CfnLoggingConfigurationPropsMixin

class aws_cdk.mixins_preview.aws_wafv2.mixins.CfnLoggingConfigurationPropsMixin(props, *, strategy=None)

Bases: Mixin

Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF .

As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs. .. epigraph:

You can define one logging destination per web ACL.

You can access information about the traffic that AWS WAF inspects using the following steps:

Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.

For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .

Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.

For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html
CloudformationResource:: AWS::WAFv2::LoggingConfiguration
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

# json_body: Any
# logging_filter: Any
# method: Any
# query_string: Any
# single_header: Any
# uri_path: Any

cfn_logging_configuration_props_mixin = wafv2_mixins.CfnLoggingConfigurationPropsMixin(wafv2_mixins.CfnLoggingConfigurationMixinProps(
    log_destination_configs=["logDestinationConfigs"],
    logging_filter=logging_filter,
    redacted_fields=[wafv2_mixins.CfnLoggingConfigurationPropsMixin.FieldToMatchProperty(
        json_body=json_body,
        method=method,
        query_string=query_string,
        single_header=single_header,
        uri_path=uri_path
    )],
    resource_arn="resourceArn"
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::WAFv2::LoggingConfiguration.

Parameters:

props (Union[CfnLoggingConfigurationMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['logDestinationConfigs', 'loggingFilter', 'redactedFields', 'resourceArn']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental

ActionConditionProperty

class CfnLoggingConfigurationPropsMixin.ActionConditionProperty(*, action=None)

Bases: object

A single action condition for a condition in a logging filter.

Parameters:: action (Optional[str]) – The action setting that a log record must contain in order to meet the condition. This is the action that AWS WAF applied to the web request. For rule groups, this is either the configured rule action setting, or if you’ve applied a rule action override to the rule, it’s the override action. The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that have a rule action override of Count.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-actioncondition.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

action_condition_property = wafv2_mixins.CfnLoggingConfigurationPropsMixin.ActionConditionProperty(
    action="action"
)

Attributes

action

The action setting that a log record must contain in order to meet the condition.

This is the action that AWS WAF applied to the web request.

For rule groups, this is either the configured rule action setting, or if you’ve applied a rule action override to the rule, it’s the override action. The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that have a rule action override of Count.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-actioncondition.html#cfn-wafv2-loggingconfiguration-actioncondition-action

ConditionProperty

class CfnLoggingConfigurationPropsMixin.ConditionProperty(*, action_condition=None, label_name_condition=None)

Bases: object

A single match condition for a log filter.

Parameters:

action_condition (Union[IResolvable, ActionConditionProperty, Dict[str, Any], None]) – A single action condition. This is the action setting that a log record must contain in order to meet the condition.
label_name_condition (Union[IResolvable, LabelNameConditionProperty, Dict[str, Any], None]) – A single label name condition. This is the fully qualified label name that a log record must contain in order to meet the condition. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

condition_property = wafv2_mixins.CfnLoggingConfigurationPropsMixin.ConditionProperty(
    action_condition=wafv2_mixins.CfnLoggingConfigurationPropsMixin.ActionConditionProperty(
        action="action"
    ),
    label_name_condition=wafv2_mixins.CfnLoggingConfigurationPropsMixin.LabelNameConditionProperty(
        label_name="labelName"
    )
)

Attributes

action_condition

A single action condition.

This is the action setting that a log record must contain in order to meet the condition.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html#cfn-wafv2-loggingconfiguration-condition-actioncondition

label_name_condition

A single label name condition.

This is the fully qualified label name that a log record must contain in order to meet the condition. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html#cfn-wafv2-loggingconfiguration-condition-labelnamecondition

FieldToMatchProperty

class CfnLoggingConfigurationPropsMixin.FieldToMatchProperty(*, json_body=None, method=None, query_string=None, single_header=None, uri_path=None)

Bases: object

The parts of the request that you want to keep out of the logs.

This is used in the logging configuration RedactedFields specification.

Example JSON for a QueryString field to match:

"FieldToMatch": { "QueryString": {} }

Example JSON for a Method field to match specification:

"FieldToMatch": { "Method": { "Name": "DELETE" } }

Parameters:

json_body (Any)
method (Any) – Redact the indicated HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string (Any) – Redact the query string. This is the part of a URL that appears after a ? character, if any.
single_header (Any) – Redact a single header. Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn’t case sensitive. Example JSON: "SingleHeader": { "Name": "haystack" }
uri_path (Any) – Redact the request URI path. This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

# json_body: Any
# method: Any
# query_string: Any
# single_header: Any
# uri_path: Any

field_to_match_property = wafv2_mixins.CfnLoggingConfigurationPropsMixin.FieldToMatchProperty(
    json_body=json_body,
    method=method,
    query_string=query_string,
    single_header=single_header,
    uri_path=uri_path
)

Attributes

json_body

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-jsonbody

Type:: see

method

Redact the indicated HTTP method.

The method indicates the type of operation that the request is asking the origin to perform.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-method

query_string

Redact the query string.

This is the part of a URL that appears after a ? character, if any.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-querystring

single_header

Redact a single header.

Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn’t case sensitive.

Example JSON: "SingleHeader": { "Name": "haystack" }

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-singleheader

uri_path

Redact the request URI path.

This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-uripath

FilterProperty

class CfnLoggingConfigurationPropsMixin.FilterProperty(*, behavior=None, conditions=None, requirement=None)

Bases: object

A single logging filter, used in LoggingFilter .

Parameters:

behavior (Optional[str]) – How to handle logs that satisfy the filter’s conditions and requirement.
conditions (Union[IResolvable, Sequence[Union[IResolvable, ConditionProperty, Dict[str, Any]]], None]) – Match conditions for the filter.
requirement (Optional[str]) – Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

filter_property = wafv2_mixins.CfnLoggingConfigurationPropsMixin.FilterProperty(
    behavior="behavior",
    conditions=[wafv2_mixins.CfnLoggingConfigurationPropsMixin.ConditionProperty(
        action_condition=wafv2_mixins.CfnLoggingConfigurationPropsMixin.ActionConditionProperty(
            action="action"
        ),
        label_name_condition=wafv2_mixins.CfnLoggingConfigurationPropsMixin.LabelNameConditionProperty(
            label_name="labelName"
        )
    )],
    requirement="requirement"
)

Attributes

behavior

How to handle logs that satisfy the filter’s conditions and requirement.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-behavior

conditions

Match conditions for the filter.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-conditions

requirement

Logic to apply to the filtering conditions.

You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-requirement

LabelNameConditionProperty

class CfnLoggingConfigurationPropsMixin.LabelNameConditionProperty(*, label_name=None)

Bases: object

A single label name condition for a condition in a logging filter.

Parameters:: label_name (Optional[str]) – The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-labelnamecondition.html
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

label_name_condition_property = wafv2_mixins.CfnLoggingConfigurationPropsMixin.LabelNameConditionProperty(
    label_name="labelName"
)

Attributes

label_name

The label name that a log record must contain in order to meet the condition.

This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-labelnamecondition.html#cfn-wafv2-loggingconfiguration-labelnamecondition-labelname

LoggingFilterProperty

class CfnLoggingConfigurationPropsMixin.LoggingFilterProperty(*, default_behavior=None, filters=None)

Bases: object

Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL’s LoggingConfiguration .

You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.

Parameters:

default_behavior (Optional[str]) – Default handling for logs that don’t match any of the specified filtering conditions.
filters (Union[IResolvable, Sequence[Union[IResolvable, FilterProperty, Dict[str, Any]]], None]) – The filters that you want to apply to the logs.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins

logging_filter_property = wafv2_mixins.CfnLoggingConfigurationPropsMixin.LoggingFilterProperty(
    default_behavior="defaultBehavior",
    filters=[wafv2_mixins.CfnLoggingConfigurationPropsMixin.FilterProperty(
        behavior="behavior",
        conditions=[wafv2_mixins.CfnLoggingConfigurationPropsMixin.ConditionProperty(
            action_condition=wafv2_mixins.CfnLoggingConfigurationPropsMixin.ActionConditionProperty(
                action="action"
            ),
            label_name_condition=wafv2_mixins.CfnLoggingConfigurationPropsMixin.LabelNameConditionProperty(
                label_name="labelName"
            )
        )],
        requirement="requirement"
    )]
)

Attributes

default_behavior

Default handling for logs that don’t match any of the specified filtering conditions.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html#cfn-wafv2-loggingconfiguration-loggingfilter-defaultbehavior

filters

The filters that you want to apply to the logs.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html#cfn-wafv2-loggingconfiguration-loggingfilter-filters