Class CfnLoggingConfiguration
Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF .
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnLoggingConfiguration : CfnResource, IInspectable
Syntax (vb)
Public Class CfnLoggingConfiguration
Inherits CfnResource
Implements IInspectable
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs-
. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration
request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var jsonBody;
var loggingFilter;
var method;
var queryString;
var singleHeader;
var uriPath;
var cfnLoggingConfiguration = new CfnLoggingConfiguration(this, "MyCfnLoggingConfiguration", new CfnLoggingConfigurationProps {
LogDestinationConfigs = new [] { "logDestinationConfigs" },
ResourceArn = "resourceArn",
// the properties below are optional
LoggingFilter = loggingFilter,
RedactedFields = new [] { new FieldToMatchProperty {
JsonBody = jsonBody,
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
UriPath = uriPath
} }
});
Synopsis
Constructors
CfnLoggingConfiguration(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnLoggingConfiguration(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
CfnLoggingConfiguration(Construct, String, ICfnLoggingConfigurationProps) |
Properties
AttrManagedByFirewallManager | Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration. |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
LogDestinationConfigs | The logging destination configuration that you want to associate with the web ACL. |
LoggingFilter | Filtering that specifies which web requests are kept in the logs and which are dropped. |
RedactedFields | The parts of the request that you want to keep out of the logs. |
ResourceArn | The Amazon Resource Name (ARN) of the web ACL that you want to associate with |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnLoggingConfiguration(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnLoggingConfiguration(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnLoggingConfiguration(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnLoggingConfiguration(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
CfnLoggingConfiguration(Construct, String, ICfnLoggingConfigurationProps)
public CfnLoggingConfiguration(Construct scope, string id, ICfnLoggingConfigurationProps props)
Parameters
- scope Constructs.Construct
Scope in which this resource is defined.
- id System.String
Construct identifier for this resource (unique in its scope).
- props ICfnLoggingConfigurationProps
Resource properties.
Properties
AttrManagedByFirewallManager
Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.
public virtual IResolvable AttrManagedByFirewallManager { get; }
Property Value
Remarks
If true, only Firewall Manager can modify or delete the configuration.
CloudformationAttribute: ManagedByFirewallManager
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
LogDestinationConfigs
The logging destination configuration that you want to associate with the web ACL.
public virtual string[] LogDestinationConfigs { get; set; }
Property Value
System.String[]
LoggingFilter
Filtering that specifies which web requests are kept in the logs and which are dropped.
public virtual object LoggingFilter { get; set; }
Property Value
System.Object
RedactedFields
The parts of the request that you want to keep out of the logs.
public virtual object RedactedFields { get; set; }
Property Value
System.Object
ResourceArn
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs
.
public virtual string ResourceArn { get; set; }
Property Value
System.String
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>