1. Packages
  2. AWS
  3. API Docs
  4. wafv2
  5. WebAclLoggingConfiguration
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.wafv2.WebAclLoggingConfiguration

Explore with Pulumi AI

This resource creates a WAFv2 Web ACL Logging Configuration.

!> WARNING: When logging from a WAFv2 Web ACL to a CloudWatch Log Group, the WAFv2 service tries to create or update a generic Log Resource Policy named AWSWAF-LOGS. However, if there are a large number of Web ACLs or if the account frequently creates and deletes Web ACLs, this policy may exceed the maximum policy size. As a result, this resource type will fail to be created. More details about this issue can be found in this issue. To prevent this issue, you can manage a specific resource policy. Please refer to the example below for managing a CloudWatch Log Group with a managed CloudWatch Log Resource Policy.

Example Usage

With Redacted Fields

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
    logDestinationConfigs: [exampleAwsKinesisFirehoseDeliveryStream.arn],
    resourceArn: exampleAwsWafv2WebAcl.arn,
    redactedFields: [{
        singleHeader: {
            name: "user-agent",
        },
    }],
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.wafv2.WebAclLoggingConfiguration("example",
    log_destination_configs=[example_aws_kinesis_firehose_delivery_stream["arn"]],
    resource_arn=example_aws_wafv2_web_acl["arn"],
    redacted_fields=[{
        "single_header": {
            "name": "user-agent",
        },
    }])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
			LogDestinationConfigs: pulumi.StringArray{
				exampleAwsKinesisFirehoseDeliveryStream.Arn,
			},
			ResourceArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
			RedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{
				&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{
					SingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{
						Name: pulumi.String("user-agent"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
    {
        LogDestinationConfigs = new[]
        {
            exampleAwsKinesisFirehoseDeliveryStream.Arn,
        },
        ResourceArn = exampleAwsWafv2WebAcl.Arn,
        RedactedFields = new[]
        {
            new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs
            {
                SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
                {
                    Name = "user-agent",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()
            .logDestinationConfigs(exampleAwsKinesisFirehoseDeliveryStream.arn())
            .resourceArn(exampleAwsWafv2WebAcl.arn())
            .redactedFields(WebAclLoggingConfigurationRedactedFieldArgs.builder()
                .singleHeader(WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs.builder()
                    .name("user-agent")
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:wafv2:WebAclLoggingConfiguration
    properties:
      logDestinationConfigs:
        - ${exampleAwsKinesisFirehoseDeliveryStream.arn}
      resourceArn: ${exampleAwsWafv2WebAcl.arn}
      redactedFields:
        - singleHeader:
            name: user-agent
Copy

With Logging Filter

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.WebAclLoggingConfiguration("example", {
    logDestinationConfigs: [exampleAwsKinesisFirehoseDeliveryStream.arn],
    resourceArn: exampleAwsWafv2WebAcl.arn,
    loggingFilter: {
        defaultBehavior: "KEEP",
        filters: [
            {
                behavior: "DROP",
                conditions: [
                    {
                        actionCondition: {
                            action: "COUNT",
                        },
                    },
                    {
                        labelNameCondition: {
                            labelName: "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
                        },
                    },
                ],
                requirement: "MEETS_ALL",
            },
            {
                behavior: "KEEP",
                conditions: [{
                    actionCondition: {
                        action: "ALLOW",
                    },
                }],
                requirement: "MEETS_ANY",
            },
        ],
    },
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.wafv2.WebAclLoggingConfiguration("example",
    log_destination_configs=[example_aws_kinesis_firehose_delivery_stream["arn"]],
    resource_arn=example_aws_wafv2_web_acl["arn"],
    logging_filter={
        "default_behavior": "KEEP",
        "filters": [
            {
                "behavior": "DROP",
                "conditions": [
                    {
                        "action_condition": {
                            "action": "COUNT",
                        },
                    },
                    {
                        "label_name_condition": {
                            "label_name": "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
                        },
                    },
                ],
                "requirement": "MEETS_ALL",
            },
            {
                "behavior": "KEEP",
                "conditions": [{
                    "action_condition": {
                        "action": "ALLOW",
                    },
                }],
                "requirement": "MEETS_ANY",
            },
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewWebAclLoggingConfiguration(ctx, "example", &wafv2.WebAclLoggingConfigurationArgs{
			LogDestinationConfigs: pulumi.StringArray{
				exampleAwsKinesisFirehoseDeliveryStream.Arn,
			},
			ResourceArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
			LoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{
				DefaultBehavior: pulumi.String("KEEP"),
				Filters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{
					&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
						Behavior: pulumi.String("DROP"),
						Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
							&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
								ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
									Action: pulumi.String("COUNT"),
								},
							},
							&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
								LabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{
									LabelName: pulumi.String("awswaf:111122223333:rulegroup:testRules:LabelNameZ"),
								},
							},
						},
						Requirement: pulumi.String("MEETS_ALL"),
					},
					&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
						Behavior: pulumi.String("KEEP"),
						Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
							&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
								ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
									Action: pulumi.String("ALLOW"),
								},
							},
						},
						Requirement: pulumi.String("MEETS_ANY"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.WebAclLoggingConfiguration("example", new()
    {
        LogDestinationConfigs = new[]
        {
            exampleAwsKinesisFirehoseDeliveryStream.Arn,
        },
        ResourceArn = exampleAwsWafv2WebAcl.Arn,
        LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs
        {
            DefaultBehavior = "KEEP",
            Filters = new[]
            {
                new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
                {
                    Behavior = "DROP",
                    Conditions = new[]
                    {
                        new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                        {
                            ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
                            {
                                Action = "COUNT",
                            },
                        },
                        new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                        {
                            LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
                            {
                                LabelName = "awswaf:111122223333:rulegroup:testRules:LabelNameZ",
                            },
                        },
                    },
                    Requirement = "MEETS_ALL",
                },
                new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
                {
                    Behavior = "KEEP",
                    Conditions = new[]
                    {
                        new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                        {
                            ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
                            {
                                Action = "ALLOW",
                            },
                        },
                    },
                    Requirement = "MEETS_ANY",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclLoggingConfiguration;
import com.pulumi.aws.wafv2.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclLoggingConfigurationLoggingFilterArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAclLoggingConfiguration("example", WebAclLoggingConfigurationArgs.builder()
            .logDestinationConfigs(exampleAwsKinesisFirehoseDeliveryStream.arn())
            .resourceArn(exampleAwsWafv2WebAcl.arn())
            .loggingFilter(WebAclLoggingConfigurationLoggingFilterArgs.builder()
                .defaultBehavior("KEEP")
                .filters(                
                    WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
                        .behavior("DROP")
                        .conditions(                        
                            WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                                .actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
                                    .action("COUNT")
                                    .build())
                                .build(),
                            WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                                .labelNameCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs.builder()
                                    .labelName("awswaf:111122223333:rulegroup:testRules:LabelNameZ")
                                    .build())
                                .build())
                        .requirement("MEETS_ALL")
                        .build(),
                    WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
                        .behavior("KEEP")
                        .conditions(WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                            .actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
                                .action("ALLOW")
                                .build())
                            .build())
                        .requirement("MEETS_ANY")
                        .build())
                .build())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:wafv2:WebAclLoggingConfiguration
    properties:
      logDestinationConfigs:
        - ${exampleAwsKinesisFirehoseDeliveryStream.arn}
      resourceArn: ${exampleAwsWafv2WebAcl.arn}
      loggingFilter:
        defaultBehavior: KEEP
        filters:
          - behavior: DROP
            conditions:
              - actionCondition:
                  action: COUNT
              - labelNameCondition:
                  labelName: awswaf:111122223333:rulegroup:testRules:LabelNameZ
            requirement: MEETS_ALL
          - behavior: KEEP
            conditions:
              - actionCondition:
                  action: ALLOW
            requirement: MEETS_ANY
Copy

Create WebAclLoggingConfiguration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new WebAclLoggingConfiguration(name: string, args: WebAclLoggingConfigurationArgs, opts?: CustomResourceOptions);
@overload
def WebAclLoggingConfiguration(resource_name: str,
                               args: WebAclLoggingConfigurationArgs,
                               opts: Optional[ResourceOptions] = None)

@overload
def WebAclLoggingConfiguration(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               log_destination_configs: Optional[Sequence[str]] = None,
                               resource_arn: Optional[str] = None,
                               logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
                               redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None)
func NewWebAclLoggingConfiguration(ctx *Context, name string, args WebAclLoggingConfigurationArgs, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)
public WebAclLoggingConfiguration(string name, WebAclLoggingConfigurationArgs args, CustomResourceOptions? opts = null)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args)
public WebAclLoggingConfiguration(String name, WebAclLoggingConfigurationArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclLoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. WebAclLoggingConfigurationArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. WebAclLoggingConfigurationArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var webAclLoggingConfigurationResource = new Aws.WafV2.WebAclLoggingConfiguration("webAclLoggingConfigurationResource", new()
{
    LogDestinationConfigs = new[]
    {
        "string",
    },
    ResourceArn = "string",
    LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs
    {
        DefaultBehavior = "string",
        Filters = new[]
        {
            new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs
            {
                Behavior = "string",
                Conditions = new[]
                {
                    new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs
                    {
                        ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs
                        {
                            Action = "string",
                        },
                        LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs
                        {
                            LabelName = "string",
                        },
                    },
                },
                Requirement = "string",
            },
        },
    },
    RedactedFields = new[]
    {
        new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs
        {
            Method = null,
            QueryString = null,
            SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs
            {
                Name = "string",
            },
            UriPath = null,
        },
    },
});
Copy
example, err := wafv2.NewWebAclLoggingConfiguration(ctx, "webAclLoggingConfigurationResource", &wafv2.WebAclLoggingConfigurationArgs{
	LogDestinationConfigs: pulumi.StringArray{
		pulumi.String("string"),
	},
	ResourceArn: pulumi.String("string"),
	LoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{
		DefaultBehavior: pulumi.String("string"),
		Filters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{
			&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{
				Behavior: pulumi.String("string"),
				Conditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{
					&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{
						ActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{
							Action: pulumi.String("string"),
						},
						LabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{
							LabelName: pulumi.String("string"),
						},
					},
				},
				Requirement: pulumi.String("string"),
			},
		},
	},
	RedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{
		&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{
			Method:      &wafv2.WebAclLoggingConfigurationRedactedFieldMethodArgs{},
			QueryString: &wafv2.WebAclLoggingConfigurationRedactedFieldQueryStringArgs{},
			SingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{
				Name: pulumi.String("string"),
			},
			UriPath: &wafv2.WebAclLoggingConfigurationRedactedFieldUriPathArgs{},
		},
	},
})
Copy
var webAclLoggingConfigurationResource = new WebAclLoggingConfiguration("webAclLoggingConfigurationResource", WebAclLoggingConfigurationArgs.builder()
    .logDestinationConfigs("string")
    .resourceArn("string")
    .loggingFilter(WebAclLoggingConfigurationLoggingFilterArgs.builder()
        .defaultBehavior("string")
        .filters(WebAclLoggingConfigurationLoggingFilterFilterArgs.builder()
            .behavior("string")
            .conditions(WebAclLoggingConfigurationLoggingFilterFilterConditionArgs.builder()
                .actionCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs.builder()
                    .action("string")
                    .build())
                .labelNameCondition(WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs.builder()
                    .labelName("string")
                    .build())
                .build())
            .requirement("string")
            .build())
        .build())
    .redactedFields(WebAclLoggingConfigurationRedactedFieldArgs.builder()
        .method()
        .queryString()
        .singleHeader(WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs.builder()
            .name("string")
            .build())
        .uriPath()
        .build())
    .build());
Copy
web_acl_logging_configuration_resource = aws.wafv2.WebAclLoggingConfiguration("webAclLoggingConfigurationResource",
    log_destination_configs=["string"],
    resource_arn="string",
    logging_filter={
        "default_behavior": "string",
        "filters": [{
            "behavior": "string",
            "conditions": [{
                "action_condition": {
                    "action": "string",
                },
                "label_name_condition": {
                    "label_name": "string",
                },
            }],
            "requirement": "string",
        }],
    },
    redacted_fields=[{
        "method": {},
        "query_string": {},
        "single_header": {
            "name": "string",
        },
        "uri_path": {},
    }])
Copy
const webAclLoggingConfigurationResource = new aws.wafv2.WebAclLoggingConfiguration("webAclLoggingConfigurationResource", {
    logDestinationConfigs: ["string"],
    resourceArn: "string",
    loggingFilter: {
        defaultBehavior: "string",
        filters: [{
            behavior: "string",
            conditions: [{
                actionCondition: {
                    action: "string",
                },
                labelNameCondition: {
                    labelName: "string",
                },
            }],
            requirement: "string",
        }],
    },
    redactedFields: [{
        method: {},
        queryString: {},
        singleHeader: {
            name: "string",
        },
        uriPath: {},
    }],
});
Copy
type: aws:wafv2:WebAclLoggingConfiguration
properties:
    logDestinationConfigs:
        - string
    loggingFilter:
        defaultBehavior: string
        filters:
            - behavior: string
              conditions:
                - actionCondition:
                    action: string
                  labelNameCondition:
                    labelName: string
              requirement: string
    redactedFields:
        - method: {}
          queryString: {}
          singleHeader:
            name: string
          uriPath: {}
    resourceArn: string
Copy

WebAclLoggingConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The WebAclLoggingConfiguration resource accepts the following input properties:

LogDestinationConfigs
This property is required.
Changes to this property will trigger replacement.
List<string>
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
ResourceArn
This property is required.
Changes to this property will trigger replacement.
string
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
LoggingFilter WebAclLoggingConfigurationLoggingFilter
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
RedactedFields List<WebAclLoggingConfigurationRedactedField>
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
LogDestinationConfigs
This property is required.
Changes to this property will trigger replacement.
[]string
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
ResourceArn
This property is required.
Changes to this property will trigger replacement.
string
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
LoggingFilter WebAclLoggingConfigurationLoggingFilterArgs
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
RedactedFields []WebAclLoggingConfigurationRedactedFieldArgs
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
logDestinationConfigs
This property is required.
Changes to this property will trigger replacement.
List<String>
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
resourceArn
This property is required.
Changes to this property will trigger replacement.
String
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
loggingFilter WebAclLoggingConfigurationLoggingFilter
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redactedFields List<WebAclLoggingConfigurationRedactedField>
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
logDestinationConfigs
This property is required.
Changes to this property will trigger replacement.
string[]
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
resourceArn
This property is required.
Changes to this property will trigger replacement.
string
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
loggingFilter WebAclLoggingConfigurationLoggingFilter
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redactedFields WebAclLoggingConfigurationRedactedField[]
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
log_destination_configs
This property is required.
Changes to this property will trigger replacement.
Sequence[str]
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
resource_arn
This property is required.
Changes to this property will trigger replacement.
str
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
logging_filter WebAclLoggingConfigurationLoggingFilterArgs
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redacted_fields Sequence[WebAclLoggingConfigurationRedactedFieldArgs]
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
logDestinationConfigs
This property is required.
Changes to this property will trigger replacement.
List<String>
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
resourceArn
This property is required.
Changes to this property will trigger replacement.
String
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
loggingFilter Property Map
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redactedFields List<Property Map>
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.

Outputs

All input properties are implicitly available as output properties. Additionally, the WebAclLoggingConfiguration resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing WebAclLoggingConfiguration Resource

Get an existing WebAclLoggingConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WebAclLoggingConfigurationState, opts?: CustomResourceOptions): WebAclLoggingConfiguration
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        log_destination_configs: Optional[Sequence[str]] = None,
        logging_filter: Optional[WebAclLoggingConfigurationLoggingFilterArgs] = None,
        redacted_fields: Optional[Sequence[WebAclLoggingConfigurationRedactedFieldArgs]] = None,
        resource_arn: Optional[str] = None) -> WebAclLoggingConfiguration
func GetWebAclLoggingConfiguration(ctx *Context, name string, id IDInput, state *WebAclLoggingConfigurationState, opts ...ResourceOption) (*WebAclLoggingConfiguration, error)
public static WebAclLoggingConfiguration Get(string name, Input<string> id, WebAclLoggingConfigurationState? state, CustomResourceOptions? opts = null)
public static WebAclLoggingConfiguration get(String name, Output<String> id, WebAclLoggingConfigurationState state, CustomResourceOptions options)
resources:  _:    type: aws:wafv2:WebAclLoggingConfiguration    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
LogDestinationConfigs Changes to this property will trigger replacement. List<string>
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
LoggingFilter WebAclLoggingConfigurationLoggingFilter
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
RedactedFields List<WebAclLoggingConfigurationRedactedField>
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
ResourceArn Changes to this property will trigger replacement. string
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
LogDestinationConfigs Changes to this property will trigger replacement. []string
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
LoggingFilter WebAclLoggingConfigurationLoggingFilterArgs
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
RedactedFields []WebAclLoggingConfigurationRedactedFieldArgs
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
ResourceArn Changes to this property will trigger replacement. string
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
logDestinationConfigs Changes to this property will trigger replacement. List<String>
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
loggingFilter WebAclLoggingConfigurationLoggingFilter
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redactedFields List<WebAclLoggingConfigurationRedactedField>
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
resourceArn Changes to this property will trigger replacement. String
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
logDestinationConfigs Changes to this property will trigger replacement. string[]
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
loggingFilter WebAclLoggingConfigurationLoggingFilter
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redactedFields WebAclLoggingConfigurationRedactedField[]
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
resourceArn Changes to this property will trigger replacement. string
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
log_destination_configs Changes to this property will trigger replacement. Sequence[str]
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
logging_filter WebAclLoggingConfigurationLoggingFilterArgs
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redacted_fields Sequence[WebAclLoggingConfigurationRedactedFieldArgs]
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
resource_arn Changes to this property will trigger replacement. str
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.
logDestinationConfigs Changes to this property will trigger replacement. List<String>
Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL. Note: data firehose, log group, or bucket name must be prefixed with aws-waf-logs-, e.g. aws-waf-logs-example-firehose, aws-waf-logs-example-log-group, or aws-waf-logs-example-bucket.
loggingFilter Property Map
Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
redactedFields List<Property Map>
Configuration for parts of the request that you want to keep out of the logs. Up to 100 redacted_fields blocks are supported. See Redacted Fields below for more details.
resourceArn Changes to this property will trigger replacement. String
Amazon Resource Name (ARN) of the web ACL that you want to associate with log_destination_configs.

Supporting Types

WebAclLoggingConfigurationLoggingFilter
, WebAclLoggingConfigurationLoggingFilterArgs

DefaultBehavior This property is required. string
Default handling for logs that don't match any of the specified filtering conditions. Valid values for default_behavior are KEEP or DROP.
Filters This property is required. List<WebAclLoggingConfigurationLoggingFilterFilter>
Filter(s) that you want to apply to the logs. See Filter below for more details.
DefaultBehavior This property is required. string
Default handling for logs that don't match any of the specified filtering conditions. Valid values for default_behavior are KEEP or DROP.
Filters This property is required. []WebAclLoggingConfigurationLoggingFilterFilter
Filter(s) that you want to apply to the logs. See Filter below for more details.
defaultBehavior This property is required. String
Default handling for logs that don't match any of the specified filtering conditions. Valid values for default_behavior are KEEP or DROP.
filters This property is required. List<WebAclLoggingConfigurationLoggingFilterFilter>
Filter(s) that you want to apply to the logs. See Filter below for more details.
defaultBehavior This property is required. string
Default handling for logs that don't match any of the specified filtering conditions. Valid values for default_behavior are KEEP or DROP.
filters This property is required. WebAclLoggingConfigurationLoggingFilterFilter[]
Filter(s) that you want to apply to the logs. See Filter below for more details.
default_behavior This property is required. str
Default handling for logs that don't match any of the specified filtering conditions. Valid values for default_behavior are KEEP or DROP.
filters This property is required. Sequence[WebAclLoggingConfigurationLoggingFilterFilter]
Filter(s) that you want to apply to the logs. See Filter below for more details.
defaultBehavior This property is required. String
Default handling for logs that don't match any of the specified filtering conditions. Valid values for default_behavior are KEEP or DROP.
filters This property is required. List<Property Map>
Filter(s) that you want to apply to the logs. See Filter below for more details.

WebAclLoggingConfigurationLoggingFilterFilter
, WebAclLoggingConfigurationLoggingFilterFilterArgs

Behavior This property is required. string
Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for behavior are KEEP or DROP.
Conditions This property is required. List<WebAclLoggingConfigurationLoggingFilterFilterCondition>
Match condition(s) for the filter. See Condition below for more details.
Requirement This property is required. string
Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for requirement are MEETS_ALL or MEETS_ANY.
Behavior This property is required. string
Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for behavior are KEEP or DROP.
Conditions This property is required. []WebAclLoggingConfigurationLoggingFilterFilterCondition
Match condition(s) for the filter. See Condition below for more details.
Requirement This property is required. string
Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for requirement are MEETS_ALL or MEETS_ANY.
behavior This property is required. String
Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for behavior are KEEP or DROP.
conditions This property is required. List<WebAclLoggingConfigurationLoggingFilterFilterCondition>
Match condition(s) for the filter. See Condition below for more details.
requirement This property is required. String
Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for requirement are MEETS_ALL or MEETS_ANY.
behavior This property is required. string
Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for behavior are KEEP or DROP.
conditions This property is required. WebAclLoggingConfigurationLoggingFilterFilterCondition[]
Match condition(s) for the filter. See Condition below for more details.
requirement This property is required. string
Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for requirement are MEETS_ALL or MEETS_ANY.
behavior This property is required. str
Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for behavior are KEEP or DROP.
conditions This property is required. Sequence[WebAclLoggingConfigurationLoggingFilterFilterCondition]
Match condition(s) for the filter. See Condition below for more details.
requirement This property is required. str
Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for requirement are MEETS_ALL or MEETS_ANY.
behavior This property is required. String
Parameter that determines how to handle logs that meet the conditions and requirements of the filter. The valid values for behavior are KEEP or DROP.
conditions This property is required. List<Property Map>
Match condition(s) for the filter. See Condition below for more details.
requirement This property is required. String
Logic to apply to the filtering conditions. You can specify that a log must match all conditions or at least one condition in order to satisfy the filter. Valid values for requirement are MEETS_ALL or MEETS_ANY.

WebAclLoggingConfigurationLoggingFilterFilterCondition
, WebAclLoggingConfigurationLoggingFilterFilterConditionArgs

ActionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
Configuration for a single action condition. See Action Condition below for more details.
LabelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
Condition for a single label name. See Label Name Condition below for more details.
ActionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
Configuration for a single action condition. See Action Condition below for more details.
LabelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
Condition for a single label name. See Label Name Condition below for more details.
actionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
Configuration for a single action condition. See Action Condition below for more details.
labelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
Condition for a single label name. See Label Name Condition below for more details.
actionCondition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
Configuration for a single action condition. See Action Condition below for more details.
labelNameCondition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
Condition for a single label name. See Label Name Condition below for more details.
action_condition WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
Configuration for a single action condition. See Action Condition below for more details.
label_name_condition WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
Condition for a single label name. See Label Name Condition below for more details.
actionCondition Property Map
Configuration for a single action condition. See Action Condition below for more details.
labelNameCondition Property Map
Condition for a single label name. See Label Name Condition below for more details.

WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition
, WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs

Action This property is required. string
Action setting that a log record must contain in order to meet the condition. Valid values for action are ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE and EXCLUDED_AS_COUNT.
Action This property is required. string
Action setting that a log record must contain in order to meet the condition. Valid values for action are ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE and EXCLUDED_AS_COUNT.
action This property is required. String
Action setting that a log record must contain in order to meet the condition. Valid values for action are ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE and EXCLUDED_AS_COUNT.
action This property is required. string
Action setting that a log record must contain in order to meet the condition. Valid values for action are ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE and EXCLUDED_AS_COUNT.
action This property is required. str
Action setting that a log record must contain in order to meet the condition. Valid values for action are ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE and EXCLUDED_AS_COUNT.
action This property is required. String
Action setting that a log record must contain in order to meet the condition. Valid values for action are ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE and EXCLUDED_AS_COUNT.

WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition
, WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs

LabelName This property is required. string
Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
LabelName This property is required. string
Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName This property is required. String
Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName This property is required. string
Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
label_name This property is required. str
Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.
labelName This property is required. String
Name of the label that a log record must contain in order to meet the condition. It must be a fully qualified label name, which includes a prefix, optional namespaces, and the label name itself. The prefix identifies the rule group or web ACL context of the rule that added the label.

WebAclLoggingConfigurationRedactedField
, WebAclLoggingConfigurationRedactedFieldArgs

Method WebAclLoggingConfigurationRedactedFieldMethod
HTTP method to be redacted. It must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclLoggingConfigurationRedactedFieldQueryString
Whether to redact the query string. It must be specified as an empty configuration block {}. The query string is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader
"single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
UriPath WebAclLoggingConfigurationRedactedFieldUriPath
Configuration block that redacts the request URI path. It should be specified as an empty configuration block {}. The URI path is the part of a web request that identifies a resource, such as /images/daily-ad.jpg.
Method WebAclLoggingConfigurationRedactedFieldMethod
HTTP method to be redacted. It must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclLoggingConfigurationRedactedFieldQueryString
Whether to redact the query string. It must be specified as an empty configuration block {}. The query string is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader
"single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
UriPath WebAclLoggingConfigurationRedactedFieldUriPath
Configuration block that redacts the request URI path. It should be specified as an empty configuration block {}. The URI path is the part of a web request that identifies a resource, such as /images/daily-ad.jpg.
method WebAclLoggingConfigurationRedactedFieldMethod
HTTP method to be redacted. It must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclLoggingConfigurationRedactedFieldQueryString
Whether to redact the query string. It must be specified as an empty configuration block {}. The query string is the part of a URL that appears after a ? character, if any.
singleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader
"single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
uriPath WebAclLoggingConfigurationRedactedFieldUriPath
Configuration block that redacts the request URI path. It should be specified as an empty configuration block {}. The URI path is the part of a web request that identifies a resource, such as /images/daily-ad.jpg.
method WebAclLoggingConfigurationRedactedFieldMethod
HTTP method to be redacted. It must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclLoggingConfigurationRedactedFieldQueryString
Whether to redact the query string. It must be specified as an empty configuration block {}. The query string is the part of a URL that appears after a ? character, if any.
singleHeader WebAclLoggingConfigurationRedactedFieldSingleHeader
"single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
uriPath WebAclLoggingConfigurationRedactedFieldUriPath
Configuration block that redacts the request URI path. It should be specified as an empty configuration block {}. The URI path is the part of a web request that identifies a resource, such as /images/daily-ad.jpg.
method WebAclLoggingConfigurationRedactedFieldMethod
HTTP method to be redacted. It must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclLoggingConfigurationRedactedFieldQueryString
Whether to redact the query string. It must be specified as an empty configuration block {}. The query string is the part of a URL that appears after a ? character, if any.
single_header WebAclLoggingConfigurationRedactedFieldSingleHeader
"single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
uri_path WebAclLoggingConfigurationRedactedFieldUriPath
Configuration block that redacts the request URI path. It should be specified as an empty configuration block {}. The URI path is the part of a web request that identifies a resource, such as /images/daily-ad.jpg.
method Property Map
HTTP method to be redacted. It must be specified as an empty configuration block {}. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map
Whether to redact the query string. It must be specified as an empty configuration block {}. The query string is the part of a URL that appears after a ? character, if any.
singleHeader Property Map
"single_header" refers to the redaction of a single header. For more information, please see the details below under Single Header.
uriPath Property Map
Configuration block that redacts the request URI path. It should be specified as an empty configuration block {}. The URI path is the part of a web request that identifies a resource, such as /images/daily-ad.jpg.

WebAclLoggingConfigurationRedactedFieldSingleHeader
, WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs

Name This property is required. string
Name of the query header to redact. This setting must be provided in lowercase characters.
Name This property is required. string
Name of the query header to redact. This setting must be provided in lowercase characters.
name This property is required. String
Name of the query header to redact. This setting must be provided in lowercase characters.
name This property is required. string
Name of the query header to redact. This setting must be provided in lowercase characters.
name This property is required. str
Name of the query header to redact. This setting must be provided in lowercase characters.
name This property is required. String
Name of the query header to redact. This setting must be provided in lowercase characters.

Import

Using pulumi import, import WAFv2 Web ACL Logging Configurations using the ARN of the WAFv2 Web ACL. For example:

$ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.