SetLogDeliveryConfiguration - Amazon Cognito User Pools
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SetLogDeliveryConfiguration

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.

Request Syntax

{
   "LogConfigurations": [ 
      { 
         "CloudWatchLogsConfiguration": { 
            "LogGroupArn": "string"
         },
         "EventSource": "string",
         "FirehoseConfiguration": { 
            "StreamArn": "string"
         },
         "LogLevel": "string",
         "S3Configuration": { 
            "BucketArn": "string"
         }
      }
   ],
   "UserPoolId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

LogConfigurations

A collection of the logging configurations for a user pool.

Type: Array of LogConfigurationType objects

Array Members: Minimum number of 0 items. Maximum number of 2 items.

Required: Yes

UserPoolId

The ID of the user pool where you want to configure logging.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{
   "LogDeliveryConfiguration": { 
      "LogConfigurations": [ 
         { 
            "CloudWatchLogsConfiguration": { 
               "LogGroupArn": "string"
            },
            "EventSource": "string",
            "FirehoseConfiguration": { 
               "StreamArn": "string"
            },
            "LogLevel": "string",
            "S3Configuration": { 
               "BucketArn": "string"
            }
         }
      ],
      "UserPoolId": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

LogDeliveryConfiguration

The logging configuration that you applied to the requested user pool.

Type: LogDeliveryConfigurationType object

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

message

The message returned when Amazon Cognito throws an internal error exception.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

message

The message returned when the Amazon Cognito service throws an invalid parameter exception.

reasonCode

The reason code of the exception.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user isn't authorized.

message

The message returned when the Amazon Cognito service returns a not authorized exception.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service can't find the requested resource.

message

The message returned when the Amazon Cognito service returns a resource not found exception.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

message

The message returned when the Amazon Cognito service returns a too many requests exception.

HTTP Status Code: 400

Examples

Example

A SetLogDeliveryConfiguration request that exports userNotification logs to a log group and userAuthEvents logs to an Amazon S3 bucket.

Sample Request

POST HTTP/1.1
Host: cognito-idp.us-east-1.amazonaws.com
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
{
    "LogConfigurations": [
        {
            "CloudWatchLogsConfiguration": {
                "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
            },
            "EventSource": "userNotification",
            "LogLevel": "ERROR"
        },
        {
            "EventSource": "userAuthEvents",
            "LogLevel": "INFO",
            "S3Configuration": {
                "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1"
            }
        }
    ],
    "UserPoolId": "us-west-2_EXAMPLE"
}

Sample Response

HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
{
   "LogDeliveryConfiguration": {
      "LogConfigurations": [
        {
            "CloudWatchLogsConfiguration": {
                "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
            },
            "EventSource": "userNotification",
            "LogLevel": "ERROR"
        },
        {
            "EventSource": "userAuthEvents",
            "LogLevel": "INFO",
            "S3Configuration": {
                "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1"
            }
        }
    ],
    "UserPoolId": "us-west-2_EXAMPLE"
   }
}

Example

A SetLogDeliveryConfiguration request that exports userAuthEvents events to a Firehose stream and userNotification events to a CloudWatch log group.

Sample Request

POST HTTP/1.1
Host: cognito-idp.us-west-2.amazonaws.com
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
{
   "LogConfigurations": [
      {
         "EventSource": "userAuthEvents",
         "FirehoseConfiguration": {
            "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported"
         },
         "LogLevel": "INFO"
      }
   ],
   [ 
      { 
         "CloudWatchLogsConfiguration": { 
            "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported"
         },
         "EventSource": "userNotification",
         "LogLevel": "ERROR"
      }
   ],
   "UserPoolId": "us-west-2_EXAMPLE"
}

Sample Response

HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
{
    "LogDeliveryConfiguration": {
        "LogConfigurations": [
            {
                "CloudWatchLogsConfiguration": {
                    "LogGroupArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported"
                },
                "EventSource": "userNotification",
                "LogLevel": "ERROR"
            },
            {
                "EventSource": "userAuthEvents",
                "FirehoseConfiguration": {
                    "StreamArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported"
                },
                "LogLevel": "INFO"
            }
        ],
        "UserPoolId": "us-west-2_EXAMPLE"
    }
}

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: