SetLogDeliveryConfiguration - Amazon Cognito User Pools
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SetLogDeliveryConfiguration

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.

Request Syntax

{ "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "string" }, "EventSource": "string", "FirehoseConfiguration": { "StreamArn": "string" }, "LogLevel": "string", "S3Configuration": { "BucketArn": "string" } } ], "UserPoolId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

LogConfigurations

A collection of the logging configurations for a user pool.

Type: Array of LogConfigurationType objects

Array Members: Minimum number of 0 items. Maximum number of 2 items.

Required: Yes

UserPoolId

The ID of the user pool where you want to configure logging.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{ "LogDeliveryConfiguration": { "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "string" }, "EventSource": "string", "FirehoseConfiguration": { "StreamArn": "string" }, "LogLevel": "string", "S3Configuration": { "BucketArn": "string" } } ], "UserPoolId": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

LogDeliveryConfiguration

The logging configuration that you applied to the requested user pool.

Type: LogDeliveryConfigurationType object

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user isn't authorized.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service can't find the requested resource.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

Examples

Example

A SetLogDeliveryConfiguration request that exports userNotification logs to a log group and userAuthEvents logs to an Amazon S3 bucket.

Sample Request

POST HTTP/1.1 Host: cognito-idp.us-east-1.amazonaws.com X-Amz-Date: 20230613T200059Z Accept-Encoding: gzip, deflate, br X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration User-Agent: <UserAgentString> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature> Content-Length: <PayloadSizeBytes> { "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported" }, "EventSource": "userNotification", "LogLevel": "ERROR" }, { "EventSource": "userAuthEvents", "LogLevel": "INFO", "S3Configuration": { "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1" } } ], "UserPoolId": "us-west-2_EXAMPLE" }

Sample Response

HTTP/1.1 200 OK Date: Tue, 13 Jun 2023 20:00:59 GMT Content-Type: application/x-amz-json-1.0 Content-Length: <PayloadSizeBytes> x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111 Connection: keep-alive { "LogDeliveryConfiguration": { "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported" }, "EventSource": "userNotification", "LogLevel": "ERROR" }, { "EventSource": "userAuthEvents", "LogLevel": "INFO", "S3Configuration": { "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1" } } ], "UserPoolId": "us-west-2_EXAMPLE" } }

Example

A SetLogDeliveryConfiguration request that exports userAuthEvents events to a Firehose stream and userNotification events to a CloudWatch log group.

Sample Request

POST HTTP/1.1 Host: cognito-idp.us-west-2.amazonaws.com X-Amz-Date: 20230613T200059Z Accept-Encoding: gzip, deflate, br X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration User-Agent: <UserAgentString> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature> Content-Length: <PayloadSizeBytes> { "LogConfigurations": [ { "EventSource": "userAuthEvents", "FirehoseConfiguration": { "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported" }, "LogLevel": "INFO" } ], [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported" }, "EventSource": "userNotification", "LogLevel": "ERROR" } ], "UserPoolId": "us-west-2_EXAMPLE" }

Sample Response

HTTP/1.1 200 OK Date: Tue, 13 Jun 2023 20:00:59 GMT Content-Type: application/x-amz-json-1.0 Content-Length: <PayloadSizeBytes> x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111 Connection: keep-alive { "LogDeliveryConfiguration": { "LogConfigurations": [ { "CloudWatchLogsConfiguration": { "LogGroupArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported" }, "EventSource": "userNotification", "LogLevel": "ERROR" }, { "EventSource": "userAuthEvents", "FirehoseConfiguration": { "StreamArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported" }, "LogLevel": "INFO" } ], "UserPoolId": "us-west-2_EXAMPLE" } }

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: