waf_put_logging_configuration: Associates a LoggingConfiguration with a specified web ACL

Description

Associates a LoggingConfiguration with a specified web ACL.

Usage

waf_put_logging_configuration(LoggingConfiguration)

Arguments

LoggingConfiguration

[required] The Amazon Kinesis Data Firehose that contains the inspected traffic information, the redacted fields details, and the Amazon Resource Name (ARN) of the web ACL to monitor.

When specifying Type in RedactedFields, you must use one of the following values: URI, QUERY_STRING, HEADER, or METHOD.

Request syntax

svc$put_logging_configuration(
  LoggingConfiguration = list(
    ResourceArn = "string",
    LogDestinationConfigs = list(
      "string"
    ),
    RedactedFields = list(
      list(
        Type = "URI"|"QUERY_STRING"|"HEADER"|"METHOD"|"BODY"|"SINGLE_QUERY_ARG"|"ALL_QUERY_ARGS",
        Data = "string"
      )
    )
  )
)

Details

You can access information about all traffic that AWS WAF inspects using the following steps:

Create an Amazon Kinesis Data Firehose.

Create the data firehose with a PUT source and in the region that you are operating. However, if you are capturing logs for Amazon CloudFront, always create the firehose in US East (N. Virginia).

Do not create the data firehose using a Kinesis stream as your source.
Associate that firehose to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF will create a service linked role with the necessary permissions to write logs to the Amazon Kinesis Data Firehose. For more information, see Logging Web ACL Traffic Information in the AWS WAF Developer Guide.