logging_configurations
Creates, updates, deletes or gets a logging_configuration resource or lists logging_configurations in a region
Overview
| Name | logging_configurations |
| Type | Resource |
| Description | Resource type definition for AWS::NetworkFirewall::LoggingConfiguration |
| Id | awscc.networkfirewall.logging_configurations |
Fields
| Name | Datatype | Description |
|---|---|---|
firewall_name | string | |
firewall_arn | string | A resource ARN. |
logging_configuration | object | Resource type definition for AWS::NetworkFirewall::LoggingConfiguration |
enable_monitoring_dashboard | boolean | |
region | string | AWS region. |
For more information, see AWS::NetworkFirewall::LoggingConfiguration.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | FirewallArn, LoggingConfiguration, region |
delete_resource | DELETE | Identifier, region |
update_resource | UPDATE | Identifier, PatchDocument, region |
get_resource | SELECT | Identifier, region |
SELECT examples
Gets all properties from an individual logging_configuration.
SELECT
region,
firewall_name,
firewall_arn,
logging_configuration,
enable_monitoring_dashboard
FROM awscc.networkfirewall.logging_configurations
WHERE
region = 'us-east-1' AND
Identifier = '{{ firewall_arn }}';
INSERT example
Use the following StackQL query and manifest file to create a new logging_configuration resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.networkfirewall.logging_configurations (
FirewallArn,
LoggingConfiguration,
region
)
SELECT
'{{ firewall_arn }}',
'{{ logging_configuration }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.networkfirewall.logging_configurations (
FirewallName,
FirewallArn,
LoggingConfiguration,
EnableMonitoringDashboard,
region
)
SELECT
'{{ firewall_name }}',
'{{ firewall_arn }}',
'{{ logging_configuration }}',
'{{ enable_monitoring_dashboard }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: logging_configuration
props:
- name: firewall_name
value: '{{ firewall_name }}'
- name: firewall_arn
value: '{{ firewall_arn }}'
- name: logging_configuration
value:
firewall_name: '{{ firewall_name }}'
firewall_arn: null
logging_configuration: null
enable_monitoring_dashboard: '{{ enable_monitoring_dashboard }}'
- name: enable_monitoring_dashboard
value: '{{ enable_monitoring_dashboard }}'
UPDATE example
Use the following StackQL query and manifest file to update a logging_configuration resource, using stack-deploy.
/*+ update */
UPDATE awscc.networkfirewall.logging_configurations
SET PatchDocument = string('{{ {
"LoggingConfiguration": logging_configuration,
"EnableMonitoringDashboard": enable_monitoring_dashboard
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ firewall_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.networkfirewall.logging_configurations
WHERE
Identifier = '{{ firewall_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the logging_configurations resource, the following permissions are required:
- Create
- Read
- Update
- Delete
logs:CreateLogDelivery,
logs:GetLogDelivery,
logs:ListLogDeliveries,
s3:PutBucketPolicy,
s3:GetBucketPolicy,
logs:PutResourcePolicy,
logs:DescribeResourcePolicies,
logs:DescribeLogGroups,
iam:CreateServiceLinkedRole,
firehose:TagDeliveryStream,
network-firewall:UpdateLoggingConfiguration,
network-firewall:DescribeLoggingConfiguration
logs:GetLogDelivery,
logs:ListLogDeliveries,
network-firewall:DescribeLoggingConfiguration
logs:CreateLogDelivery,
logs:DeleteLogDelivery,
logs:GetLogDelivery,
logs:UpdateLogDelivery,
logs:ListLogDeliveries,
s3:PutBucketPolicy,
s3:GetBucketPolicy,
logs:PutResourcePolicy,
logs:DescribeResourcePolicies,
logs:DescribeLogGroups,
iam:CreateServiceLinkedRole,
firehose:TagDeliveryStream,
network-firewall:UpdateLoggingConfiguration,
network-firewall:DescribeLoggingConfiguration
logs:DeleteLogDelivery,
logs:ListLogDeliveries,
logs:GetLogDelivery,
network-firewall:UpdateLoggingConfiguration,
network-firewall:DescribeLoggingConfiguration