awscc.wafv2_loggingconfiguration

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - wafv2:DeleteLoggingConfiguration, wafv2:GetLoggingConfiguration, logs:DeleteLogDelivery

update

Parent base class for filters and actions.

definitions:
  Condition:
    additionalProperties: false
    properties:
      ActionCondition:
        additionalProperties: false
        description: A single action condition.
        properties:
          Action:
            description: Logic to apply to the filtering conditions. You can specify
              that, in order to satisfy the filter, a log must match all conditions
              or must match at least one condition.
            enum:
            - ALLOW
            - BLOCK
            - COUNT
            - CAPTCHA
            - EXCLUDED_AS_COUNT
            type: string
        required:
        - Action
        type: object
      LabelNameCondition:
        additionalProperties: false
        description: A single label name condition.
        properties:
          LabelName:
            description: 'The label name that a log record must contain in order to
              meet the condition. This must be a fully qualified label name. Fully
              qualified labels have a prefix, optional namespaces, and label name.
              The prefix identifies the rule group or web ACL context of the rule
              that added the label. '
            type: string
        required:
        - LabelName
        type: object
    type: object
  FieldToMatch:
    additionalProperties: false
    description: A key-value pair to associate with a resource.
    properties:
      JsonBody:
        additionalProperties: false
        description: 'Inspect the request body as JSON. The request body immediately
          follows the request headers. This is the part of a request that contains
          any additional data that you want to send to your web server as the HTTP
          request body, such as data from a form. '
        properties:
          InvalidFallbackBehavior:
            description: What AWS WAF should do if it fails to completely parse the
              JSON body.
            enum:
            - MATCH
            - NO_MATCH
            - EVALUATE_AS_STRING
            type: string
          MatchPattern:
            additionalProperties: false
            description: 'The patterns to look for in the JSON body. AWS WAF inspects
              the results of these pattern matches against the rule inspection criteria. '
            properties:
              All:
                description: Match all of the elements. See also MatchScope in JsonBody.
                  You must specify either this setting or the IncludedPaths setting,
                  but not both.
                type: object
              IncludedPaths:
                description: Match only the specified include paths. See also MatchScope
                  in JsonBody.
                items:
                  pattern: ^[\/]+([^~]*(~[01])*)*{1,512}$
                  type: string
                minItems: 1
                type: array
            type: object
          MatchScope:
            description: 'The parts of the JSON to match against using the MatchPattern.
              If you specify All, AWS WAF matches against keys and values. '
            enum:
            - ALL
            - KEY
            - VALUE
            type: string
        required:
        - MatchPattern
        - MatchScope
        type: object
      Method:
        description: 'Inspect the HTTP method. The method indicates the type of operation
          that the request is asking the origin to perform. '
        type: object
      QueryString:
        description: 'Inspect the query string. This is the part of a URL that appears
          after a ? character, if any. '
        type: object
      SingleHeader:
        additionalProperties: false
        description: Inspect a single header. Provide the name of the header to inspect,
          for example, User-Agent or Referer. This setting isn't case sensitive.
        properties:
          Name:
            description: The name of the query header to inspect.
            type: string
        required:
        - Name
        type: object
      UriPath:
        description: 'Inspect the request URI path. This is the part of a web request
          that identifies a resource, for example, /images/daily-ad.jpg. '
        type: object
    type: object
  Filter:
    additionalProperties: false
    properties:
      Behavior:
        description: 'How to handle logs that satisfy the filter''s conditions and
          requirement. '
        enum:
        - KEEP
        - DROP
        type: string
      Conditions:
        description: Match conditions for the filter.
        items:
          additionalProperties: false
          properties:
            ActionCondition:
              additionalProperties: false
              description: A single action condition.
              properties:
                Action:
                  description: Logic to apply to the filtering conditions. You can
                    specify that, in order to satisfy the filter, a log must match
                    all conditions or must match at least one condition.
                  enum:
                  - ALLOW
                  - BLOCK
                  - COUNT
                  - CAPTCHA
                  - EXCLUDED_AS_COUNT
                  type: string
              required:
              - Action
              type: object
            LabelNameCondition:
              additionalProperties: false
              description: A single label name condition.
              properties:
                LabelName:
                  description: 'The label name that a log record must contain in order
                    to meet the condition. This must be a fully qualified label name.
                    Fully qualified labels have a prefix, optional namespaces, and
                    label name. The prefix identifies the rule group or web ACL context
                    of the rule that added the label. '
                  type: string
              required:
              - LabelName
              type: object
          type: object
        minItems: 1
        type: array
      Requirement:
        description: Logic to apply to the filtering conditions. You can specify that,
          in order to satisfy the filter, a log must match all conditions or must
          match at least one condition.
        enum:
        - MEETS_ALL
        - MEETS_ANY
        type: string
    required:
    - Behavior
    - Conditions
    - Requirement
    type: object
properties:
  LogDestinationConfigs:
    description: The Amazon Resource Names (ARNs) of the logging destinations that
      you want to associate with the web ACL.
    items:
      type: string
    type: array
  LoggingFilter:
    additionalProperties: false
    description: Filtering that specifies which web requests are kept in the logs
      and which are dropped. You can filter on the rule action and on the web request
      labels that were applied by matching rules during web ACL evaluation.
    properties:
      DefaultBehavior:
        description: Default handling for logs that don't match any of the specified
          filtering conditions.
        enum:
        - KEEP
        - DROP
        type: string
      Filters:
        description: The filters that you want to apply to the logs.
        items:
          additionalProperties: false
          properties:
            Behavior:
              description: 'How to handle logs that satisfy the filter''s conditions
                and requirement. '
              enum:
              - KEEP
              - DROP
              type: string
            Conditions:
              description: Match conditions for the filter.
              items:
                additionalProperties: false
                properties:
                  ActionCondition:
                    additionalProperties: false
                    description: A single action condition.
                    properties:
                      Action:
                        description: Logic to apply to the filtering conditions. You
                          can specify that, in order to satisfy the filter, a log
                          must match all conditions or must match at least one condition.
                        enum:
                        - ALLOW
                        - BLOCK
                        - COUNT
                        - CAPTCHA
                        - EXCLUDED_AS_COUNT
                        type: string
                    required:
                    - Action
                    type: object
                  LabelNameCondition:
                    additionalProperties: false
                    description: A single label name condition.
                    properties:
                      LabelName:
                        description: 'The label name that a log record must contain
                          in order to meet the condition. This must be a fully qualified
                          label name. Fully qualified labels have a prefix, optional
                          namespaces, and label name. The prefix identifies the rule
                          group or web ACL context of the rule that added the label. '
                        type: string
                    required:
                    - LabelName
                    type: object
                type: object
              minItems: 1
              type: array
            Requirement:
              description: Logic to apply to the filtering conditions. You can specify
                that, in order to satisfy the filter, a log must match all conditions
                or must match at least one condition.
              enum:
              - MEETS_ALL
              - MEETS_ANY
              type: string
          required:
          - Behavior
          - Conditions
          - Requirement
          type: object
        minItems: 1
        type: array
    required:
    - DefaultBehavior
    - Filters
    type: object
  RedactedFields:
    description: The parts of the request that you want to keep out of the logs. For
      example, if you redact the HEADER field, the HEADER field in the firehose will
      be xxx.
    insertionOrder: false
    items:
      additionalProperties: false
      description: A key-value pair to associate with a resource.
      properties:
        JsonBody:
          additionalProperties: false
          description: 'Inspect the request body as JSON. The request body immediately
            follows the request headers. This is the part of a request that contains
            any additional data that you want to send to your web server as the HTTP
            request body, such as data from a form. '
          properties:
            InvalidFallbackBehavior:
              description: What AWS WAF should do if it fails to completely parse
                the JSON body.
              enum:
              - MATCH
              - NO_MATCH
              - EVALUATE_AS_STRING
              type: string
            MatchPattern:
              additionalProperties: false
              description: 'The patterns to look for in the JSON body. AWS WAF inspects
                the results of these pattern matches against the rule inspection criteria. '
              properties:
                All:
                  description: Match all of the elements. See also MatchScope in JsonBody.
                    You must specify either this setting or the IncludedPaths setting,
                    but not both.
                  type: object
                IncludedPaths:
                  description: Match only the specified include paths. See also MatchScope
                    in JsonBody.
                  items:
                    pattern: ^[\/]+([^~]*(~[01])*)*{1,512}$
                    type: string
                  minItems: 1
                  type: array
              type: object
            MatchScope:
              description: 'The parts of the JSON to match against using the MatchPattern.
                If you specify All, AWS WAF matches against keys and values. '
              enum:
              - ALL
              - KEY
              - VALUE
              type: string
          required:
          - MatchPattern
          - MatchScope
          type: object
        Method:
          description: 'Inspect the HTTP method. The method indicates the type of
            operation that the request is asking the origin to perform. '
          type: object
        QueryString:
          description: 'Inspect the query string. This is the part of a URL that appears
            after a ? character, if any. '
          type: object
        SingleHeader:
          additionalProperties: false
          description: Inspect a single header. Provide the name of the header to
            inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
          properties:
            Name:
              description: The name of the query header to inspect.
              type: string
          required:
          - Name
          type: object
        UriPath:
          description: 'Inspect the request URI path. This is the part of a web request
            that identifies a resource, for example, /images/daily-ad.jpg. '
          type: object
      type: object
    type: array
  type:
    enum:
    - update

Permissions - wafv2:PutLoggingConfiguration, wafv2:GetLoggingConfiguration, firehose:ListDeliveryStreams, iam:CreateServiceLinkedRole, iam:DescribeOrganization, logs:CreateLogDelivery, s3:PutBucketPolicy, s3:GetBucketPolicy, logs:PutResourcePolicy, logs:DescribeResourcePolicies, logs:DescribeLogGroups