CfnLoggingConfiguration

class aws_cdk.aws_wafv2.CfnLoggingConfiguration(scope, id, *, log_destination_configs, resource_arn, logging_filter=None, redacted_fields=None)

Bases: CfnResource

A CloudFormation AWS::WAFv2::LoggingConfiguration.

Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records. .. epigraph:

You can define one logging destination per web ACL.

You can access information about the traffic that AWS WAF inspects using the following steps:

  • Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

The name that you give the destination must start with aws-waf-logs- . Depending on the type of destination, you might need to configure additional settings or permissions.

For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the AWS WAF Developer Guide .

  • Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.

For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .

CloudformationResource:

AWS::WAFv2::LoggingConfiguration

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

# json_body: Any
# logging_filter: Any
# method: Any
# query_string: Any
# single_header: Any
# uri_path: Any

cfn_logging_configuration = wafv2.CfnLoggingConfiguration(self, "MyCfnLoggingConfiguration",
    log_destination_configs=["logDestinationConfigs"],
    resource_arn="resourceArn",

    # the properties below are optional
    logging_filter=logging_filter,
    redacted_fields=[wafv2.CfnLoggingConfiguration.FieldToMatchProperty(
        json_body=json_body,
        method=method,
        query_string=query_string,
        single_header=single_header,
        uri_path=uri_path
    )]
)

Create a new AWS::WAFv2::LoggingConfiguration.

Parameters:
  • scope (Construct) –

    • scope in which this resource is defined.

  • id (str) –

    • scoped id of the resource.

  • log_destination_configs (Sequence[str]) – The logging destination configuration that you want to associate with the web ACL. .. epigraph:: You can associate one logging destination to a web ACL.

  • resource_arn (str) – The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs .

  • logging_filter (Optional[Any]) – Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.

  • redacted_fields (Union[IResolvable, Sequence[Union[IResolvable, FieldToMatchProperty, Dict[str, Any]]], None]) – The parts of the request that you want to keep out of the logs. For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting. Redaction applies only to the component that’s specified in the rule’s FieldToMatch setting, so the SingleHeader redaction doesn’t apply to rules that use the Headers FieldToMatch . .. epigraph:: You can specify only the following fields for redaction: UriPath , QueryString , SingleHeader , and Method .

Methods

add_deletion_override(path)

Syntactic sugar for addOverride(path, undefined).

Parameters:

path (str) – The path of the value to delete.

Return type:

None

add_depends_on(target)

Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.

This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.

Parameters:

target (CfnResource) –

Return type:

None

add_metadata(key, value)

Add a value to the CloudFormation Resource Metadata.

Parameters:
  • key (str) –

  • value (Any) –

See:

Return type:

None

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

add_override(path, value)

Adds an override to the synthesized CloudFormation resource.

To add a property override, either use addPropertyOverride or prefix path with “Properties.” (i.e. Properties.TopicName).

If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.

To include a literal . in the property name, prefix with a \. In most programming languages you will need to write this as "\\." because the \ itself will need to be escaped.

For example:

cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"])
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")

would add the overrides Example:

"Properties": {
   "GlobalSecondaryIndexes": [
     {
       "Projection": {
         "NonKeyAttributes": [ "myattribute" ]
         ...
       }
       ...
     },
     {
       "ProjectionType": "INCLUDE"
       ...
     },
   ]
   ...
}

The value argument to addOverride will not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.

Parameters:
  • path (str) –

    • The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.

  • value (Any) –

    • The value. Could be primitive or complex.

Return type:

None

add_property_deletion_override(property_path)

Adds an override that deletes the value of a property from the resource definition.

Parameters:

property_path (str) – The path to the property.

Return type:

None

add_property_override(property_path, value)

Adds an override to a resource property.

Syntactic sugar for addOverride("Properties.<...>", value).

Parameters:
  • property_path (str) – The path of the property.

  • value (Any) – The value.

Return type:

None

apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)

Sets the deletion policy of the resource based on the removal policy specified.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:
  • policy (Optional[RemovalPolicy]) –

  • apply_to_update_replace_policy (Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: true

  • default (Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resoure, please consult that specific resource’s documentation.

Return type:

None

get_att(attribute_name)

Returns a token for an runtime attribute of this resource.

Ideally, use generated attribute accessors (e.g. resource.arn), but this can be used for future compatibility in case there is no generated attribute.

Parameters:

attribute_name (str) – The name of the attribute.

Return type:

Reference

get_metadata(key)

Retrieve a value value from the CloudFormation Resource Metadata.

Parameters:

key (str) –

See:

Return type:

Any

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html

Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.

inspect(inspector)

Examines the CloudFormation resource and discloses attributes.

Parameters:

inspector (TreeInspector) –

  • tree inspector to collect and process attributes.

Return type:

None

override_logical_id(new_logical_id)

Overrides the auto-generated logical ID with a specific ID.

Parameters:

new_logical_id (str) – The new logical ID to use for this stack element.

Return type:

None

to_string()

Returns a string representation of this construct.

Return type:

str

Returns:

a string representation of this resource

Attributes

CFN_RESOURCE_TYPE_NAME = 'AWS::WAFv2::LoggingConfiguration'
attr_managed_by_firewall_manager

Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.

If true, only Firewall Manager can modify or delete the configuration.

CloudformationAttribute:

ManagedByFirewallManager

cfn_options

Options for this resource, such as condition, update policy etc.

cfn_resource_type

AWS resource type.

creation_stack

return:

the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.

log_destination_configs

The logging destination configuration that you want to associate with the web ACL.

You can associate one logging destination to a web ACL.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-logdestinationconfigs

logging_filter

Filtering that specifies which web requests are kept in the logs and which are dropped.

You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-loggingfilter

logical_id

The logical ID for this CloudFormation stack element.

The logical ID of the element is calculated from the path of the resource node in the construct tree.

To override this value, use overrideLogicalId(newLogicalId).

Returns:

the logical ID as a stringified token. This value will only get resolved during synthesis.

node

The construct tree node associated with this construct.

redacted_fields

The parts of the request that you want to keep out of the logs.

For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.

Redaction applies only to the component that’s specified in the rule’s FieldToMatch setting, so the SingleHeader redaction doesn’t apply to rules that use the Headers FieldToMatch . .. epigraph:

You can specify only the following fields for redaction: ``UriPath`` , ``QueryString`` , ``SingleHeader`` , and ``Method`` .
Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-redactedfields

ref

Return a string that will be resolved to a CloudFormation { Ref } for this element.

If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through Lazy.any({ produce: resource.ref }).

resource_arn

The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-resourcearn

stack

The stack in which this element is defined.

CfnElements must be defined within a stack scope (directly or indirectly).

Static Methods

classmethod is_cfn_element(x)

Returns true if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of instanceof to allow stack elements from different versions of this library to be included in the same stack.

Parameters:

x (Any) –

Return type:

bool

Returns:

The construct as a stack element or undefined if it is not a stack element.

classmethod is_cfn_resource(construct)

Check whether the given construct is a CfnResource.

Parameters:

construct (IConstruct) –

Return type:

bool

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters:

x (Any) –

Return type:

bool

ActionConditionProperty

class CfnLoggingConfiguration.ActionConditionProperty(*, action)

Bases: object

A single action condition for a condition in a logging filter.

Parameters:

action (str) – The action setting that a log record must contain in order to meet the condition. This is the action that AWS WAF applied to the web request. For rule groups, this is either the configured rule action setting, or if you’ve applied a rule action override to the rule, it’s the override action. The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that have a rule action override of Count.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-actioncondition.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

action_condition_property = wafv2.CfnLoggingConfiguration.ActionConditionProperty(
    action="action"
)

Attributes

action

The action setting that a log record must contain in order to meet the condition.

This is the action that AWS WAF applied to the web request.

For rule groups, this is either the configured rule action setting, or if you’ve applied a rule action override to the rule, it’s the override action. The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that have a rule action override of Count.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-actioncondition.html#cfn-wafv2-loggingconfiguration-actioncondition-action

ConditionProperty

class CfnLoggingConfiguration.ConditionProperty(*, action_condition=None, label_name_condition=None)

Bases: object

A single match condition for a log filter.

Parameters:
  • action_condition (Union[IResolvable, ActionConditionProperty, Dict[str, Any], None]) – A single action condition. This is the action setting that a log record must contain in order to meet the condition.

  • label_name_condition (Union[IResolvable, LabelNameConditionProperty, Dict[str, Any], None]) – A single label name condition. This is the fully qualified label name that a log record must contain in order to meet the condition. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

condition_property = wafv2.CfnLoggingConfiguration.ConditionProperty(
    action_condition=wafv2.CfnLoggingConfiguration.ActionConditionProperty(
        action="action"
    ),
    label_name_condition=wafv2.CfnLoggingConfiguration.LabelNameConditionProperty(
        label_name="labelName"
    )
)

Attributes

action_condition

A single action condition.

This is the action setting that a log record must contain in order to meet the condition.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html#cfn-wafv2-loggingconfiguration-condition-actioncondition

label_name_condition

A single label name condition.

This is the fully qualified label name that a log record must contain in order to meet the condition. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html#cfn-wafv2-loggingconfiguration-condition-labelnamecondition

FieldToMatchProperty

class CfnLoggingConfiguration.FieldToMatchProperty(*, json_body=None, method=None, query_string=None, single_header=None, uri_path=None)

Bases: object

The parts of the request that you want to keep out of the logs.

This is used in the logging configuration RedactedFields specification.

Example JSON for a QueryString field to match:

"FieldToMatch": { "QueryString": {} }

Example JSON for a Method field to match specification:

"FieldToMatch": { "Method": { "Name": "DELETE" } }

Parameters:
  • json_body (Optional[Any]) – Redact the request body JSON.

  • method (Optional[Any]) – Redact the indicated HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

  • query_string (Optional[Any]) – Redact the query string. This is the part of a URL that appears after a ? character, if any.

  • single_header (Optional[Any]) – Redact a single header. Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn’t case sensitive. Example JSON: "SingleHeader": { "Name": "haystack" }

  • uri_path (Optional[Any]) – Redact the request URI path. This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

# json_body: Any
# method: Any
# query_string: Any
# single_header: Any
# uri_path: Any

field_to_match_property = wafv2.CfnLoggingConfiguration.FieldToMatchProperty(
    json_body=json_body,
    method=method,
    query_string=query_string,
    single_header=single_header,
    uri_path=uri_path
)

Attributes

json_body

Redact the request body JSON.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-jsonbody

method

Redact the indicated HTTP method.

The method indicates the type of operation that the request is asking the origin to perform.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-method

query_string

Redact the query string.

This is the part of a URL that appears after a ? character, if any.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-querystring

single_header

Redact a single header.

Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn’t case sensitive.

Example JSON: "SingleHeader": { "Name": "haystack" }

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-singleheader

uri_path

Redact the request URI path.

This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-uripath

FilterProperty

class CfnLoggingConfiguration.FilterProperty(*, behavior, conditions, requirement)

Bases: object

A single logging filter, used in LoggingFilter .

Parameters:
  • behavior (str) – How to handle logs that satisfy the filter’s conditions and requirement.

  • conditions (Union[IResolvable, Sequence[Union[IResolvable, ConditionProperty, Dict[str, Any]]]]) – Match conditions for the filter.

  • requirement (str) – Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

filter_property = wafv2.CfnLoggingConfiguration.FilterProperty(
    behavior="behavior",
    conditions=[wafv2.CfnLoggingConfiguration.ConditionProperty(
        action_condition=wafv2.CfnLoggingConfiguration.ActionConditionProperty(
            action="action"
        ),
        label_name_condition=wafv2.CfnLoggingConfiguration.LabelNameConditionProperty(
            label_name="labelName"
        )
    )],
    requirement="requirement"
)

Attributes

behavior

How to handle logs that satisfy the filter’s conditions and requirement.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-behavior

conditions

Match conditions for the filter.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-conditions

requirement

Logic to apply to the filtering conditions.

You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-requirement

JsonBodyProperty

class CfnLoggingConfiguration.JsonBodyProperty(*, match_pattern, match_scope, invalid_fallback_behavior=None)

Bases: object

Inspect the body of the web request as JSON. The body immediately follows the request headers.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule’s inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate.

Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }

Parameters:
  • match_pattern (Union[IResolvable, MatchPatternProperty, Dict[str, Any]]) – The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.

  • match_scope (str) – The parts of the JSON to match against using the MatchPattern . If you specify All , AWS WAF matches against keys and values.

  • invalid_fallback_behavior (Optional[str]) – What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - EVALUATE_AS_STRING - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - NO_MATCH - Treat the web request as not matching the rule statement. If you don’t provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn’t an object or an array. AWS WAF parses the JSON in the following examples as two valid key, value pairs: - Missing comma: {"key1":"value1""key2":"value2"} - Missing colon: {"key1":"value1","key2""value2"} - Extra colons: {"key1"::"value1","key2""value2"}

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

# all: Any

json_body_property = wafv2.CfnLoggingConfiguration.JsonBodyProperty(
    match_pattern=wafv2.CfnLoggingConfiguration.MatchPatternProperty(
        all=all,
        included_paths=["includedPaths"]
    ),
    match_scope="matchScope",

    # the properties below are optional
    invalid_fallback_behavior="invalidFallbackBehavior"
)

Attributes

invalid_fallback_behavior

.

  • EVALUATE_AS_STRING - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.

  • MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.

  • NO_MATCH - Treat the web request as not matching the rule statement.

If you don’t provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.

AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn’t an object or an array.

AWS WAF parses the JSON in the following examples as two valid key, value pairs:

  • Missing comma: {"key1":"value1""key2":"value2"}

  • Missing colon: {"key1":"value1","key2""value2"}

  • Extra colons: {"key1"::"value1","key2""value2"}

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html#cfn-wafv2-loggingconfiguration-jsonbody-invalidfallbackbehavior

Type:

What AWS WAF should do if it fails to completely parse the JSON body. The options are the following

match_pattern

The patterns to look for in the JSON body.

AWS WAF inspects the results of these pattern matches against the rule inspection criteria.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html#cfn-wafv2-loggingconfiguration-jsonbody-matchpattern

match_scope

The parts of the JSON to match against using the MatchPattern .

If you specify All , AWS WAF matches against keys and values.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html#cfn-wafv2-loggingconfiguration-jsonbody-matchscope

LabelNameConditionProperty

class CfnLoggingConfiguration.LabelNameConditionProperty(*, label_name)

Bases: object

A single label name condition for a condition in a logging filter.

Parameters:

label_name (str) – The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-labelnamecondition.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

label_name_condition_property = wafv2.CfnLoggingConfiguration.LabelNameConditionProperty(
    label_name="labelName"
)

Attributes

label_name

The label name that a log record must contain in order to meet the condition.

This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-labelnamecondition.html#cfn-wafv2-loggingconfiguration-labelnamecondition-labelname

LoggingFilterProperty

class CfnLoggingConfiguration.LoggingFilterProperty(*, default_behavior, filters)

Bases: object

Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL’s LoggingConfiguration .

You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.

Parameters:
  • default_behavior (str) – Default handling for logs that don’t match any of the specified filtering conditions.

  • filters (Union[IResolvable, Sequence[Union[IResolvable, FilterProperty, Dict[str, Any]]]]) – The filters that you want to apply to the logs.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

logging_filter_property = wafv2.CfnLoggingConfiguration.LoggingFilterProperty(
    default_behavior="defaultBehavior",
    filters=[wafv2.CfnLoggingConfiguration.FilterProperty(
        behavior="behavior",
        conditions=[wafv2.CfnLoggingConfiguration.ConditionProperty(
            action_condition=wafv2.CfnLoggingConfiguration.ActionConditionProperty(
                action="action"
            ),
            label_name_condition=wafv2.CfnLoggingConfiguration.LabelNameConditionProperty(
                label_name="labelName"
            )
        )],
        requirement="requirement"
    )]
)

Attributes

default_behavior

Default handling for logs that don’t match any of the specified filtering conditions.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html#cfn-wafv2-loggingconfiguration-loggingfilter-defaultbehavior

filters

The filters that you want to apply to the logs.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html#cfn-wafv2-loggingconfiguration-loggingfilter-filters

MatchPatternProperty

class CfnLoggingConfiguration.MatchPatternProperty(*, all=None, included_paths=None)

Bases: object

The patterns to look for in the JSON body.

AWS WAF inspects the results of these pattern matches against the rule inspection criteria.

Parameters:
  • all (Optional[Any]) – Match all of the elements. You must specify either this setting or the IncludedPaths setting, but not both.

  • included_paths (Optional[Sequence[str]]) – Match only the specified include paths. Provide the include paths using JSON Pointer syntax. For example, "IncludedPaths": ["/dogs/0/name", "/dogs/1/name"] . For information about this syntax, see the Internet Engineering Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer . You must specify either this setting or the All setting, but not both. .. epigraph:: Don’t use this option to include all paths. Instead, use the All setting.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-matchpattern.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

# all: Any

match_pattern_property = wafv2.CfnLoggingConfiguration.MatchPatternProperty(
    all=all,
    included_paths=["includedPaths"]
)

Attributes

all

Match all of the elements.

You must specify either this setting or the IncludedPaths setting, but not both.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-matchpattern.html#cfn-wafv2-loggingconfiguration-matchpattern-all

included_paths

Match only the specified include paths.

Provide the include paths using JSON Pointer syntax. For example, "IncludedPaths": ["/dogs/0/name", "/dogs/1/name"] . For information about this syntax, see the Internet Engineering Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer .

You must specify either this setting or the All setting, but not both. .. epigraph:

Don't use this option to include all paths. Instead, use the ``All`` setting.
Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-matchpattern.html#cfn-wafv2-loggingconfiguration-matchpattern-includedpaths

SingleHeaderProperty

class CfnLoggingConfiguration.SingleHeaderProperty(*, name)

Bases: object

Inspect one of the headers in the web request, identified by name, for example, User-Agent or Referer .

The name isn’t case sensitive.

You can filter and inspect all headers with the FieldToMatch setting Headers .

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Example JSON: "SingleHeader": { "Name": "haystack" }

Parameters:

name (str) – The name of the query header to inspect.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-singleheader.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_wafv2 as wafv2

single_header_property = wafv2.CfnLoggingConfiguration.SingleHeaderProperty(
    name="name"
)

Attributes

name

The name of the query header to inspect.

Link:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-singleheader.html#cfn-wafv2-loggingconfiguration-singleheader-name