Class CfnLoggingConfiguration
A CloudFormation AWS::WAFv2::LoggingConfiguration
.
Inherited Members
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.AWS.WAFv2.dll
Syntax (csharp)
public class CfnLoggingConfiguration : CfnResource, IConstruct, IDependable, IInspectable
Syntax (vb)
Public Class CfnLoggingConfiguration
Inherits CfnResource
Implements IConstruct, IDependable, IInspectable
Remarks
Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
The name that you give the destination must start with aws-waf-logs-
. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .
When you successfully enable logging using a PutLoggingConfiguration
request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .
CloudformationResource: AWS::WAFv2::LoggingConfiguration
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var jsonBody;
var loggingFilter;
var method;
var queryString;
var singleHeader;
var uriPath;
var cfnLoggingConfiguration = new CfnLoggingConfiguration(this, "MyCfnLoggingConfiguration", new CfnLoggingConfigurationProps {
LogDestinationConfigs = new [] { "logDestinationConfigs" },
ResourceArn = "resourceArn",
// the properties below are optional
LoggingFilter = loggingFilter,
RedactedFields = new [] { new FieldToMatchProperty {
JsonBody = jsonBody,
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
UriPath = uriPath
} }
});
Synopsis
Constructors
CfnLoggingConfiguration(Construct, String, ICfnLoggingConfigurationProps) | Create a new |
CfnLoggingConfiguration(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnLoggingConfiguration(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
AttrManagedByFirewallManager | Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration. |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
LogDestinationConfigs | The logging destination configuration that you want to associate with the web ACL. |
LoggingFilter | Filtering that specifies which web requests are kept in the logs and which are dropped. |
RedactedFields | The parts of the request that you want to keep out of the logs. |
ResourceArn | The Amazon Resource Name (ARN) of the web ACL that you want to associate with |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnLoggingConfiguration(Construct, String, ICfnLoggingConfigurationProps)
Create a new AWS::WAFv2::LoggingConfiguration
.
public CfnLoggingConfiguration(Construct scope, string id, ICfnLoggingConfigurationProps props)
Parameters
- scope Construct
- scope in which this resource is defined.
- id System.String
- scoped id of the resource.
- props ICfnLoggingConfigurationProps
- resource properties.
CfnLoggingConfiguration(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnLoggingConfiguration(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnLoggingConfiguration(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnLoggingConfiguration(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
AttrManagedByFirewallManager
Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.
public virtual IResolvable AttrManagedByFirewallManager { get; }
Property Value
Remarks
If true, only Firewall Manager can modify or delete the configuration.
CloudformationAttribute: ManagedByFirewallManager
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
LogDestinationConfigs
The logging destination configuration that you want to associate with the web ACL.
public virtual string[] LogDestinationConfigs { get; set; }
Property Value
System.String[]
Remarks
You can associate one logging destination to a web ACL.
LoggingFilter
Filtering that specifies which web requests are kept in the logs and which are dropped.
public virtual object LoggingFilter { get; set; }
Property Value
System.Object
Remarks
You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
RedactedFields
The parts of the request that you want to keep out of the logs.
public virtual object RedactedFields { get; set; }
Property Value
System.Object
Remarks
For example, if you redact the SingleHeader
field, the HEADER
field in the logs will be REDACTED
for all rules that use the SingleHeader
FieldToMatch
setting.
Redaction applies only to the component that's specified in the rule's FieldToMatch
setting, so the SingleHeader
redaction doesn't apply to rules that use the Headers
FieldToMatch
.
You can specify only the following fields for redaction: UriPath
, QueryString
, SingleHeader
, and Method
.
ResourceArn
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs
.
public virtual string ResourceArn { get; set; }
Property Value
System.String
Remarks
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
- tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>