logging_configuration
Gets an individual logging_configuration resource
Overview
| Name | logging_configuration |
| Type | Resource |
| Description | logging_configuration |
| Id | awscc.wafv2.logging_configuration |
Fields
| Name | Datatype | Description |
|---|---|---|
resource_arn | string | The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs. |
log_destination_configs | array | The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL. |
redacted_fields | array | The parts of the request that you want to keep out of the logs. For example, if you redact the HEADER field, the HEADER field in the firehose will be xxx. |
managed_by_firewall_manager | boolean | Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration. |
logging_filter | object | Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
resource_arn,
log_destination_configs,
redacted_fields,
managed_by_firewall_manager,
logging_filter
FROM awscc.wafv2.logging_configuration
WHERE data__Identifier = '<ResourceArn>';
Permissions
To operate on the logging_configuration resource, the following permissions are required:
Read
wafv2:GetLoggingConfiguration
Update
wafv2:PutLoggingConfiguration,
wafv2:GetLoggingConfiguration,
firehose:ListDeliveryStreams,
iam:CreateServiceLinkedRole,
iam:DescribeOrganization,
logs:CreateLogDelivery,
s3:PutBucketPolicy,
s3:GetBucketPolicy,
logs:PutResourcePolicy,
logs:DescribeResourcePolicies,
logs:DescribeLogGroups
Delete
wafv2:DeleteLoggingConfiguration,
wafv2:GetLoggingConfiguration,
logs:DeleteLogDelivery