Docs Home
AWS v6.82.2 published on Thursday, Jun 12, 2025 by Pulumi
aws.wafv2.WebAclLoggingConfiguration
Explore with Pulumi AI
This resource creates a WAFv2 Web ACL Logging Configuration.
!> WARNING: When logging from a WAFv2 Web ACL to a CloudWatch Log Group, the WAFv2 service tries to create or update a generic Log Resource Policy named AWSWAF-LOGS. However, if there are a large number of Web ACLs or if the account frequently creates and deletes Web ACLs, this policy may exceed the maximum policy size. As a result, this resource type will fail to be created. More details about this issue can be found in this issue. To prevent this issue, you can manage a specific resource policy. Please refer to the example below for managing a CloudWatch Log Group with a managed CloudWatch Log Resource Policy.
Example Usage
With Redacted Fields
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
logDestinationConfigs: [exampleAwsKinesisFirehoseDeliveryStream.arn],
resourceArn: exampleAwsWafv2WebAcl.arn,
redactedFields: [{
singleHeader: {
name: "user-agent",
},
}],
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclLoggingConfiguration("example",
log_destination_configs=[example_aws_kinesis_firehose_delivery_stream["arn"]],
resource_arn=example_aws_wafv2_web_acl["arn"],
redacted_fields=[{
"single_header": {
"name": "user-agent",
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
LogDestinationConfigs: pulumi.StringArray{
exampleAwsKinesisFirehoseDeliveryStream.Arn,
},
ResourceArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
RedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{
&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{
SingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{
Name: pulumi.String("user-agent"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
{
LogDestinationConfigs = new[]
{
exampleAwsKinesisFirehoseDeliveryStream.Arn,
},
ResourceArn = exampleAwsWafv2WebAcl.Arn,
RedactedFields = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs
{
SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
{
Name = "user-agent",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()
.logDestinationConfigs(exampleAwsKinesisFirehoseDeliveryStream.arn())
.resourceArn(exampleAwsWafv2WebAcl.arn())
.redactedFields(WebAclLoggingConfigurationRedactedFieldArgs.builder()
.singleHeader(WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs.builder()
.name("user-agent")
.build())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclLoggingConfiguration
properties:
logDestinationConfigs:
- ${exampleAwsKinesisFirehoseDeliveryStream.arn}
resourceArn: ${exampleAwsWafv2WebAcl.arn}
redactedFields:
- singleHeader:
name: user-agent
With Logging Filter
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
logDestinationConfigs: [exampleAwsKinesisFirehoseDeliveryStream.arn],
resourceArn: exampleAwsWafv2WebAcl.arn,
loggingFilter: {
defaultBehavior: "KEEP",
filters: [
{
behavior: "DROP",
conditions: [
{
actionCondition: {
action: "COUNT",
},
},
{
labelNameCondition: {
labelName: "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
},
},
],
requirement: "MEETS_ALL",
},
{
behavior: "KEEP",
conditions: [{
actionCondition: {
action: "ALLOW",
},
}],
requirement: "MEETS_ANY",
},
],
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclLoggingConfiguration("example",
log_destination_configs=[example_aws_kinesis_firehose_delivery_stream["arn"]],
resource_arn=example_aws_wafv2_web_acl["arn"],
logging_filter={
"default_behavior": "KEEP",
"filters": [
{
"behavior": "DROP",
"conditions": [
{
"action_condition": {
"action": "COUNT",
},
},
{
"label_name_condition": {
"label_name": "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
},
},
],
"requirement": "MEETS_ALL",
},
{
"behavior": "KEEP",
"conditions": [{
"action_condition": {
"action": "ALLOW",
},
}],
"requirement": "MEETS_ANY",
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
LogDestinationConfigs: pulumi.StringArray{
exampleAwsKinesisFirehoseDeliveryStream.Arn,
},
ResourceArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
LoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{
DefaultBehavior: pulumi.String("KEEP"),
Filters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
Behavior: pulumi.String("DROP"),
Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
Action: pulumi.String("COUNT"),
},
},
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
LabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{
LabelName: pulumi.String("awswaf:111122223333:rulegroup:testRules:LabelNameZ"),
},
},
},
Requirement: pulumi.String("MEETS_ALL"),
},
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
Behavior: pulumi.String("KEEP"),
Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
Action: pulumi.String("ALLOW"),
},
},
},
Requirement: pulumi.String("MEETS_ANY"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
{
LogDestinationConfigs = new[]
{
exampleAwsKinesisFirehoseDeliveryStream.Arn,
},
ResourceArn = exampleAwsWafv2WebAcl.Arn,
LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs
{
DefaultBehavior = "KEEP",
Filters = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
{
Behavior = "DROP",
Conditions = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
{
Action = "COUNT",
},
},
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
{
LabelName = "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
},
},
},
Requirement = "MEETS_ALL",
},
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
{
Behavior = "KEEP",
Conditions = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
{
Action = "ALLOW",
},
},
},
Requirement = "MEETS_ANY",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationLoggingFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()
.logDestinationConfigs(exampleAwsKinesisFirehoseDeliveryStream.arn())
.resourceArn(exampleAwsWafv2WebAcl.arn())
.loggingFilter(WebAclLoggingConfigurationLoggingFilterArgs.builder()
.defaultBehavior("KEEP")
.filters(
WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
.behavior("DROP")
.conditions(
WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
.action("COUNT")
.build())
.build(),
WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.labelNameCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs.builder()
.labelName("awswaf:111122223333:rulegroup:testRules:LabelNameZ")
.build())
.build())
.requirement("MEETS_ALL")
.build(),
WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
.behavior("KEEP")
.conditions(WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
.action("ALLOW")
.build())
.build())
.requirement("MEETS_ANY")
.build())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclLoggingConfiguration
properties:
logDestinationConfigs:
- ${exampleAwsKinesisFirehoseDeliveryStream.arn}
resourceArn: ${exampleAwsWafv2WebAcl.arn}
loggingFilter:
defaultBehavior: KEEP
filters:
- behavior: DROP
conditions:
- actionCondition:
action: COUNT
- labelNameCondition:
labelName: awswaf:111122223333:rulegroup:testRules:LabelNameZ
requirement: MEETS_ALL
- behavior: KEEP
conditions:
- actionCondition:
action: ALLOW
requirement: MEETS_ANY
Create WebAclLoggingConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WebAclLoggingConfiguration(name: string, args: WebAclLoggingConfigurationArgs, opts?: CustomResourceOptions);@overload
def WebAclLoggingConfiguration(resource_name: str,
args: WebAclLoggingConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WebAclLoggingConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
log_destination_configs: Optional[Sequence[str]] = None,
resource_arn: Optional[str] = None,
logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None)func NewWebAclLoggingConfiguration(ctx *Context, name string, args WebAclLoggingConfigurationArgs, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)public WebAclLoggingConfiguration(string name, WebAclLoggingConfigurationArgs args, CustomResourceOptions? opts = null)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclLoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclLoggingConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var webAclLoggingConfigurationResource = new Aws.WafV2.WebAclLoggingConfiguration("webAclLoggingConfigurationResource", new()
{
LogDestinationConfigs = new[]
{
"string",
},
ResourceArn = "string",
LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs
{
DefaultBehavior = "string",
Filters = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
{
Behavior = "string",
Conditions = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
{
ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
{
Action = "string",
},
LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
{
LabelName = "string",
},
},
},
Requirement = "string",
},
},
},
RedactedFields = new[]
{
new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs
{
Method = null,
QueryString = null,
SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
{
Name = "string",
},
UriPath = null,
},
},
});
example, err := wafv2.NewWebAclLoggingConfiguration(ctx, "webAclLoggingConfigurationResource", &wafv2.WebAclLoggingConfigurationArgs{
LogDestinationConfigs: pulumi.StringArray{
pulumi.String("string"),
},
ResourceArn: pulumi.String("string"),
LoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{
DefaultBehavior: pulumi.String("string"),
Filters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
Behavior: pulumi.String("string"),
Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
Action: pulumi.String("string"),
},
LabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{
LabelName: pulumi.String("string"),
},
},
},
Requirement: pulumi.String("string"),
},
},
},
RedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{
&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{
Method: &wafv2.WebAclLoggingConfigurationRedactedFieldMethodArgs{},
QueryString: &wafv2.WebAclLoggingConfigurationRedactedFieldQueryStringArgs{},
SingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{
Name: pulumi.String("string"),
},
UriPath: &wafv2.WebAclLoggingConfigurationRedactedFieldUriPathArgs{},
},
},
})
var webAclLoggingConfigurationResource = new WebAclLoggingConfiguration("webAclLoggingConfigurationResource", WebAclLoggingConfigurationArgs.builder()
.logDestinationConfigs("string")
.resourceArn("string")
.loggingFilter(WebAclLoggingConfigurationLoggingFilterArgs.builder()
.defaultBehavior("string")
.filters(WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
.behavior("string")
.conditions(WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
.actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
.action("string")
.build())
.labelNameCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs.builder()
.labelName("string")
.build())
.build())
.requirement("string")
.build())
.build())
.redactedFields(WebAclLoggingConfigurationRedactedFieldArgs.builder()
.method(WebAclLoggingConfigurationRedactedFieldMethodArgs.builder()
.build())
.queryString(WebAclLoggingConfigurationRedactedFieldQueryStringArgs.builder()
.build())
.singleHeader(WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs.builder()
.name("string")
.build())
.uriPath(WebAclLoggingConfigurationRedactedFieldUriPathArgs.builder()
.build())
.build())
.build());
web_acl_logging_configuration_resource = aws.wafv2.WebAclLoggingConfiguration("webAclLoggingConfigurationResource",
log_destination_configs=["string"],
resource_arn="string",
logging_filter={
"default_behavior": "string",
"filters": [{
"behavior": "string",
"conditions": [{
"action_condition": {
"action": "string",
},
"label_name_condition": {
"label_name": "string",
},
}],
"requirement": "string",
}],
},
redacted_fields=[{
"method": {},
"query_string": {},
"single_header": {
"name": "string",
},
"uri_path": {},
}])
const webAclLoggingConfigurationResource = new aws.wafv2.WebAclLoggingConfiguration("webAclLoggingConfigurationResource", {
logDestinationConfigs: ["string"],
resourceArn: "string",
loggingFilter: {
defaultBehavior: "string",
filters: [{
behavior: "string",
conditions: [{
actionCondition: {
action: "string",
},
labelNameCondition: {
labelName: "string",
},
}],
requirement: "string",
}],
},
redactedFields: [{
method: {},
queryString: {},
singleHeader: {
name: "string",
},
uriPath: {},
}],
});
type: aws:wafv2:WebAclLoggingConfiguration
properties:
logDestinationConfigs:
- string
loggingFilter:
defaultBehavior: string
filters:
- behavior: string
conditions:
- actionCondition:
action: string
labelNameCondition:
labelName: string
requirement: string
redactedFields:
- method: {}
queryString: {}
singleHeader:
name: string
uriPath: {}
resourceArn: string
WebAclLoggingConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WebAclLoggingConfiguration resource accepts the following input properties:
- Log
Destination List<string>Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - Resource
Arn string - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs. - Logging
Filter WebAcl Logging Configuration Logging Filter - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- Redacted
Fields List<WebAcl Logging Configuration Redacted Field> - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details.
- Log
Destination []stringConfigs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - Resource
Arn string - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs. - Logging
Filter WebAcl Logging Configuration Logging Filter Args - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- Redacted
Fields []WebAcl Logging Configuration Redacted Field Args - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details.
- log
Destination List<String>Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - resource
Arn String - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs. - logging
Filter WebAcl Logging Configuration Logging Filter - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted
Fields List<WebAcl Logging Configuration Redacted Field> - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details.
- log
Destination string[]Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - resource
Arn string - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs. - logging
Filter WebAcl Logging Configuration Logging Filter - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted
Fields WebAcl Logging Configuration Redacted Field[] - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details.
- log_
destination_ Sequence[str]configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - resource_
arn str - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs. - logging_
filter WebAcl Logging Configuration Logging Filter Args - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted_
fields Sequence[WebAcl Logging Configuration Redacted Field Args] - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details.
- log
Destination List<String>Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - resource
Arn String - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs. - logging
Filter Property Map - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted
Fields List<Property Map> - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details.
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAclLoggingConfiguration resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing WebAclLoggingConfiguration Resource
Get an existing WebAclLoggingConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclLoggingConfigurationState, opts?: CustomResourceOptions): WebAclLoggingConfiguration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
log_destination_configs: Optional[Sequence[str]] = None,
logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None,
resource_arn: Optional[str] = None) -> WebAclLoggingConfigurationfunc GetWebAclLoggingConfiguration(ctx *Context, name string, id IDInput, state *WebAclLoggingConfigurationState, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)public static WebAclLoggingConfiguration Get(string name, Input<string> id, WebAclLoggingConfigurationState? state, CustomResourceOptions? opts = null)public static WebAclLoggingConfiguration get(String name, Output<String> id, WebAclLoggingConfigurationState state, CustomResourceOptions options)resources: _: type: aws:wafv2:WebAclLoggingConfiguration get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Log
Destination List<string>Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - Logging
Filter WebAcl Logging Configuration Logging Filter - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- Redacted
Fields List<WebAcl Logging Configuration Redacted Field> - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details. - Resource
Arn string - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs.
- Log
Destination []stringConfigs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - Logging
Filter WebAcl Logging Configuration Logging Filter Args - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- Redacted
Fields []WebAcl Logging Configuration Redacted Field Args - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details. - Resource
Arn string - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs.
- log
Destination List<String>Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - logging
Filter WebAcl Logging Configuration Logging Filter - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted
Fields List<WebAcl Logging Configuration Redacted Field> - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details. - resource
Arn String - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs.
- log
Destination string[]Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - logging
Filter WebAcl Logging Configuration Logging Filter - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted
Fields WebAcl Logging Configuration Redacted Field[] - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details. - resource
Arn string - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs.
- log_
destination_ Sequence[str]configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - logging_
filter WebAcl Logging Configuration Logging Filter Args - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted_
fields Sequence[WebAcl Logging Configuration Redacted Field Args] - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details. - resource_
arn str - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs.
- log
Destination List<String>Configs - Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with
aws-waf-logs-, e.g.aws-waf-logs-example-firehose,aws-waf-logs-example-log-group, oraws-waf-logs-example-bucket. - logging
Filter Property Map - Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
- redacted
Fields List<Property Map> - Configuration for parts of the request that you want to keep out of the logs. Up to 100
redacted_fieldsblocks are supported. See Redacted Fields below for more details. - resource
Arn String - Amazon Resource Name (ARN) of the web ACL that you want to associate with
log_destination_configs.
Supporting Types
WebAclLoggingConfigurationLoggingFilter, WebAclLoggingConfigurationLoggingFilterArgs
- Default
Behavior string - Default handling for logs that don't match any of the specified filtering conditions. Valid values for
default_behaviorareKEEPorDROP. - Filters
List<Web
Acl Logging Configuration Logging Filter Filter> - Filter(s) that you want to apply to the logs. See Filter below for more details.
- Default
Behavior string - Default handling for logs that don't match any of the specified filtering conditions. Valid values for
default_behaviorareKEEPorDROP. - Filters
[]Web
Acl Logging Configuration Logging Filter Filter - Filter(s) that you want to apply to the logs. See Filter below for more details.
- default
Behavior String - Default handling for logs that don't match any of the specified filtering conditions. Valid values for
default_behaviorareKEEPorDROP. - filters
List<Web
Acl Logging Configuration Logging Filter Filter> - Filter(s) that you want to apply to the logs. See Filter below for more details.
- default
Behavior string - Default handling for logs that don't match any of the specified filtering conditions. Valid values for
default_behaviorareKEEPorDROP. - filters
Web
Acl Logging Configuration Logging Filter Filter[] - Filter(s) that you want to apply to the logs. See Filter below for more details.
- default_
behavior str - Default handling for logs that don't match any of the specified filtering conditions. Valid values for
default_behaviorareKEEPorDROP. - filters
Sequence[Web
Acl Logging Configuration Logging Filter Filter] - Filter(s) that you want to apply to the logs. See Filter below for more details.
- default
Behavior String - Default handling for logs that don't match any of the specified filtering conditions. Valid values for
default_behaviorareKEEPorDROP. - filters List<Property Map>
- Filter(s) that you want to apply to the logs. See Filter below for more details.
WebAclLoggingConfigurationLoggingFilterFilter, WebAclLoggingConfigurationLoggingFilterFilterArgs
- Behavior string
- Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for
behaviorareKEEPorDROP. - Conditions
List<Web
Acl Logging Configuration Logging Filter Filter Condition> - Match condition(s) for the filter. See Condition below for more details.
- Requirement string
- Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for
requirementareMEETS_ALLorMEETS_ANY.
- Behavior string
- Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for
behaviorareKEEPorDROP. - Conditions
[]Web
Acl Logging Configuration Logging Filter Filter Condition - Match condition(s) for the filter. See Condition below for more details.
- Requirement string
- Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for
requirementareMEETS_ALLorMEETS_ANY.
- behavior String
- Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for
behaviorareKEEPorDROP. - conditions
List<Web
Acl Logging Configuration Logging Filter Filter Condition> - Match condition(s) for the filter. See Condition below for more details.
- requirement String
- Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for
requirementareMEETS_ALLorMEETS_ANY.
- behavior string
- Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for
behaviorareKEEPorDROP. - conditions
Web
Acl Logging Configuration Logging Filter Filter Condition[] - Match condition(s) for the filter. See Condition below for more details.
- requirement string
- Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for
requirementareMEETS_ALLorMEETS_ANY.
- behavior str
- Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for
behaviorareKEEPorDROP. - conditions
Sequence[Web
Acl Logging Configuration Logging Filter Filter Condition] - Match condition(s) for the filter. See Condition below for more details.
- requirement str
- Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for
requirementareMEETS_ALLorMEETS_ANY.
- behavior String
- Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for
behaviorareKEEPorDROP. - conditions List<Property Map>
- Match condition(s) for the filter. See Condition below for more details.
- requirement String
- Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for
requirementareMEETS_ALLorMEETS_ANY.
WebAclLoggingConfigurationLoggingFilterFilterCondition, WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
- Action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition - Configuration for a single action condition. See Action Condition below for more details.
- Label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition - Condition for a single label name. See Label Name Condition below for more details.
- Action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition - Configuration for a single action condition. See Action Condition below for more details.
- Label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition - Condition for a single label name. See Label Name Condition below for more details.
- action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition - Configuration for a single action condition. See Action Condition below for more details.
- label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition - Condition for a single label name. See Label Name Condition below for more details.
- action
Condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition - Configuration for a single action condition. See Action Condition below for more details.
- label
Name WebCondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition - Condition for a single label name. See Label Name Condition below for more details.
- action_
condition WebAcl Logging Configuration Logging Filter Filter Condition Action Condition - Configuration for a single action condition. See Action Condition below for more details.
- label_
name_ Webcondition Acl Logging Configuration Logging Filter Filter Condition Label Name Condition - Condition for a single label name. See Label Name Condition below for more details.
- action
Condition Property Map - Configuration for a single action condition. See Action Condition below for more details.
- label
Name Property MapCondition - Condition for a single label name. See Label Name Condition below for more details.
WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition, WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
- Action string
- Action setting that a log record must contain in order to meet the condition. Valid values for
actionareALLOW,BLOCK,COUNT,CAPTCHA,CHALLENGEandEXCLUDED_AS_COUNT.
- Action string
- Action setting that a log record must contain in order to meet the condition. Valid values for
actionareALLOW,BLOCK,COUNT,CAPTCHA,CHALLENGEandEXCLUDED_AS_COUNT.
- action String
- Action setting that a log record must contain in order to meet the condition. Valid values for
actionareALLOW,BLOCK,COUNT,CAPTCHA,CHALLENGEandEXCLUDED_AS_COUNT.
- action string
- Action setting that a log record must contain in order to meet the condition. Valid values for
actionareALLOW,BLOCK,COUNT,CAPTCHA,CHALLENGEandEXCLUDED_AS_COUNT.
- action str
- Action setting that a log record must contain in order to meet the condition. Valid values for
actionareALLOW,BLOCK,COUNT,CAPTCHA,CHALLENGEandEXCLUDED_AS_COUNT.
- action String
- Action setting that a log record must contain in order to meet the condition. Valid values for
actionareALLOW,BLOCK,COUNT,CAPTCHA,CHALLENGEandEXCLUDED_AS_COUNT.
WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition, WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
- Label
Name string - Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
- Label
Name string - Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label
Name String - Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label
Name string - Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label_
name str - Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
- label
Name String - Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
WebAclLoggingConfigurationRedactedField, WebAclLoggingConfigurationRedactedFieldArgs
- Method
Web
Acl Logging Configuration Redacted Field Method - HTTP method to be redacted. It must be specified as an empty configuration block
{}. The method indicates the type of operation that the request is asking the origin to perform. - Query
String WebAcl Logging Configuration Redacted Field Query String - Whether to redact the query string. It must be specified as an empty configuration block
{}. The query string is the part of a URL that appears after a?character, if any. - Single
Header WebAcl Logging Configuration Redacted Field Single Header - "single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
- Uri
Path WebAcl Logging Configuration Redacted Field Uri Path - Configuration block that redacts the request URI path. It should be specified as an empty configuration block
{}. The URI path is the part of a web request that identifies a resource, such as/images/daily-ad.jpg.
- Method
Web
Acl Logging Configuration Redacted Field Method - HTTP method to be redacted. It must be specified as an empty configuration block
{}. The method indicates the type of operation that the request is asking the origin to perform. - Query
String WebAcl Logging Configuration Redacted Field Query String - Whether to redact the query string. It must be specified as an empty configuration block
{}. The query string is the part of a URL that appears after a?character, if any. - Single
Header WebAcl Logging Configuration Redacted Field Single Header - "single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
- Uri
Path WebAcl Logging Configuration Redacted Field Uri Path - Configuration block that redacts the request URI path. It should be specified as an empty configuration block
{}. The URI path is the part of a web request that identifies a resource, such as/images/daily-ad.jpg.
- method
Web
Acl Logging Configuration Redacted Field Method - HTTP method to be redacted. It must be specified as an empty configuration block
{}. The method indicates the type of operation that the request is asking the origin to perform. - query
String WebAcl Logging Configuration Redacted Field Query String - Whether to redact the query string. It must be specified as an empty configuration block
{}. The query string is the part of a URL that appears after a?character, if any. - single
Header WebAcl Logging Configuration Redacted Field Single Header - "single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
- uri
Path WebAcl Logging Configuration Redacted Field Uri Path - Configuration block that redacts the request URI path. It should be specified as an empty configuration block
{}. The URI path is the part of a web request that identifies a resource, such as/images/daily-ad.jpg.
- method
Web
Acl Logging Configuration Redacted Field Method - HTTP method to be redacted. It must be specified as an empty configuration block
{}. The method indicates the type of operation that the request is asking the origin to perform. - query
String WebAcl Logging Configuration Redacted Field Query String - Whether to redact the query string. It must be specified as an empty configuration block
{}. The query string is the part of a URL that appears after a?character, if any. - single
Header WebAcl Logging Configuration Redacted Field Single Header - "single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
- uri
Path WebAcl Logging Configuration Redacted Field Uri Path - Configuration block that redacts the request URI path. It should be specified as an empty configuration block
{}. The URI path is the part of a web request that identifies a resource, such as/images/daily-ad.jpg.
- method
Web
Acl Logging Configuration Redacted Field Method - HTTP method to be redacted. It must be specified as an empty configuration block
{}. The method indicates the type of operation that the request is asking the origin to perform. - query_
string WebAcl Logging Configuration Redacted Field Query String - Whether to redact the query string. It must be specified as an empty configuration block
{}. The query string is the part of a URL that appears after a?character, if any. - single_
header WebAcl Logging Configuration Redacted Field Single Header - "single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
- uri_
path WebAcl Logging Configuration Redacted Field Uri Path - Configuration block that redacts the request URI path. It should be specified as an empty configuration block
{}. The URI path is the part of a web request that identifies a resource, such as/images/daily-ad.jpg.
- method Property Map
- HTTP method to be redacted. It must be specified as an empty configuration block
{}. The method indicates the type of operation that the request is asking the origin to perform. - query
String Property Map - Whether to redact the query string. It must be specified as an empty configuration block
{}. The query string is the part of a URL that appears after a?character, if any. - single
Header Property Map - "single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
- uri
Path Property Map - Configuration block that redacts the request URI path. It should be specified as an empty configuration block
{}. The URI path is the part of a web request that identifies a resource, such as/images/daily-ad.jpg.
WebAclLoggingConfigurationRedactedFieldSingleHeader, WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
- Name string
- Name of the query header to redact. This setting must be provided in lowercase characters.
- Name string
- Name of the query header to redact. This setting must be provided in lowercase characters.
- name String
- Name of the query header to redact. This setting must be provided in lowercase characters.
- name string
- Name of the query header to redact. This setting must be provided in lowercase characters.
- name str
- Name of the query header to redact. This setting must be provided in lowercase characters.
- name String
- Name of the query header to redact. This setting must be provided in lowercase characters.
Import
Using pulumi import, import WAFv2 Web ACL Logging Configurations using the ARN of the WAFv2 Web ACL. For example:
$ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.