1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. wafv2
  5. LoggingConfiguration

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.wafv2.LoggingConfiguration

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    A WAFv2 Logging Configuration Resource Provider

    Create LoggingConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new LoggingConfiguration(name: string, args: LoggingConfigurationArgs, opts?: CustomResourceOptions);
    @overload
    def LoggingConfiguration(resource_name: str,
                             args: LoggingConfigurationArgs,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def LoggingConfiguration(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             log_destination_configs: Optional[Sequence[str]] = None,
                             resource_arn: Optional[str] = None,
                             logging_filter: Optional[LoggingFilterPropertiesArgs] = None,
                             redacted_fields: Optional[Sequence[LoggingConfigurationFieldToMatchArgs]] = None)
    func NewLoggingConfiguration(ctx *Context, name string, args LoggingConfigurationArgs, opts ...ResourceOption) (*LoggingConfiguration, error)
    public LoggingConfiguration(string name, LoggingConfigurationArgs args, CustomResourceOptions? opts = null)
    public LoggingConfiguration(String name, LoggingConfigurationArgs args)
    public LoggingConfiguration(String name, LoggingConfigurationArgs args, CustomResourceOptions options)
    
    type: aws-native:wafv2:LoggingConfiguration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args LoggingConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args LoggingConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args LoggingConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args LoggingConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args LoggingConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    LoggingConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The LoggingConfiguration resource accepts the following input properties:

    LogDestinationConfigs List<string>
    The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
    ResourceArn string
    The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
    LoggingFilter Pulumi.AwsNative.WaFv2.Inputs.LoggingFilterProperties
    Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
    RedactedFields List<Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationFieldToMatch>
    The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
    LogDestinationConfigs []string
    The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
    ResourceArn string
    The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
    LoggingFilter LoggingFilterPropertiesArgs
    Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
    RedactedFields []LoggingConfigurationFieldToMatchArgs
    The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
    logDestinationConfigs List<String>
    The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
    resourceArn String
    The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
    loggingFilter LoggingFilterProperties
    Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
    redactedFields List<LoggingConfigurationFieldToMatch>
    The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
    logDestinationConfigs string[]
    The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
    resourceArn string
    The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
    loggingFilter LoggingFilterProperties
    Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
    redactedFields LoggingConfigurationFieldToMatch[]
    The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
    log_destination_configs Sequence[str]
    The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
    resource_arn str
    The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
    logging_filter LoggingFilterPropertiesArgs
    Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
    redacted_fields Sequence[LoggingConfigurationFieldToMatchArgs]
    The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
    logDestinationConfigs List<String>
    The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
    resourceArn String
    The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
    loggingFilter Property Map
    Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
    redactedFields List<Property Map>
    The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the LoggingConfiguration resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    ManagedByFirewallManager bool
    Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
    Id string
    The provider-assigned unique ID for this managed resource.
    ManagedByFirewallManager bool
    Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
    id String
    The provider-assigned unique ID for this managed resource.
    managedByFirewallManager Boolean
    Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
    id string
    The provider-assigned unique ID for this managed resource.
    managedByFirewallManager boolean
    Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
    id str
    The provider-assigned unique ID for this managed resource.
    managed_by_firewall_manager bool
    Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
    id String
    The provider-assigned unique ID for this managed resource.
    managedByFirewallManager Boolean
    Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.

    Supporting Types

    LoggingConfigurationCondition, LoggingConfigurationConditionArgs

    actionCondition Property Map
    A single action condition.
    labelNameCondition Property Map
    A single label name condition.

    LoggingConfigurationConditionActionConditionProperties, LoggingConfigurationConditionActionConditionPropertiesArgs

    Action Pulumi.AwsNative.WaFv2.LoggingConfigurationConditionActionConditionPropertiesAction
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    Action LoggingConfigurationConditionActionConditionPropertiesAction
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    action LoggingConfigurationConditionActionConditionPropertiesAction
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    action LoggingConfigurationConditionActionConditionPropertiesAction
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    action LoggingConfigurationConditionActionConditionPropertiesAction
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    action "ALLOW" | "BLOCK" | "COUNT" | "CAPTCHA" | "CHALLENGE" | "EXCLUDED_AS_COUNT"
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

    LoggingConfigurationConditionActionConditionPropertiesAction, LoggingConfigurationConditionActionConditionPropertiesActionArgs

    Allow
    ALLOW
    Block
    BLOCK
    Count
    COUNT
    Captcha
    CAPTCHA
    Challenge
    CHALLENGE
    ExcludedAsCount
    EXCLUDED_AS_COUNT
    LoggingConfigurationConditionActionConditionPropertiesActionAllow
    ALLOW
    LoggingConfigurationConditionActionConditionPropertiesActionBlock
    BLOCK
    LoggingConfigurationConditionActionConditionPropertiesActionCount
    COUNT
    LoggingConfigurationConditionActionConditionPropertiesActionCaptcha
    CAPTCHA
    LoggingConfigurationConditionActionConditionPropertiesActionChallenge
    CHALLENGE
    LoggingConfigurationConditionActionConditionPropertiesActionExcludedAsCount
    EXCLUDED_AS_COUNT
    Allow
    ALLOW
    Block
    BLOCK
    Count
    COUNT
    Captcha
    CAPTCHA
    Challenge
    CHALLENGE
    ExcludedAsCount
    EXCLUDED_AS_COUNT
    Allow
    ALLOW
    Block
    BLOCK
    Count
    COUNT
    Captcha
    CAPTCHA
    Challenge
    CHALLENGE
    ExcludedAsCount
    EXCLUDED_AS_COUNT
    ALLOW
    ALLOW
    BLOCK
    BLOCK
    COUNT
    COUNT
    CAPTCHA
    CAPTCHA
    CHALLENGE
    CHALLENGE
    EXCLUDED_AS_COUNT
    EXCLUDED_AS_COUNT
    "ALLOW"
    ALLOW
    "BLOCK"
    BLOCK
    "COUNT"
    COUNT
    "CAPTCHA"
    CAPTCHA
    "CHALLENGE"
    CHALLENGE
    "EXCLUDED_AS_COUNT"
    EXCLUDED_AS_COUNT

    LoggingConfigurationConditionLabelNameConditionProperties, LoggingConfigurationConditionLabelNameConditionPropertiesArgs

    LabelName string
    The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
    LabelName string
    The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
    labelName String
    The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
    labelName string
    The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
    label_name str
    The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
    labelName String
    The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

    LoggingConfigurationFieldToMatch, LoggingConfigurationFieldToMatchArgs

    Method object
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString object
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationFieldToMatchSingleHeaderProperties
    Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
    UriPath object
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    Method interface{}
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    QueryString interface{}
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    SingleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
    Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
    UriPath interface{}
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    method Object
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Object
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
    Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
    uriPath Object
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    method any
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString any
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
    Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
    uriPath any
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    method Any
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    query_string Any
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    single_header LoggingConfigurationFieldToMatchSingleHeaderProperties
    Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
    uri_path Any
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
    method Any
    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
    queryString Any
    Inspect the query string. This is the part of a URL that appears after a ? character, if any.
    singleHeader Property Map
    Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
    uriPath Any
    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    LoggingConfigurationFieldToMatchSingleHeaderProperties, LoggingConfigurationFieldToMatchSingleHeaderPropertiesArgs

    Name string
    The name of the query header to inspect.
    Name string
    The name of the query header to inspect.
    name String
    The name of the query header to inspect.
    name string
    The name of the query header to inspect.
    name str
    The name of the query header to inspect.
    name String
    The name of the query header to inspect.

    LoggingConfigurationFilter, LoggingConfigurationFilterArgs

    Behavior Pulumi.AwsNative.WaFv2.LoggingConfigurationFilterBehavior
    How to handle logs that satisfy the filter's conditions and requirement.
    Conditions List<Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationCondition>
    Match conditions for the filter.
    Requirement Pulumi.AwsNative.WaFv2.LoggingConfigurationFilterRequirement
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    Behavior LoggingConfigurationFilterBehavior
    How to handle logs that satisfy the filter's conditions and requirement.
    Conditions []LoggingConfigurationCondition
    Match conditions for the filter.
    Requirement LoggingConfigurationFilterRequirement
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    behavior LoggingConfigurationFilterBehavior
    How to handle logs that satisfy the filter's conditions and requirement.
    conditions List<LoggingConfigurationCondition>
    Match conditions for the filter.
    requirement LoggingConfigurationFilterRequirement
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    behavior LoggingConfigurationFilterBehavior
    How to handle logs that satisfy the filter's conditions and requirement.
    conditions LoggingConfigurationCondition[]
    Match conditions for the filter.
    requirement LoggingConfigurationFilterRequirement
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    behavior LoggingConfigurationFilterBehavior
    How to handle logs that satisfy the filter's conditions and requirement.
    conditions Sequence[LoggingConfigurationCondition]
    Match conditions for the filter.
    requirement LoggingConfigurationFilterRequirement
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
    behavior "KEEP" | "DROP"
    How to handle logs that satisfy the filter's conditions and requirement.
    conditions List<Property Map>
    Match conditions for the filter.
    requirement "MEETS_ALL" | "MEETS_ANY"
    Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

    LoggingConfigurationFilterBehavior, LoggingConfigurationFilterBehaviorArgs

    Keep
    KEEP
    Drop
    DROP
    LoggingConfigurationFilterBehaviorKeep
    KEEP
    LoggingConfigurationFilterBehaviorDrop
    DROP
    Keep
    KEEP
    Drop
    DROP
    Keep
    KEEP
    Drop
    DROP
    KEEP
    KEEP
    DROP
    DROP
    "KEEP"
    KEEP
    "DROP"
    DROP

    LoggingConfigurationFilterRequirement, LoggingConfigurationFilterRequirementArgs

    MeetsAll
    MEETS_ALL
    MeetsAny
    MEETS_ANY
    LoggingConfigurationFilterRequirementMeetsAll
    MEETS_ALL
    LoggingConfigurationFilterRequirementMeetsAny
    MEETS_ANY
    MeetsAll
    MEETS_ALL
    MeetsAny
    MEETS_ANY
    MeetsAll
    MEETS_ALL
    MeetsAny
    MEETS_ANY
    MEETS_ALL
    MEETS_ALL
    MEETS_ANY
    MEETS_ANY
    "MEETS_ALL"
    MEETS_ALL
    "MEETS_ANY"
    MEETS_ANY

    LoggingConfigurationLoggingFilterPropertiesDefaultBehavior, LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorArgs

    Keep
    KEEP
    Drop
    DROP
    LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorKeep
    KEEP
    LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorDrop
    DROP
    Keep
    KEEP
    Drop
    DROP
    Keep
    KEEP
    Drop
    DROP
    KEEP
    KEEP
    DROP
    DROP
    "KEEP"
    KEEP
    "DROP"
    DROP

    LoggingFilterProperties, LoggingFilterPropertiesArgs

    DefaultBehavior Pulumi.AwsNative.WaFv2.LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
    Default handling for logs that don't match any of the specified filtering conditions.
    Filters List<Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationFilter>
    The filters that you want to apply to the logs.
    DefaultBehavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
    Default handling for logs that don't match any of the specified filtering conditions.
    Filters []LoggingConfigurationFilter
    The filters that you want to apply to the logs.
    defaultBehavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
    Default handling for logs that don't match any of the specified filtering conditions.
    filters List<LoggingConfigurationFilter>
    The filters that you want to apply to the logs.
    defaultBehavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
    Default handling for logs that don't match any of the specified filtering conditions.
    filters LoggingConfigurationFilter[]
    The filters that you want to apply to the logs.
    default_behavior LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
    Default handling for logs that don't match any of the specified filtering conditions.
    filters Sequence[LoggingConfigurationFilter]
    The filters that you want to apply to the logs.
    defaultBehavior "KEEP" | "DROP"
    Default handling for logs that don't match any of the specified filtering conditions.
    filters List<Property Map>
    The filters that you want to apply to the logs.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi