Class CfnLoggingConfiguration
Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF .
Inherited Members
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnLoggingConfiguration : CfnResource, IInspectable, ILoggingConfigurationRef, IConstruct, IDependable, IEnvironmentAwareSyntax (vb)
Public Class CfnLoggingConfiguration Inherits CfnResource Implements IInspectable, ILoggingConfigurationRef, IConstruct, IDependable, IEnvironmentAwareRemarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var jsonBody;
var loggingFilter;
var method;
var queryString;
var singleHeader;
var uriPath;
var cfnLoggingConfiguration = new CfnLoggingConfiguration(this, "MyCfnLoggingConfiguration", new CfnLoggingConfigurationProps {
LogDestinationConfigs = new [] { "logDestinationConfigs" },
ResourceArn = "resourceArn",
// the properties below are optional
LoggingFilter = loggingFilter,
RedactedFields = new [] { new FieldToMatchProperty {
JsonBody = jsonBody,
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
UriPath = uriPath
} }
});Synopsis
Constructors
| CfnLoggingConfiguration(Construct, string, ICfnLoggingConfigurationProps) | Create a new |
Properties
| AttrManagedByFirewallManager | Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration. |
| CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
| CfnProperties | Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . |
| LogDestinationConfigs | The logging destination configuration that you want to associate with the web ACL. |
| LoggingConfigurationRef | A reference to a LoggingConfiguration resource. |
| LoggingFilter | Filtering that specifies which web requests are kept in the logs and which are dropped. |
| RedactedFields | The parts of the request that you want to keep out of the logs. |
| ResourceArn | The Amazon Resource Name (ARN) of the web ACL that you want to associate with |
Methods
| Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
| IsCfnLoggingConfiguration(object) | Checks whether the given object is a CfnLoggingConfiguration. |
| RenderProperties(IDictionary<string, object>) | Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . |
Constructors
CfnLoggingConfiguration(Construct, string, ICfnLoggingConfigurationProps)
Create a new AWS::WAFv2::LoggingConfiguration.
public CfnLoggingConfiguration(Construct scope, string id, ICfnLoggingConfigurationProps props)Parameters
- scope Construct
Scope in which this resource is defined.
- id string
Construct identifier for this resource (unique in its scope).
- props ICfnLoggingConfigurationProps
Resource properties.
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
Properties
AttrManagedByFirewallManager
Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.
public virtual IResolvable AttrManagedByFirewallManager { get; }Property Value
Remarks
If true, only Firewall Manager can modify or delete the configuration.
CloudformationAttribute: ManagedByFirewallManager
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }Property Value
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
CfnProperties
Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF .
protected override IDictionary<string, object> CfnProperties { get; }Property Value
Overrides
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
LogDestinationConfigs
The logging destination configuration that you want to associate with the web ACL.
public virtual string[] LogDestinationConfigs { get; set; }Property Value
string[]
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
LoggingConfigurationRef
A reference to a LoggingConfiguration resource.
public virtual ILoggingConfigurationReference LoggingConfigurationRef { get; }Property Value
ILoggingConfigurationReference
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
LoggingFilter
Filtering that specifies which web requests are kept in the logs and which are dropped.
public virtual object LoggingFilter { get; set; }Property Value
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
RedactedFields
The parts of the request that you want to keep out of the logs.
public virtual object? RedactedFields { get; set; }Property Value
Remarks
Type union: either IResolvable or (either IResolvable or CfnLoggingConfiguration.IFieldToMatchProperty)[]
ResourceArn
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs .
public virtual string ResourceArn { get; set; }Property Value
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
IsCfnLoggingConfiguration(object)
Checks whether the given object is a CfnLoggingConfiguration.
public static bool IsCfnLoggingConfiguration(object x)Parameters
- x object
Returns
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
RenderProperties(IDictionary<string, object>)
Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF .
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)Parameters
- props IDictionary<string, object>
Returns
Overrides
Remarks
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated