourceArn(aws_wafv2_web_acl.example().arn())
.loggingFilter(WebAclLoggingConfigurationLoggingFilterArgs.builder()
.defaultBehavior("KEEP")
.filters(
WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
.behavior("DROP")
.conditions(
WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
.action("COUNT")
.build())
.build(),
WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.labelNameCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs.builder()
.labelName("awswaf:111122223333:rulegroup:testRules:LabelNameZ")
.build())
.build())
.requirement("MEETS_ALL")
.build(),
WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
.behavior("KEEP")
.conditions(WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
.action("ALLOW")
.build())
.build())
.requirement("MEETS_ANY")
.build())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclLoggingConfiguration("example",
log_destination_configs=[aws_kinesis_firehose_delivery_stream["example"]["arn"]],
resource_arn=aws_wafv2_web_acl["example"]["arn"],
logging_filter=aws.wafv2.WebAclLoggingConfigurationLoggingFilterArgs(
default_behavior="KEEP",
filters=[
aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs(
behavior="DROP",
conditions=[
aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(
action_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs(
action="COUNT",
),
),
aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(
label_name_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs(
label_name="awswaf:111122223333:rulegroup:testRules:LabelNameZ",
),
),
],
requirement="MEETS_ALL",
),
aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs(
behavior="KEEP",
conditions=[aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(
action_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs(
action="ALLOW",
),
)],
requirement="MEETS_ANY",
),
],
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],
resourceArn: aws_wafv2_web_acl.example.arn,
loggingFilter: {
defaultBehavior: "KEEP",
filters: [
{
behavior: "DROP",
conditions: [
{
actionCondition: {
action: "COUNT",
},
},
{
labelNameCondition: {
labelName: "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
},
},
],
requirement: "MEETS_ALL",
},
{
behavior: "KEEP",
conditions: [{
actionCondition: {
action: "ALLOW",
},
}],
requirement: "MEETS_ANY",
},
],
},
});
resources:
example:
type: aws:wafv2:WebAclLoggingConfiguration
properties:
logDestinationConfigs:
- ${aws_kinesis_firehose_delivery_stream.example.arn}
resourceArn: ${aws_wafv2_web_acl.example.arn}
loggingFilter:
defaultBehavior: KEEP
filters:
- behavior: DROP
conditions:
- actionCondition:
action: COUNT
- labelNameCondition:
labelName: awswaf:111122223333:rulegroup:testRules:LabelNameZ
requirement: MEETS_ALL
- behavior: KEEP
conditions:
- actionCondition:
action: ALLOW
requirement: MEETS_ANY
Create WebAclLoggingConfiguration Resource
new WebAclLoggingConfiguration(name: string, args: WebAclLoggingConfigurationArgs, opts?: CustomResourceOptions);
@overload
def WebAclLoggingConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
log_destination_configs: Optional[Sequence[str]] = None,
logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None,
resource_arn: Optional[str] = None)
@overload
def WebAclLoggingConfiguration(resource_name: str,
args: WebAclLoggingConfigurationArgs,
opts: Optional[ResourceOptions] = None)
func NewWebAclLoggingConfiguration(ctx *Context, name string, args WebAclLoggingConfigurationArgs, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)
public WebAclLoggingConfiguration(string name, WebAclLoggingConfigurationArgs args, CustomResourceOptions? opts = null)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclLoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
WebAclLoggingConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The WebAclLoggingConfiguration resource accepts the following input properties:
- Log
Destination List<string>Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- Resource
Arn string The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.- Logging
Filter Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- Redacted
Fields List<Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Args> The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.
- Log
Destination []stringConfigs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- Resource
Arn string The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.- Logging
Filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- Redacted
Fields []WebAcl Logging Configuration Redacted Field Args The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.
- log
Destination List<String>Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- resource
Arn String The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.- logging
Filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted
Fields List<WebAcl Logging Configuration Redacted Field Args> The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.
- log
Destination string[]Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- resource
Arn string The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.- logging
Filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted
Fields WebAcl Logging Configuration Redacted Field Args[] The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.
- log_
destination_ Sequence[str]configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- resource_
arn str The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.- logging_
filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted_
fields Sequence[WebAcl Logging Configuration Redacted Field Args] The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.
- log
Destination List<String>Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- resource
Arn String The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.- logging
Filter Property Map A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted
Fields List<Property Map> The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAclLoggingConfiguration resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing WebAclLoggingConfiguration Resource
Get an existing WebAclLoggingConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclLoggingConfigurationState, opts?: CustomResourceOptions): WebAclLoggingConfiguration
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
log_destination_configs: Optional[Sequence[str]] = None,
logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None,
resource_arn: Optional[str] = None) -> WebAclLoggingConfiguration
func GetWebAclLoggingConfiguration(ctx *Context, name string, id IDInput, state *WebAclLoggingConfigurationState, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)
public static WebAclLoggingConfiguration Get(string name, Input<string> id, WebAclLoggingConfigurationState? state, CustomResourceOptions? opts = null)
public static WebAclLoggingConfiguration get(String name, Output<String> id, WebAclLoggingConfigurationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Log
Destination List<string>Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- Logging
Filter Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- Redacted
Fields List<Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Args> The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.- Resource
Arn string The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.
- Log
Destination []stringConfigs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- Logging
Filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- Redacted
Fields []WebAcl Logging Configuration Redacted Field Args The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.- Resource
Arn string The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.
- log
Destination List<String>Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- logging
Filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted
Fields List<WebAcl Logging Configuration Redacted Field Args> The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.- resource
Arn String The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.
- log
Destination string[]Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- logging
Filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted
Fields WebAcl Logging Configuration Redacted Field Args[] The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.- resource
Arn string The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.
- log_
destination_ Sequence[str]configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- logging_
filter WebAcl Logging Configuration Logging Filter Args A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted_
fields Sequence[WebAcl Logging Configuration Redacted Field Args] The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.- resource_
arn str The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.
- log
Destination List<String>Configs The Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) that you want to associate with the web ACL.
- logging
Filter Property Map A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.
- redacted
Fields List<Property Map> The parts of the request that you want to keep out of the logs. Up to 100
redacted_fields
blocks are supported. See Redacted Fields below for more details.- resource
Arn String The Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs
.
Supporting Types
WebAclLoggingConfigurationLoggingFilter
- Default
Behavior string Default handling for logs that don't match any of the specified filtering conditions. Valid values:
KEEP
orDROP
.- Filters
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Logging Configuration Logging Filter Filter> Filter(s) that you want to apply to the logs. See Filter below for more details.
- Default
Behavior string Default handling for logs that don't match any of the specified filtering conditions. Valid values:
KEEP
orDROP
.- Filters
[]Web
Acl Logging Configuration Logging Filter Filter Filter(s) that you want to apply to the logs. See Filter below for more details.
- default
Behavior String Default handling for logs that don't match any of the specified filtering conditions. Valid values:
KEEP
orDROP
.- filters
List<Web
Acl Logging Configuration Logging Filter Filter> Filter(s) that you want to apply to the logs. See Filter below for more details.
- default
Behavior string Default handling for logs that don't match any of the specified filtering conditions. Valid values:
KEEP
orDROP
.- filters
Web
Acl Logging Configuration Logging Filter Filter[] Filter(s) that you want to apply to the logs. See Filter below for more details.
- default_
behavior str Default handling for logs that don't match any of the specified filtering conditions. Valid values:
KEEP
orDROP
.- filters
Sequence[Web
Acl Logging Configuration Logging Filter Filter] Filter(s) that you want to apply to the logs. See Filter below for more details.
- default
Behavior String Default handling for logs that don't match any of the specified filtering conditions. Valid values:
KEEP
orDROP
.- filters List<Property Map>
Filter(s) that you want to apply to the logs. See Filter below for more details.
WebAclLoggingConfigurationLoggingFilterFilter
- Behavior string
How to handle logs that satisfy the filter's conditions and requirement. Valid values:
KEEP
orDROP
.- Conditions
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Logging Configuration Logging Filter Filter Condition> Match condition(s) for the filter. See Condition below for more details.
- Requirement string
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values:
MEETS_ALL
orMEETS_ANY
.
- Behavior string
How to handle logs that satisfy the filter's conditions and requirement. Valid values:
KEEP
orDROP
.- Conditions
[]Web
Acl Logging Configuration Logging Filter Filter Condition Match condition(s) for the filter. See Condition below for more details.
- Requirement string
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values:
MEETS_ALL
orMEETS_ANY
.
- behavior String
How to handle logs that satisfy the filter's conditions and requirement. Valid values:
KEEP
orDROP
.- conditions
List<Web
Acl Logging Configuration Logging Filter Filter Condition> Match condition(s) for the filter. See Condition below for more details.
- requirement String
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values:
MEETS_ALL
orMEETS_ANY
.
- behavior string
How to handle logs that satisfy the filter's conditions and requirement. Valid values:
KEEP
orDROP
.- conditions
Web
Acl Logging Configuration Logging Filter Filter Condition[] Match condition(s) for the filter. See Condition below for more details.
- requirement string
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values:
MEETS_ALL
orMEETS_ANY
.
- behavior str
How to handle logs that satisfy the filter's conditions and requirement. Valid values:
KEEP
orDROP
.- conditions
Sequence[Web
Acl Logging Configuration Logging Filter Filter Condition] Match condition(s) for the filter. See Condition below for more details.
- requirement str
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values:
MEETS_ALL
orMEETS_ANY
.
- behavior String
How to handle logs that satisfy the filter's conditions and requirement. Valid values:
KEEP
orDROP
.- conditions List<Property Map>
Match condition(s) for the filter. See Condition below for more details.
- requirement String
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values:
MEETS_ALL
orMEETS_ANY
.
WebAclLoggingConfigurationLoggingFilterFilterCondition
- Action
Condition Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Logging Filter Filter Condition Action Condition A single action condition. See Action Condition below for more details.
- Label
Name Pulumi.Condition Aws. Waf V2. Inputs. Web Acl Logging Configuration Logging Filter Filter Condition Label Name Condition A single label name condition. See Label Name Condition below for more details.
- Action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition A single action condition. See Action Condition below for more details.
- Label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition A single label name condition. See Label Name Condition below for more details.
- action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition A single action condition. See Action Condition below for more details.
- label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition A single label name condition. See Label Name Condition below for more details.
- action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition A single action condition. See Action Condition below for more details.
- label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition A single label name condition. See Label Name Condition below for more details.
- action_
condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition A single action condition. See Action Condition below for more details.
- label_
name_ Webcondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition A single label name condition. See Label Name Condition below for more details.
- action
Condition Property Map A single action condition. See Action Condition below for more details.
- label
Name Property MapCondition A single label name condition. See Label Name Condition below for more details.
WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
- Action string
The action setting that a log record must contain in order to meet the condition. Valid values:
ALLOW
,BLOCK
,COUNT
.
- Action string
The action setting that a log record must contain in order to meet the condition. Valid values:
ALLOW
,BLOCK
,COUNT
.
- action String
The action setting that a log record must contain in order to meet the condition. Valid values:
ALLOW
,BLOCK
,COUNT
.
- action string
The action setting that a log record must contain in order to meet the condition. Valid values:
ALLOW
,BLOCK
,COUNT
.
- action str
The action setting that a log record must contain in order to meet the condition. Valid values:
ALLOW
,BLOCK
,COUNT
.
- action String
The action setting that a log record must contain in order to meet the condition. Valid values:
ALLOW
,BLOCK
,COUNT
.
WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
- Label
Name string The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
- Label
Name string The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label
Name String The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label
Name string The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label_
name str The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label
Name String The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
WebAclLoggingConfigurationRedactedField
- All
Query Pulumi.Arguments Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field All Query Arguments Redact all query arguments.
Not supported by WAFv2 API
- Body
Pulumi.
Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Body Redact the request body, which immediately follows the request headers.
Not supported by WAFv2 API
- Method
Pulumi.
Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Method Redact the HTTP method. Must be specified as an empty configuration block
{}
. The method indicates the type of operation that the request is asking the origin to perform.- Query
String Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Query String Redact the query string. Must be specified as an empty configuration block
{}
. This is the part of a URL that appears after a?
character, if any.- Single
Header Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Single Header Redact a single header. See Single Header below for details.
- Single
Query Pulumi.Argument Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Single Query Argument Redact a single query argument. See Single Query Argument below for details.
Not supported by WAFv2 API
- Uri
Path Pulumi.Aws. Waf V2. Inputs. Web Acl Logging Configuration Redacted Field Uri Path Redact the request URI path. Must be specified as an empty configuration block
{}
. This is the part of a web request that identifies a resource, for example,/images/daily-ad.jpg
.
- All
Query WebArguments Acl Logging Configuration Redacted Field All Query Arguments Redact all query arguments.
Not supported by WAFv2 API
- Body
Web
Acl Logging Configuration Redacted Field Body Redact the request body, which immediately follows the request headers.
Not supported by WAFv2 API
- Method
Web
Acl Logging Configuration Redacted Field Method Redact the HTTP method. Must be specified as an empty configuration block
{}
. The method indicates the type of operation that the request is asking the origin to perform.- Query
String WebAcl Logging Configuration Redacted Field Query String Redact the query string. Must be specified as an empty configuration block
{}
. This is the part of a URL that appears after a?
character, if any.- Single
Header WebAcl Logging Configuration Redacted Field Single Header Redact a single header. See Single Header below for details.
- Single
Query WebArgument Acl Logging Configuration Redacted Field Single Query Argument Redact a single query argument. See Single Query Argument below for details.
Not supported by WAFv2 API
- Uri
Path WebAcl Logging Configuration Redacted Field Uri Path Redact the request URI path. Must be specified as an empty configuration block
{}
. This is the part of a web request that identifies a resource, for example,/images/daily-ad.jpg
.
- all
Query WebArguments Acl Logging Configuration Redacted Field All Query Arguments Redact all query arguments.
Not supported by WAFv2 API
- body
Web
Acl Logging Configuration Redacted Field Body Redact the request body, which immediately follows the request headers.
Not supported by WAFv2 API
- method
Web
Acl Logging Configuration Redacted Field Method Redact the HTTP method. Must be specified as an empty configuration block
{}
. The method indicates the type of operation that the request is asking the origin to perform.- query
String WebAcl Logging Configuration Redacted Field Query String Redact the query string. Must be specified as an empty configuration block
{}
. This is the part of a URL that appears after a?
character, if any.- single
Header WebAcl Logging Configuration Redacted Field Single Header Redact a single header. See Single Header below for details.
- single
Query WebArgument Acl Logging Configuration Redacted Field Single Query Argument Redact a single query argument. See Single Query Argument below for details.
Not supported by WAFv2 API
- uri
Path WebAcl Logging Configuration Redacted Field Uri Path Redact the request URI path. Must be specified as an empty configuration block
{}
. This is the part of a web request that identifies a resource, for example,/images/daily-ad.jpg
.
- all
Query WebArguments Acl Logging Configuration Redacted Field All Query Arguments Redact all query arguments.
Not supported by WAFv2 API
- body
Web
Acl Logging Configuration Redacted Field Body Redact the request body, which immediately follows the request headers.
Not supported by WAFv2 API
- method
Web
Acl Logging Configuration Redacted Field Method Redact the HTTP method. Must be specified as an empty configuration block
{}
. The method indicates the type of operation that the request is asking the origin to perform.- query
String WebAcl Logging Configuration Redacted Field Query String Redact the query string. Must be specified as an empty configuration block
{}
. This is the part of a URL that appears after a?
character, if any.- single
Header WebAcl Logging Configuration Redacted Field Single Header Redact a single header. See Single Header below for details.
- single
Query WebArgument Acl Logging Configuration Redacted Field Single Query Argument Redact a single query argument. See Single Query Argument below for details.
Not supported by WAFv2 API
- uri
Path WebAcl Logging Configuration Redacted Field Uri Path Redact the request URI path. Must be specified as an empty configuration block
{}
. This is the part of a web request that identifies a resource, for example,/images/daily-ad.jpg
.
- all_
query_ Webarguments Acl Logging Configuration Redacted Field All Query Arguments Redact all query arguments.
Not supported by WAFv2 API
- body
Web
Acl Logging Configuration Redacted Field Body Redact the request body, which immediately follows the request headers.
Not supported by WAFv2 API
- method
Web
Acl Logging Configuration Redacted Field Method Redact the HTTP method. Must be specified as an empty configuration block
{}
. The method indicates the type of operation that the request is asking the origin to perform.- query_
string WebAcl Logging Configuration Redacted Field Query String Redact the query string. Must be specified as an empty configuration block
{}
. This is the part of a URL that appears after a?
character, if any.- single_
header WebAcl Logging Configuration Redacted Field Single Header Redact a single header. See Single Header below for details.
- single_
query_ Webargument Acl Logging Configuration Redacted Field Single Query Argument Redact a single query argument. See Single Query Argument below for details.
Not supported by WAFv2 API
- uri_
path WebAcl Logging Configuration Redacted Field Uri Path Redact the request URI path. Must be specified as an empty configuration block
{}
. This is the part of a web request that identifies a resource, for example,/images/daily-ad.jpg
.
- all
Query Property MapArguments Redact all query arguments.
Not supported by WAFv2 API
- body Property Map
Redact the request body, which immediately follows the request headers.
Not supported by WAFv2 API
- method Property Map
Redact the HTTP method. Must be specified as an empty configuration block
{}
. The method indicates the type of operation that the request is asking the origin to perform.- query
String Property Map Redact the query string. Must be specified as an empty configuration block
{}
. This is the part of a URL that appears after a?
character, if any.- single
Header Property Map Redact a single header. See Single Header below for details.
- single
Query Property MapArgument Redact a single query argument. See Single Query Argument below for details.
Not supported by WAFv2 API
- uri
Path Property Map Redact the request URI path. Must be specified as an empty configuration block
{}
. This is the part of a web request that identifies a resource, for example,/images/daily-ad.jpg
.
WebAclLoggingConfigurationRedactedFieldSingleHeader
- Name string
The name of the query header to redact. This setting must be provided as lower case characters.
- Name string
The name of the query header to redact. This setting must be provided as lower case characters.
- name String
The name of the query header to redact. This setting must be provided as lower case characters.
- name string
The name of the query header to redact. This setting must be provided as lower case characters.
- name str
The name of the query header to redact. This setting must be provided as lower case characters.
- name String
The name of the query header to redact. This setting must be provided as lower case characters.
WebAclLoggingConfigurationRedactedFieldSingleQueryArgument
- Name string
The name of the query header to redact. This setting must be provided as lower case characters.
Not supported by WAFv2 API
- Name string
The name of the query header to redact. This setting must be provided as lower case characters.
Not supported by WAFv2 API
- name String
The name of the query header to redact. This setting must be provided as lower case characters.
Not supported by WAFv2 API
- name string
The name of the query header to redact. This setting must be provided as lower case characters.
Not supported by WAFv2 API
- name str
The name of the query header to redact. This setting must be provided as lower case characters.
Not supported by WAFv2 API
- name String
The name of the query header to redact. This setting must be provided as lower case characters.
Not supported by WAFv2 API
Import
WAFv2 Web ACL Logging Configurations can be imported using the WAFv2 Web ACL ARN e.g.,
$ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.