Class CfnLoggingConfiguration
- All Implemented Interfaces:
IInspectable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
- Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
The name that you give the destination must start with aws-waf-logs-
. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
- Associate your logging destination to your web ACL using a
PutLoggingConfiguration
request.
When you successfully enable logging using a PutLoggingConfiguration
request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.wafv2.*; Object jsonBody; Object loggingFilter; Object method; Object queryString; Object singleHeader; Object uriPath; CfnLoggingConfiguration cfnLoggingConfiguration = CfnLoggingConfiguration.Builder.create(this, "MyCfnLoggingConfiguration") .logDestinationConfigs(List.of("logDestinationConfigs")) .resourceArn("resourceArn") // the properties below are optional .loggingFilter(loggingFilter) .redactedFields(List.of(FieldToMatchProperty.builder() .jsonBody(jsonBody) .method(method) .queryString(queryString) .singleHeader(singleHeader) .uriPath(uriPath) .build())) .build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interface
A single action condition for a condition in a logging filter.static final class
A fluent builder forCfnLoggingConfiguration
.static interface
A single match condition for a log filter.static interface
The parts of the request that you want to keep out of the logs.static interface
A single logging filter, used inLoggingFilter
.static interface
Example:static interface
A single label name condition for a condition in a logging filter.static interface
Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL'sLoggingConfiguration
.static interface
Example:static interface
Inspect one of the headers in the web request, identified by name, for example,User-Agent
orReferer
.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotected
CfnLoggingConfiguration
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnLoggingConfiguration
(software.amazon.jsii.JsiiObjectRef objRef) CfnLoggingConfiguration
(software.constructs.Construct scope, String id, CfnLoggingConfigurationProps props) -
Method Summary
Modifier and TypeMethodDescriptionIndicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.The logging destination configuration that you want to associate with the web ACL.Filtering that specifies which web requests are kept in the logs and which are dropped.The parts of the request that you want to keep out of the logs.The Amazon Resource Name (ARN) of the web ACL that you want to associate withLogDestinationConfigs
.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setLogDestinationConfigs
(List<String> value) The logging destination configuration that you want to associate with the web ACL.void
setLoggingFilter
(Object value) Filtering that specifies which web requests are kept in the logs and which are dropped.void
setRedactedFields
(List<Object> value) The parts of the request that you want to keep out of the logs.void
setRedactedFields
(IResolvable value) The parts of the request that you want to keep out of the logs.void
setResourceArn
(String value) The Amazon Resource Name (ARN) of the web ACL that you want to associate withLogDestinationConfigs
.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnLoggingConfiguration
protected CfnLoggingConfiguration(software.amazon.jsii.JsiiObjectRef objRef) -
CfnLoggingConfiguration
protected CfnLoggingConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnLoggingConfiguration
@Stability(Stable) public CfnLoggingConfiguration(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnLoggingConfigurationProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrManagedByFirewallManager
Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.If true, only Firewall Manager can modify or delete the configuration.
-
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getLogDestinationConfigs
The logging destination configuration that you want to associate with the web ACL. -
setLogDestinationConfigs
The logging destination configuration that you want to associate with the web ACL. -
getResourceArn
The Amazon Resource Name (ARN) of the web ACL that you want to associate withLogDestinationConfigs
. -
setResourceArn
The Amazon Resource Name (ARN) of the web ACL that you want to associate withLogDestinationConfigs
. -
getLoggingFilter
Filtering that specifies which web requests are kept in the logs and which are dropped. -
setLoggingFilter
Filtering that specifies which web requests are kept in the logs and which are dropped. -
getRedactedFields
The parts of the request that you want to keep out of the logs. -
setRedactedFields
The parts of the request that you want to keep out of the logs. -
setRedactedFields
The parts of the request that you want to keep out of the logs.
-