awscc_wafv2_logging_configuration (Resource)

A WAFv2 Logging Configuration Resource Provider

Example Usage

Basic usage

Creates a WAFv2 Web ACL Logging Configuration resource. Note that AWS Provider resources for aws_wafv2_web_acl and [aws_cloudwatch_log_group] (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) are used.

resource "awscc_wafv2_logging_configuration" "awscc_waf_logging" {
  resource_arn            = aws_wafv2_web_acl.example.arn
  log_destination_configs = [aws_cloudwatch_log_group.example.arn]

  tags = [{
    key   = "Modified By"
    value = "AWSCC"
  }]
}

resource "aws_cloudwatch_log_group" "example" {
  name = "example"
}

resource "aws_wafv2_web_acl" "example" {
  name        = "managed-rule-example"
  description = "Example of a managed rule."
  scope       = "REGIONAL"

  default_action {
    block {}
  }

  rule {
    name     = "AWS-AWSManagedRulesCommonRuleSet"
    priority = 1

    override_action {
      none {}
    }

    statement {
      managed_rule_group_statement {
        name        = "AWSManagedRulesCommonRuleSet"
        vendor_name = "AWS"
      }
    }

    visibility_config {
      cloudwatch_metrics_enabled = true
      metric_name                = "AWS-AWSManagedRulesCommonRuleSet"
      sampled_requests_enabled   = true
    }
  }

  visibility_config {
    cloudwatch_metrics_enabled = true
    metric_name                = "ExternalACL"
    sampled_requests_enabled   = true
  }
}

With Logging Filter

resource "awscc_wafv2_logging_configuration" "awscc_waf_logging_filter" {
  resource_arn            = aws_wafv2_web_acl.example.arn
  log_destination_configs = [aws_cloudwatch_log_group.example.arn]

  logging_filter = {
    default_behavior = "KEEP"

    filters = [{
      behavior = "DROP"
      conditions = [{
        action_condition = {
          action = "BLOCK"
        }
      }]

      requirement = "MEETS_ANY"
    }]
  }

}

With Redacted Fields

resource "awscc_wafv2_logging_configuration" "awscc_waf_logging_redacted_fields" {
  resource_arn            = aws_wafv2_web_acl.example.arn
  log_destination_configs = [aws_cloudwatch_log_group.example.arn]
  redacted_fields = [{
    single_header = {
      name = "authorization"
    }
  }]
}

Schema

Required

Optional

Read-Only

Nested Schema for logging_filter

Required:

Nested Schema for logging_filter.filters

Required:

Nested Schema for logging_filter.filters.conditions

Optional:

Nested Schema for logging_filter.filters.conditions.action_condition

Required:

Nested Schema for logging_filter.filters.conditions.label_name_condition

Required:

Nested Schema for redacted_fields

Optional:

Nested Schema for redacted_fields.single_header

Required:

Import

Import is supported using the following syntax:

$ terraform import awscc_wafv2_logging_configuration.example <resource ID>