software.amazon.awscdk.services.wafv2

Class CfnLoggingConfiguration

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.wafv2.CfnLoggingConfiguration

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:42.678Z")
 @Stability(value=Stable)
public class CfnLoggingConfiguration
extends CfnResource
implements IInspectable

A CloudFormation `AWS::WAFv2::LoggingConfiguration`.

Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

You can define one logging destination per web ACL.

You can access information about the traffic that AWS WAF inspects using the following steps:

• Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. For information about configuring logging destinations and the permissions that are required for each, see Logging web ACL traffic information in the AWS WAF Developer Guide .
• Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.

For additional information about web ACL logging, see Logging web ACL traffic information in the AWS WAF Developer Guide .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.wafv2.*;
 Object jsonBody;
 Object loggingFilter;
 Object method;
 Object queryString;
 Object singleHeader;
 Object uriPath;
 CfnLoggingConfiguration cfnLoggingConfiguration = CfnLoggingConfiguration.Builder.create(this, "MyCfnLoggingConfiguration")
         .logDestinationConfigs(List.of("logDestinationConfigs"))
         .resourceArn("resourceArn")
         // the properties below are optional
         .loggingFilter(loggingFilter)
         .redactedFields(List.of(FieldToMatchProperty.builder()
                 .jsonBody(jsonBody)
                 .method(method)
                 .queryString(queryString)
                 .singleHeader(singleHeader)
                 .uriPath(uriPath)
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnLoggingConfiguration.Builder A fluent builder for CfnLoggingConfiguration.
static interface	CfnLoggingConfiguration.FieldToMatchProperty The part of the web request that you want AWS WAF to inspect.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnLoggingConfiguration(software.constructs.Construct scope, String id, CfnLoggingConfigurationProps props) Create a new `AWS::WAFv2::LoggingConfiguration`.
protected	CfnLoggingConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnLoggingConfiguration(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
IResolvable	getAttrManagedByFirewallManager() Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.
protected Map<String,Object>	getCfnProperties()
List<String>	getLogDestinationConfigs() The logging destination configuration that you want to associate with the web ACL.
Object	getLoggingFilter() Filtering that specifies which web requests are kept in the logs and which are dropped.
Object	getRedactedFields() The parts of the request that you want to keep out of the logs.
String	getResourceArn() The Amazon Resource Name (ARN) of the web ACL that you want to associate with `LogDestinationConfigs` .
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setLogDestinationConfigs(List<String> value) The logging destination configuration that you want to associate with the web ACL.
void	setLoggingFilter(Object value) Filtering that specifies which web requests are kept in the logs and which are dropped.
void	setRedactedFields(IResolvable value) The parts of the request that you want to keep out of the logs.
void	setRedactedFields(List<Object> value) The parts of the request that you want to keep out of the logs.
void	setResourceArn(String value) The Amazon Resource Name (ARN) of the web ACL that you want to associate with `LogDestinationConfigs` .

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Detail

CFN_RESOURCE_TYPE_NAME

@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnLoggingConfiguration

protected CfnLoggingConfiguration(software.amazon.jsii.JsiiObjectRef objRef)

CfnLoggingConfiguration

protected CfnLoggingConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnLoggingConfiguration

@Stability(value=Stable)
public CfnLoggingConfiguration(@NotNull
                                                        software.constructs.Construct scope,
                                                        @NotNull
                                                        String id,
                                                        @NotNull
                                                        CfnLoggingConfigurationProps props)

Create a new `AWS::WAFv2::LoggingConfiguration`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrManagedByFirewallManager

@Stability(value=Stable)
 @NotNull
public IResolvable getAttrManagedByFirewallManager()

Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration.

If true, only Firewall Manager can modify or delete the configuration.

getCfnProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getLogDestinationConfigs

@Stability(value=Stable)
 @NotNull
public List<String> getLogDestinationConfigs()

The logging destination configuration that you want to associate with the web ACL.

You can associate one logging destination to a web ACL.

setLogDestinationConfigs

@Stability(value=Stable)
public void setLogDestinationConfigs(@NotNull
                                                              List<String> value)

The logging destination configuration that you want to associate with the web ACL.

You can associate one logging destination to a web ACL.

getLoggingFilter

@Stability(value=Stable)
 @NotNull
public Object getLoggingFilter()

Filtering that specifies which web requests are kept in the logs and which are dropped.

You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.

setLoggingFilter

@Stability(value=Stable)
public void setLoggingFilter(@NotNull
                                                      Object value)

Filtering that specifies which web requests are kept in the logs and which are dropped.

You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.

getResourceArn

@Stability(value=Stable)
 @NotNull
public String getResourceArn()

The Amazon Resource Name (ARN) of the web ACL that you want to associate with `LogDestinationConfigs` .

setResourceArn

@Stability(value=Stable)
public void setResourceArn(@NotNull
                                                    String value)

The Amazon Resource Name (ARN) of the web ACL that you want to associate with `LogDestinationConfigs` .

getRedactedFields

@Stability(value=Stable)
 @Nullable
public Object getRedactedFields()

The parts of the request that you want to keep out of the logs.

For example, if you redact the SingleHeader field, the HEADER field in the logs will be xxx .

You can specify only the following fields for redaction: UriPath , QueryString , SingleHeader , Method , and JsonBody .

setRedactedFields

@Stability(value=Stable)
public void setRedactedFields(@Nullable
                                                       IResolvable value)

The parts of the request that you want to keep out of the logs.

For example, if you redact the SingleHeader field, the HEADER field in the logs will be xxx .

You can specify only the following fields for redaction: UriPath , QueryString , SingleHeader , Method , and JsonBody .

setRedactedFields

@Stability(value=Stable)
public void setRedactedFields(@Nullable
                                                       List<Object> value)

The parts of the request that you want to keep out of the logs.

For example, if you redact the SingleHeader field, the HEADER field in the logs will be xxx .

You can specify only the following fields for redaction: UriPath , QueryString , SingleHeader , Method , and JsonBody .