Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. networkfirewall
  5. LoggingConfiguration

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

aws-native.networkfirewall.LoggingConfiguration

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

Resource type definition for AWS::NetworkFirewall::LoggingConfiguration

Create LoggingConfiguration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LoggingConfiguration(name: string, args: LoggingConfigurationArgs, opts?: CustomResourceOptions);
@overload
def LoggingConfiguration(resource_name: str,
                         args: LoggingConfigurationInitArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def LoggingConfiguration(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         firewall_arn: Optional[str] = None,
                         logging_configuration: Optional[LoggingConfigurationArgs] = None,
                         firewall_name: Optional[str] = None)
func NewLoggingConfiguration(ctx *Context, name string, args LoggingConfigurationArgs, opts ...ResourceOption) (*LoggingConfiguration, error)
public LoggingConfiguration(string name, LoggingConfigurationArgs args, CustomResourceOptions? opts = null)
public LoggingConfiguration(String name, LoggingConfigurationArgs args)
public LoggingConfiguration(String name, LoggingConfigurationArgs args, CustomResourceOptions options)

type: aws-native:networkfirewall:LoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. LoggingConfigurationInitArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

LoggingConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LoggingConfiguration resource accepts the following input properties:

FirewallArn This property is required. string
The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
LoggingConfigurationValue This property is required. Pulumi.AwsNative.NetworkFirewall.Inputs.LoggingConfiguration
Defines how AWS Network Firewall performs logging for a Firewall .
FirewallName string
The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
FirewallArn This property is required. string
The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
LoggingConfiguration This property is required. LoggingConfigurationTypeArgs
Defines how AWS Network Firewall performs logging for a Firewall .
FirewallName string
The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
firewallArn This property is required. String
The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
loggingConfiguration This property is required. LoggingConfiguration
Defines how AWS Network Firewall performs logging for a Firewall .
firewallName String
The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
firewallArn This property is required. string
The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
loggingConfiguration This property is required. LoggingConfiguration
Defines how AWS Network Firewall performs logging for a Firewall .
firewallName string
The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
firewall_arn This property is required. str
The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
logging_configuration This property is required. LoggingConfigurationArgs
Defines how AWS Network Firewall performs logging for a Firewall .
firewall_name str
The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
firewallArn This property is required. String
The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
loggingConfiguration This property is required. Property Map
Defines how AWS Network Firewall performs logging for a Firewall .
firewallName String
The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

Outputs

All input properties are implicitly available as output properties. Additionally, the LoggingConfiguration resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Supporting Types

LoggingConfiguration
, LoggingConfigurationArgs

LogDestinationConfigs This property is required. List<Pulumi.AwsNative.NetworkFirewall.Inputs.LoggingConfigurationLogDestinationConfig>
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.
LogDestinationConfigs This property is required. []LoggingConfigurationLogDestinationConfig
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.
logDestinationConfigs This property is required. List<LoggingConfigurationLogDestinationConfig>
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.
logDestinationConfigs This property is required. LoggingConfigurationLogDestinationConfig[]
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.
log_destination_configs This property is required. Sequence[LoggingConfigurationLogDestinationConfig]
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.
logDestinationConfigs This property is required. List<Property Map>
Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

LoggingConfigurationLogDestinationConfig
, LoggingConfigurationLogDestinationConfigArgs

LogDestination This property is required. Dictionary<string, string>
A key-value pair to configure the logDestinations.
LogDestinationType This property is required. Pulumi.AwsNative.NetworkFirewall.LoggingConfigurationLogDestinationConfigLogDestinationType
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
LogType This property is required. Pulumi.AwsNative.NetworkFirewall.LoggingConfigurationLogDestinationConfigLogType
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

  • ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
  • FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
  • TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .
LogDestination This property is required. map[string]string
A key-value pair to configure the logDestinations.
LogDestinationType This property is required. LoggingConfigurationLogDestinationConfigLogDestinationType
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
LogType This property is required. LoggingConfigurationLogDestinationConfigLogType
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

  • ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
  • FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
  • TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .
logDestination This property is required. Map<String,String>
A key-value pair to configure the logDestinations.
logDestinationType This property is required. LoggingConfigurationLogDestinationConfigLogDestinationType
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
logType This property is required. LoggingConfigurationLogDestinationConfigLogType
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

  • ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
  • FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
  • TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .
logDestination This property is required. {[key: string]: string}
A key-value pair to configure the logDestinations.
logDestinationType This property is required. LoggingConfigurationLogDestinationConfigLogDestinationType
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
logType This property is required. LoggingConfigurationLogDestinationConfigLogType
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

  • ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
  • FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
  • TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .
log_destination This property is required. Mapping[str, str]
A key-value pair to configure the logDestinations.
log_destination_type This property is required. LoggingConfigurationLogDestinationConfigLogDestinationType
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
log_type This property is required. LoggingConfigurationLogDestinationConfigLogType
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

  • ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
  • FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
  • TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .
logDestination This property is required. Map<String>
A key-value pair to configure the logDestinations.
logDestinationType This property is required. "S3" | "CloudWatchLogs" | "KinesisDataFirehose"
The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
logType This property is required. "ALERT" | "FLOW" | "TLS"
The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

  • ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
  • FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
  • TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

LoggingConfigurationLogDestinationConfigLogDestinationType
, LoggingConfigurationLogDestinationConfigLogDestinationTypeArgs

S3
S3
CloudWatchLogs
CloudWatchLogs
KinesisDataFirehose
KinesisDataFirehose
LoggingConfigurationLogDestinationConfigLogDestinationTypeS3
S3
LoggingConfigurationLogDestinationConfigLogDestinationTypeCloudWatchLogs
CloudWatchLogs
LoggingConfigurationLogDestinationConfigLogDestinationTypeKinesisDataFirehose
KinesisDataFirehose
S3
S3
CloudWatchLogs
CloudWatchLogs
KinesisDataFirehose
KinesisDataFirehose
S3
S3
CloudWatchLogs
CloudWatchLogs
KinesisDataFirehose
KinesisDataFirehose
S3
S3
CLOUD_WATCH_LOGS
CloudWatchLogs
KINESIS_DATA_FIREHOSE
KinesisDataFirehose
"S3"
S3
"CloudWatchLogs"
CloudWatchLogs
"KinesisDataFirehose"
KinesisDataFirehose

LoggingConfigurationLogDestinationConfigLogType
, LoggingConfigurationLogDestinationConfigLogTypeArgs

Alert
ALERT
Flow
FLOW
Tls
TLS
LoggingConfigurationLogDestinationConfigLogTypeAlert
ALERT
LoggingConfigurationLogDestinationConfigLogTypeFlow
FLOW
LoggingConfigurationLogDestinationConfigLogTypeTls
TLS
Alert
ALERT
Flow
FLOW
Tls
TLS
Alert
ALERT
Flow
FLOW
Tls
TLS
ALERT
ALERT
FLOW
FLOW
TLS
TLS
"ALERT"
ALERT
"FLOW"
FLOW
"TLS"
TLS

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native