Resource: aws_networkfirewall_logging_configuration

Provides an AWS Network Firewall Logging Configuration Resource

Example Usage

Logging to S3

resource "aws_networkfirewall_logging_configuration" "example" {
  firewall_arn = aws_networkfirewall_firewall.example.arn
  logging_configuration {
    log_destination_config {
      log_destination = {
        bucketName = aws_s3_bucket.example.bucket
        prefix     = "/example"
      }
      log_destination_type = "S3"
      log_type             = "FLOW"
    }
  }
}

Logging to CloudWatch

resource "aws_networkfirewall_logging_configuration" "example" {
  firewall_arn = aws_networkfirewall_firewall.example.arn
  logging_configuration {
    log_destination_config {
      log_destination = {
        logGroup = aws_cloudwatch_log_group.example.name
      }
      log_destination_type = "CloudWatchLogs"
      log_type             = "ALERT"
    }
  }
}

Logging to Kinesis Data Firehose

resource "aws_networkfirewall_logging_configuration" "example" {
  firewall_arn = aws_networkfirewall_firewall.example.arn
  logging_configuration {
    log_destination_config {
      log_destination = {
        deliveryStream = aws_kinesis_firehose_delivery_stream.example.name
      }
      log_destination_type = "KinesisDataFirehose"
      log_type             = "ALERT"
    }
  }
}

Argument Reference

This resource supports the following arguments:

Logging Configuration

The logging_configuration block supports the following arguments:

Log Destination Config

The log_destination_config block supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Network Firewall Logging Configurations using the firewall_arn. For example:

import {
  to = aws_networkfirewall_logging_configuration.example
  id = "arn:aws:network-firewall:us-west-1:123456789012:firewall/example"
}

Using terraform import, import Network Firewall Logging Configurations using the firewall_arn. For example:

% terraform import aws_networkfirewall_logging_configuration.example arn:aws:network-firewall:us-west-1:123456789012:firewall/example