1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. wafv2
  5. LoggingConfiguration

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

aws-native.wafv2.LoggingConfiguration

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

A WAFv2 Logging Configuration Resource Provider

Create LoggingConfiguration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LoggingConfiguration(name: string, args: LoggingConfigurationArgs, opts?: CustomResourceOptions);
@overload
def LoggingConfiguration(resource_name: str,
                         args: LoggingConfigurationArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def LoggingConfiguration(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         log_destination_configs: Optional[Sequence[str]] = None,
                         resource_arn: Optional[str] = None,
                         logging_filter: Optional[LoggingFilterPropertiesArgs] = None,
                         redacted_fields: Optional[Sequence[LoggingConfigurationFieldToMatchArgs]] = None)
func NewLoggingConfiguration(ctx *Context, name string, args LoggingConfigurationArgs, opts ...ResourceOption) (*LoggingConfiguration, error)
public LoggingConfiguration(string name, LoggingConfigurationArgs args, CustomResourceOptions? opts = null)
public LoggingConfiguration(String name, LoggingConfigurationArgs args)
public LoggingConfiguration(String name, LoggingConfigurationArgs args, CustomResourceOptions options)
type: aws-native:wafv2:LoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. LoggingConfigurationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

LoggingConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LoggingConfiguration resource accepts the following input properties:

LogDestinationConfigs This property is required. List<string>
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
ResourceArn This property is required. string
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
LoggingFilter Pulumi.AwsNative.WaFv2.Inputs.LoggingFilterProperties
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
RedactedFields List<Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationFieldToMatch>
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
LogDestinationConfigs This property is required. []string
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
ResourceArn This property is required. string
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
LoggingFilter LoggingFilterPropertiesArgs
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
RedactedFields []LoggingConfigurationFieldToMatchArgs
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
logDestinationConfigs This property is required. List<String>
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
resourceArn This property is required. String
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
loggingFilter LoggingFilterProperties
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
redactedFields List<LoggingConfigurationFieldToMatch>
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
logDestinationConfigs This property is required. string[]
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
resourceArn This property is required. string
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
loggingFilter LoggingFilterProperties
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
redactedFields LoggingConfigurationFieldToMatch[]
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
log_destination_configs This property is required. Sequence[str]
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
resource_arn This property is required. str
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
logging_filter LoggingFilterPropertiesArgs
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
redacted_fields Sequence[LoggingConfigurationFieldToMatchArgs]
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.
logDestinationConfigs This property is required. List<String>
The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL.
resourceArn This property is required. String
The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.
loggingFilter Property Map
Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
redactedFields List<Property Map>
The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx.

Outputs

All input properties are implicitly available as output properties. Additionally, the LoggingConfiguration resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
ManagedByFirewallManager bool
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
Id string
The provider-assigned unique ID for this managed resource.
ManagedByFirewallManager bool
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
id String
The provider-assigned unique ID for this managed resource.
managedByFirewallManager Boolean
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
id string
The provider-assigned unique ID for this managed resource.
managedByFirewallManager boolean
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
id str
The provider-assigned unique ID for this managed resource.
managed_by_firewall_manager bool
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
id String
The provider-assigned unique ID for this managed resource.
managedByFirewallManager Boolean
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.

Supporting Types

LoggingConfigurationCondition
, LoggingConfigurationConditionArgs

actionCondition Property Map
A single action condition.
labelNameCondition Property Map
A single label name condition.

LoggingConfigurationConditionActionConditionProperties
, LoggingConfigurationConditionActionConditionPropertiesArgs

Action This property is required. Pulumi.AwsNative.WaFv2.LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
Action This property is required. LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
action This property is required. LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
action This property is required. LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
action This property is required. LoggingConfigurationConditionActionConditionPropertiesAction
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
action This property is required. "ALLOW" | "BLOCK" | "COUNT" | "CAPTCHA" | "CHALLENGE" | "EXCLUDED_AS_COUNT"
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

LoggingConfigurationConditionActionConditionPropertiesAction
, LoggingConfigurationConditionActionConditionPropertiesActionArgs

Allow
ALLOW
Block
BLOCK
Count
COUNT
Captcha
CAPTCHA
Challenge
CHALLENGE
ExcludedAsCount
EXCLUDED_AS_COUNT
LoggingConfigurationConditionActionConditionPropertiesActionAllow
ALLOW
LoggingConfigurationConditionActionConditionPropertiesActionBlock
BLOCK
LoggingConfigurationConditionActionConditionPropertiesActionCount
COUNT
LoggingConfigurationConditionActionConditionPropertiesActionCaptcha
CAPTCHA
LoggingConfigurationConditionActionConditionPropertiesActionChallenge
CHALLENGE
LoggingConfigurationConditionActionConditionPropertiesActionExcludedAsCount
EXCLUDED_AS_COUNT
Allow
ALLOW
Block
BLOCK
Count
COUNT
Captcha
CAPTCHA
Challenge
CHALLENGE
ExcludedAsCount
EXCLUDED_AS_COUNT
Allow
ALLOW
Block
BLOCK
Count
COUNT
Captcha
CAPTCHA
Challenge
CHALLENGE
ExcludedAsCount
EXCLUDED_AS_COUNT
ALLOW
ALLOW
BLOCK
BLOCK
COUNT
COUNT
CAPTCHA
CAPTCHA
CHALLENGE
CHALLENGE
EXCLUDED_AS_COUNT
EXCLUDED_AS_COUNT
"ALLOW"
ALLOW
"BLOCK"
BLOCK
"COUNT"
COUNT
"CAPTCHA"
CAPTCHA
"CHALLENGE"
CHALLENGE
"EXCLUDED_AS_COUNT"
EXCLUDED_AS_COUNT

LoggingConfigurationConditionLabelNameConditionProperties
, LoggingConfigurationConditionLabelNameConditionPropertiesArgs

LabelName This property is required. string
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
LabelName This property is required. string
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName This property is required. String
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName This property is required. string
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
label_name This property is required. str
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName This property is required. String
The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.

LoggingConfigurationFieldToMatch
, LoggingConfigurationFieldToMatchArgs

Method object
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString object
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
UriPath object
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
Method interface{}
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString interface{}
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
UriPath interface{}
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
method Object
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Object
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
uriPath Object
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
method any
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString any
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
uriPath any
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
method Any
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string Any
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header LoggingConfigurationFieldToMatchSingleHeaderProperties
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
uri_path Any
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
method Any
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Any
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
uriPath Any
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

LoggingConfigurationFieldToMatchSingleHeaderProperties
, LoggingConfigurationFieldToMatchSingleHeaderPropertiesArgs

Name This property is required. string
The name of the query header to inspect.
Name This property is required. string
The name of the query header to inspect.
name This property is required. String
The name of the query header to inspect.
name This property is required. string
The name of the query header to inspect.
name This property is required. str
The name of the query header to inspect.
name This property is required. String
The name of the query header to inspect.

LoggingConfigurationFilter
, LoggingConfigurationFilterArgs

Behavior This property is required. Pulumi.AwsNative.WaFv2.LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter's conditions and requirement.
Conditions This property is required. List<Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationCondition>
Match conditions for the filter.
Requirement This property is required. Pulumi.AwsNative.WaFv2.LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
Behavior This property is required. LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter's conditions and requirement.
Conditions This property is required. []LoggingConfigurationCondition
Match conditions for the filter.
Requirement This property is required. LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
behavior This property is required. LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter's conditions and requirement.
conditions This property is required. List<LoggingConfigurationCondition>
Match conditions for the filter.
requirement This property is required. LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
behavior This property is required. LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter's conditions and requirement.
conditions This property is required. LoggingConfigurationCondition[]
Match conditions for the filter.
requirement This property is required. LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
behavior This property is required. LoggingConfigurationFilterBehavior
How to handle logs that satisfy the filter's conditions and requirement.
conditions This property is required. Sequence[LoggingConfigurationCondition]
Match conditions for the filter.
requirement This property is required. LoggingConfigurationFilterRequirement
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
behavior This property is required. "KEEP" | "DROP"
How to handle logs that satisfy the filter's conditions and requirement.
conditions This property is required. List<Property Map>
Match conditions for the filter.
requirement This property is required. "MEETS_ALL" | "MEETS_ANY"
Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.

LoggingConfigurationFilterBehavior
, LoggingConfigurationFilterBehaviorArgs

Keep
KEEP
Drop
DROP
LoggingConfigurationFilterBehaviorKeep
KEEP
LoggingConfigurationFilterBehaviorDrop
DROP
Keep
KEEP
Drop
DROP
Keep
KEEP
Drop
DROP
KEEP
KEEP
DROP
DROP
"KEEP"
KEEP
"DROP"
DROP

LoggingConfigurationFilterRequirement
, LoggingConfigurationFilterRequirementArgs

MeetsAll
MEETS_ALL
MeetsAny
MEETS_ANY
LoggingConfigurationFilterRequirementMeetsAll
MEETS_ALL
LoggingConfigurationFilterRequirementMeetsAny
MEETS_ANY
MeetsAll
MEETS_ALL
MeetsAny
MEETS_ANY
MeetsAll
MEETS_ALL
MeetsAny
MEETS_ANY
MEETS_ALL
MEETS_ALL
MEETS_ANY
MEETS_ANY
"MEETS_ALL"
MEETS_ALL
"MEETS_ANY"
MEETS_ANY

LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
, LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorArgs

Keep
KEEP
Drop
DROP
LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorKeep
KEEP
LoggingConfigurationLoggingFilterPropertiesDefaultBehaviorDrop
DROP
Keep
KEEP
Drop
DROP
Keep
KEEP
Drop
DROP
KEEP
KEEP
DROP
DROP
"KEEP"
KEEP
"DROP"
DROP

LoggingFilterProperties
, LoggingFilterPropertiesArgs

DefaultBehavior This property is required. Pulumi.AwsNative.WaFv2.LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don't match any of the specified filtering conditions.
Filters This property is required. List<Pulumi.AwsNative.WaFv2.Inputs.LoggingConfigurationFilter>
The filters that you want to apply to the logs.
DefaultBehavior This property is required. LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don't match any of the specified filtering conditions.
Filters This property is required. []LoggingConfigurationFilter
The filters that you want to apply to the logs.
defaultBehavior This property is required. LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don't match any of the specified filtering conditions.
filters This property is required. List<LoggingConfigurationFilter>
The filters that you want to apply to the logs.
defaultBehavior This property is required. LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don't match any of the specified filtering conditions.
filters This property is required. LoggingConfigurationFilter[]
The filters that you want to apply to the logs.
default_behavior This property is required. LoggingConfigurationLoggingFilterPropertiesDefaultBehavior
Default handling for logs that don't match any of the specified filtering conditions.
filters This property is required. Sequence[LoggingConfigurationFilter]
The filters that you want to apply to the logs.
defaultBehavior This property is required. "KEEP" | "DROP"
Default handling for logs that don't match any of the specified filtering conditions.
filters This property is required. List<Property Map>
The filters that you want to apply to the logs.

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi