@pulumi/aws 6.0.0-alpha.2 → 6.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/alb/targetGroupAttachment.d.ts +17 -10
- package/alb/targetGroupAttachment.js +2 -1
- package/alb/targetGroupAttachment.js.map +1 -1
- package/appconfig/environment.d.ts +1 -1
- package/appflow/flow.d.ts +98 -0
- package/appflow/flow.js +98 -0
- package/appflow/flow.js.map +1 -1
- package/applicationloadbalancing/targetGroupAttachment.d.ts +17 -10
- package/applicationloadbalancing/targetGroupAttachment.js +2 -1
- package/applicationloadbalancing/targetGroupAttachment.js.map +1 -1
- package/appsync/graphQLApi.d.ts +0 -134
- package/appsync/graphQLApi.js +0 -134
- package/appsync/graphQLApi.js.map +1 -1
- package/backup/regionSettings.d.ts +3 -3
- package/batch/computeEnvironment.d.ts +2 -0
- package/batch/computeEnvironment.js +2 -0
- package/batch/computeEnvironment.js.map +1 -1
- package/budgets/getBudget.d.ts +130 -0
- package/budgets/getBudget.js +51 -0
- package/budgets/getBudget.js.map +1 -0
- package/budgets/index.d.ts +3 -0
- package/budgets/index.js +4 -1
- package/budgets/index.js.map +1 -1
- package/chime/index.d.ts +9 -0
- package/chime/index.js +16 -1
- package/chime/index.js.map +1 -1
- package/chime/sdkvoiceGlobalSettings.d.ts +73 -0
- package/chime/sdkvoiceGlobalSettings.js +75 -0
- package/chime/sdkvoiceGlobalSettings.js.map +1 -0
- package/chime/sdkvoiceSipMediaApplication.d.ts +145 -0
- package/chime/sdkvoiceSipMediaApplication.js +95 -0
- package/chime/sdkvoiceSipMediaApplication.js.map +1 -0
- package/chime/sdkvoiceSipRule.d.ts +134 -0
- package/chime/sdkvoiceSipRule.js +99 -0
- package/chime/sdkvoiceSipRule.js.map +1 -0
- package/chime/voiceConnector.d.ts +44 -0
- package/chime/voiceConnector.js +6 -0
- package/chime/voiceConnector.js.map +1 -1
- package/cleanrooms/collaboration.d.ts +256 -0
- package/cleanrooms/collaboration.js +123 -0
- package/cleanrooms/collaboration.js.map +1 -0
- package/cleanrooms/index.d.ts +3 -0
- package/cleanrooms/index.js +22 -0
- package/cleanrooms/index.js.map +1 -0
- package/cloudfront/cachePolicy.d.ts +22 -22
- package/cloudfront/cachePolicy.js +2 -2
- package/cloudwatch/eventTarget.d.ts +8 -2
- package/cloudwatch/eventTarget.js +8 -2
- package/cloudwatch/eventTarget.js.map +1 -1
- package/cloudwatch/internetMonitor.d.ts +12 -0
- package/cloudwatch/internetMonitor.js +2 -0
- package/cloudwatch/internetMonitor.js.map +1 -1
- package/cloudwatch/metricStream.d.ts +94 -0
- package/cloudwatch/metricStream.js +94 -0
- package/cloudwatch/metricStream.js.map +1 -1
- package/codebuild/project.d.ts +2 -2
- package/codebuild/project.js +2 -2
- package/cognito/identityPool.d.ts +1 -1
- package/cognito/identityPool.js +1 -1
- package/cognito/index.d.ts +3 -0
- package/cognito/index.js +6 -1
- package/cognito/index.js.map +1 -1
- package/cognito/managedUserPoolClient.d.ts +394 -0
- package/cognito/managedUserPoolClient.js +170 -0
- package/cognito/managedUserPoolClient.js.map +1 -0
- package/cognito/userPool.d.ts +3 -3
- package/cognito/userPoolClient.d.ts +14 -14
- package/cognito/userPoolClient.js +1 -1
- package/config/vars.d.ts +5 -0
- package/config/vars.js +6 -0
- package/config/vars.js.map +1 -1
- package/cur/reportDefinition.d.ts +7 -4
- package/cur/reportDefinition.js +4 -1
- package/cur/reportDefinition.js.map +1 -1
- package/datasync/locationObjectStorage.d.ts +3 -3
- package/ec2/getInstances.d.ts +54 -0
- package/ec2/getInstances.js +54 -0
- package/ec2/getInstances.js.map +1 -1
- package/ec2/getVpcPeeringConnections.d.ts +34 -0
- package/ec2/getVpcPeeringConnections.js +34 -0
- package/ec2/getVpcPeeringConnections.js.map +1 -1
- package/ec2/instance.d.ts +61 -0
- package/ec2/instance.js +39 -0
- package/ec2/instance.js.map +1 -1
- package/ec2/managedPrefixListEntry.d.ts +8 -16
- package/ec2/managedPrefixListEntry.js +5 -13
- package/ec2/managedPrefixListEntry.js.map +1 -1
- package/ec2/peeringConnectionOptions.d.ts +6 -18
- package/ec2/peeringConnectionOptions.js.map +1 -1
- package/ec2/securityGroupRule.d.ts +6 -0
- package/ec2/securityGroupRule.js.map +1 -1
- package/ec2/spotInstanceRequest.d.ts +7 -7
- package/ec2/spotInstanceRequest.js +1 -1
- package/ec2transitgateway/connect.d.ts +3 -3
- package/ec2transitgateway/connectPeer.d.ts +16 -0
- package/ec2transitgateway/connectPeer.js +4 -0
- package/ec2transitgateway/connectPeer.js.map +1 -1
- package/ec2transitgateway/getConnectPeer.d.ts +8 -0
- package/ec2transitgateway/getConnectPeer.js.map +1 -1
- package/ec2transitgateway/getVpcAttachments.d.ts +32 -0
- package/ec2transitgateway/getVpcAttachments.js +32 -0
- package/ec2transitgateway/getVpcAttachments.js.map +1 -1
- package/ec2transitgateway/index.d.ts +3 -0
- package/ec2transitgateway/index.js +6 -1
- package/ec2transitgateway/index.js.map +1 -1
- package/ec2transitgateway/instanceConnectEndpoint.d.ts +183 -0
- package/ec2transitgateway/instanceConnectEndpoint.js +96 -0
- package/ec2transitgateway/instanceConnectEndpoint.js.map +1 -0
- package/ec2transitgateway/routeTableAssociation.d.ts +12 -0
- package/ec2transitgateway/routeTableAssociation.js +2 -0
- package/ec2transitgateway/routeTableAssociation.js.map +1 -1
- package/ecr/getPullThroughCacheRule.d.ts +67 -0
- package/ecr/getPullThroughCacheRule.js +47 -0
- package/ecr/getPullThroughCacheRule.js.map +1 -0
- package/ecr/index.d.ts +3 -0
- package/ecr/index.js +4 -1
- package/ecr/index.js.map +1 -1
- package/eks/addon.d.ts +5 -10
- package/eks/addon.js +2 -7
- package/eks/addon.js.map +1 -1
- package/eks/cluster.d.ts +2 -4
- package/eks/cluster.js +2 -4
- package/eks/cluster.js.map +1 -1
- package/eks/getAddonVersion.d.ts +4 -8
- package/eks/getAddonVersion.js +4 -8
- package/eks/getAddonVersion.js.map +1 -1
- package/eks/getCluster.d.ts +6 -12
- package/eks/getCluster.js +6 -12
- package/eks/getCluster.js.map +1 -1
- package/eks/nodeGroup.d.ts +24 -15
- package/eks/nodeGroup.js.map +1 -1
- package/elasticache/cluster.d.ts +6 -3
- package/elasticache/cluster.js.map +1 -1
- package/elasticache/globalReplicationGroup.d.ts +6 -3
- package/elasticache/globalReplicationGroup.js.map +1 -1
- package/elasticache/replicationGroup.d.ts +6 -3
- package/elasticache/replicationGroup.js.map +1 -1
- package/elasticloadbalancing/loadBalancer.d.ts +3 -3
- package/elasticloadbalancingv2/targetGroupAttachment.d.ts +17 -10
- package/elasticloadbalancingv2/targetGroupAttachment.js +2 -1
- package/elasticloadbalancingv2/targetGroupAttachment.js.map +1 -1
- package/elb/loadBalancer.d.ts +3 -3
- package/finspace/index.d.ts +12 -0
- package/finspace/index.js +37 -0
- package/finspace/index.js.map +1 -0
- package/finspace/kxCluster.d.ts +340 -0
- package/finspace/kxCluster.js +129 -0
- package/finspace/kxCluster.js.map +1 -0
- package/finspace/kxDatabase.d.ts +165 -0
- package/finspace/kxDatabase.js +102 -0
- package/finspace/kxDatabase.js.map +1 -0
- package/finspace/kxEnvironment.d.ts +235 -0
- package/finspace/kxEnvironment.js +132 -0
- package/finspace/kxEnvironment.js.map +1 -0
- package/finspace/kxUser.d.ts +160 -0
- package/finspace/kxUser.js +112 -0
- package/finspace/kxUser.js.map +1 -0
- package/fis/experimentTemplate.d.ts +12 -0
- package/fis/experimentTemplate.js +2 -0
- package/fis/experimentTemplate.js.map +1 -1
- package/getArn.d.ts +2 -3
- package/getArn.js +1 -0
- package/getArn.js.map +1 -1
- package/getBillingServiceAccount.d.ts +67 -2
- package/getBillingServiceAccount.js +56 -3
- package/getBillingServiceAccount.js.map +1 -1
- package/getCallerIdentity.d.ts +37 -2
- package/getCallerIdentity.js +26 -3
- package/getCallerIdentity.js.map +1 -1
- package/getDefaultTags.d.ts +2 -15
- package/getDefaultTags.js +1 -1
- package/getDefaultTags.js.map +1 -1
- package/getIpRanges.d.ts +2 -3
- package/getIpRanges.js +1 -0
- package/getIpRanges.js.map +1 -1
- package/getPartition.d.ts +41 -2
- package/getPartition.js +30 -3
- package/getPartition.js.map +1 -1
- package/getRegion.d.ts +2 -3
- package/getRegion.js +1 -0
- package/getRegion.js.map +1 -1
- package/getRegions.d.ts +9 -1
- package/getRegions.js +1 -0
- package/getRegions.js.map +1 -1
- package/getService.d.ts +2 -3
- package/getService.js +1 -0
- package/getService.js.map +1 -1
- package/globalaccelerator/customRoutingAccelerator.d.ts +192 -0
- package/globalaccelerator/customRoutingAccelerator.js +100 -0
- package/globalaccelerator/customRoutingAccelerator.js.map +1 -0
- package/globalaccelerator/customRoutingEndpointGroup.d.ts +130 -0
- package/globalaccelerator/customRoutingEndpointGroup.js +93 -0
- package/globalaccelerator/customRoutingEndpointGroup.js.map +1 -0
- package/globalaccelerator/customRoutingListener.d.ts +104 -0
- package/globalaccelerator/customRoutingListener.js +93 -0
- package/globalaccelerator/customRoutingListener.js.map +1 -0
- package/globalaccelerator/getAccelerator.d.ts +3 -9
- package/globalaccelerator/getAccelerator.js +1 -1
- package/globalaccelerator/getAccelerator.js.map +1 -1
- package/globalaccelerator/getCustomRoutingAccelerator.d.ts +96 -0
- package/globalaccelerator/getCustomRoutingAccelerator.js +58 -0
- package/globalaccelerator/getCustomRoutingAccelerator.js.map +1 -0
- package/globalaccelerator/index.d.ts +12 -0
- package/globalaccelerator/index.js +19 -1
- package/globalaccelerator/index.js.map +1 -1
- package/glue/crawler.d.ts +21 -0
- package/glue/crawler.js +2 -0
- package/glue/crawler.js.map +1 -1
- package/glue/devEndpoint.d.ts +3 -3
- package/glue/workflow.d.ts +3 -3
- package/guardduty/getFindingIds.d.ts +66 -0
- package/guardduty/getFindingIds.js +49 -0
- package/guardduty/getFindingIds.js.map +1 -0
- package/guardduty/index.d.ts +3 -0
- package/guardduty/index.js +4 -1
- package/guardduty/index.js.map +1 -1
- package/iam/getPrincipalPolicySimulation.d.ts +167 -0
- package/iam/getPrincipalPolicySimulation.js +48 -0
- package/iam/getPrincipalPolicySimulation.js.map +1 -0
- package/iam/index.d.ts +3 -0
- package/iam/index.js +5 -2
- package/iam/index.js.map +1 -1
- package/index.d.ts +9 -4
- package/index.js +15 -8
- package/index.js.map +1 -1
- package/iot/getEndpoint.d.ts +50 -0
- package/iot/getEndpoint.js +50 -0
- package/iot/getEndpoint.js.map +1 -1
- package/kendra/querySuggestionsBlockList.d.ts +24 -24
- package/kendra/querySuggestionsBlockList.js +2 -2
- package/keyspaces/table.d.ts +12 -0
- package/keyspaces/table.js +2 -0
- package/keyspaces/table.js.map +1 -1
- package/kinesis/firehoseDeliveryStream.d.ts +0 -50
- package/kinesis/firehoseDeliveryStream.js +0 -50
- package/kinesis/firehoseDeliveryStream.js.map +1 -1
- package/lambda/eventSourceMapping.d.ts +6 -48
- package/lambda/eventSourceMapping.js +0 -42
- package/lambda/eventSourceMapping.js.map +1 -1
- package/lambda/function.d.ts +51 -4
- package/lambda/function.js +36 -1
- package/lambda/function.js.map +1 -1
- package/lambda/provisionedConcurrencyConfig.d.ts +2 -2
- package/lambda/provisionedConcurrencyConfig.js +2 -2
- package/lb/targetGroupAttachment.d.ts +17 -10
- package/lb/targetGroupAttachment.js +2 -1
- package/lb/targetGroupAttachment.js.map +1 -1
- package/msk/cluster.d.ts +108 -0
- package/msk/cluster.js +108 -0
- package/msk/cluster.js.map +1 -1
- package/opensearch/getServerlessAccessPolicy.d.ts +81 -0
- package/opensearch/getServerlessAccessPolicy.js +52 -0
- package/opensearch/getServerlessAccessPolicy.js.map +1 -0
- package/opensearch/getServerlessCollection.d.ts +101 -0
- package/opensearch/getServerlessCollection.js +51 -0
- package/opensearch/getServerlessCollection.js.map +1 -0
- package/opensearch/getServerlessSecurityConfig.d.ts +91 -0
- package/opensearch/getServerlessSecurityConfig.js +50 -0
- package/opensearch/getServerlessSecurityConfig.js.map +1 -0
- package/opensearch/getServerlessSecurityPolicy.d.ts +90 -0
- package/opensearch/getServerlessSecurityPolicy.js +50 -0
- package/opensearch/getServerlessSecurityPolicy.js.map +1 -0
- package/opensearch/getServerlessVpcEndpoint.d.ts +79 -0
- package/opensearch/getServerlessVpcEndpoint.js +47 -0
- package/opensearch/getServerlessVpcEndpoint.js.map +1 -0
- package/opensearch/index.d.ts +30 -0
- package/opensearch/index.js +41 -1
- package/opensearch/index.js.map +1 -1
- package/opensearch/serverlessAccessPolicy.d.ts +138 -0
- package/opensearch/serverlessAccessPolicy.js +106 -0
- package/opensearch/serverlessAccessPolicy.js.map +1 -0
- package/opensearch/serverlessCollection.d.ts +167 -0
- package/opensearch/serverlessCollection.js +104 -0
- package/opensearch/serverlessCollection.js.map +1 -0
- package/opensearch/serverlessSecurityConfig.d.ts +113 -0
- package/opensearch/serverlessSecurityConfig.js +76 -0
- package/opensearch/serverlessSecurityConfig.js.map +1 -0
- package/opensearch/serverlessSecurityPolicy.d.ts +148 -0
- package/opensearch/serverlessSecurityPolicy.js +116 -0
- package/opensearch/serverlessSecurityPolicy.js.map +1 -0
- package/opensearch/serverlessVpcEndpoint.d.ts +120 -0
- package/opensearch/serverlessVpcEndpoint.js +91 -0
- package/opensearch/serverlessVpcEndpoint.js.map +1 -0
- package/organizations/getPolicies.d.ts +45 -0
- package/organizations/getPolicies.js +29 -0
- package/organizations/getPolicies.js.map +1 -0
- package/organizations/getPoliciesForTarget.d.ts +54 -0
- package/organizations/getPoliciesForTarget.js +30 -0
- package/organizations/getPoliciesForTarget.js.map +1 -0
- package/organizations/index.d.ts +9 -0
- package/organizations/index.js +12 -1
- package/organizations/index.js.map +1 -1
- package/organizations/resourcePolicy.d.ts +137 -0
- package/organizations/resourcePolicy.js +109 -0
- package/organizations/resourcePolicy.js.map +1 -0
- package/package.json +2 -2
- package/package.json.dev +2 -2
- package/pinpoint/smsChannel.d.ts +18 -18
- package/pinpoint/smsChannel.js +2 -2
- package/pipes/pipe.d.ts +52 -19
- package/pipes/pipe.js +25 -8
- package/pipes/pipe.js.map +1 -1
- package/provider.d.ts +10 -0
- package/provider.js +2 -1
- package/provider.js.map +1 -1
- package/quicksight/dataSet.d.ts +2 -2
- package/quicksight/dataSet.js +0 -3
- package/quicksight/dataSet.js.map +1 -1
- package/quicksight/getTheme.d.ts +133 -0
- package/quicksight/getTheme.js +51 -0
- package/quicksight/getTheme.js.map +1 -0
- package/quicksight/index.d.ts +6 -0
- package/quicksight/index.js +9 -1
- package/quicksight/index.js.map +1 -1
- package/quicksight/refreshSchedule.d.ts +44 -0
- package/quicksight/refreshSchedule.js +44 -0
- package/quicksight/refreshSchedule.js.map +1 -1
- package/quicksight/theme.d.ts +211 -0
- package/quicksight/theme.js +97 -0
- package/quicksight/theme.js.map +1 -0
- package/rds/eventSubscription.d.ts +3 -3
- package/rds/getInstance.d.ts +1 -1
- package/rds/instance.d.ts +3 -3
- package/rds/proxy.d.ts +3 -3
- package/redshift/cluster.d.ts +8 -0
- package/redshift/cluster.js +2 -0
- package/redshift/cluster.js.map +1 -1
- package/redshift/getCluster.d.ts +5 -1
- package/redshift/getCluster.js.map +1 -1
- package/s3/bucketNotification.d.ts +15 -3
- package/s3/bucketNotification.js +12 -0
- package/s3/bucketNotification.js.map +1 -1
- package/servicecatalog/getProduct.d.ts +13 -13
- package/servicecatalog/getProduct.js +4 -4
- package/ses/activeReceiptRuleSet.d.ts +8 -0
- package/ses/activeReceiptRuleSet.js +8 -0
- package/ses/activeReceiptRuleSet.js.map +1 -1
- package/sesv2/emailIdentity.d.ts +15 -3
- package/sesv2/emailIdentity.js.map +1 -1
- package/sesv2/getEmailIdentity.d.ts +97 -0
- package/sesv2/getEmailIdentity.js +50 -0
- package/sesv2/getEmailIdentity.js.map +1 -0
- package/sesv2/getEmailIdentityMailFromAttributes.d.ts +75 -0
- package/sesv2/getEmailIdentityMailFromAttributes.js +55 -0
- package/sesv2/getEmailIdentityMailFromAttributes.js.map +1 -0
- package/sesv2/index.d.ts +6 -0
- package/sesv2/index.js +7 -1
- package/sesv2/index.js.map +1 -1
- package/sfn/alias.d.ts +136 -0
- package/sfn/alias.js +103 -0
- package/sfn/alias.js.map +1 -0
- package/sfn/getAlias.d.ts +97 -0
- package/sfn/getAlias.js +53 -0
- package/sfn/getAlias.js.map +1 -0
- package/sfn/getStateMachine.d.ts +5 -0
- package/sfn/getStateMachine.js.map +1 -1
- package/sfn/getStateMachineVersions.d.ts +65 -0
- package/sfn/getStateMachineVersions.js +49 -0
- package/sfn/getStateMachineVersions.js.map +1 -0
- package/sfn/index.d.ts +9 -0
- package/sfn/index.js +12 -1
- package/sfn/index.js.map +1 -1
- package/sfn/stateMachine.d.ts +45 -0
- package/sfn/stateMachine.js +35 -0
- package/sfn/stateMachine.js.map +1 -1
- package/ssm/patchBaseline.d.ts +6 -0
- package/ssm/patchBaseline.js.map +1 -1
- package/timestreamwrite/table.d.ts +30 -0
- package/timestreamwrite/table.js +20 -0
- package/timestreamwrite/table.js.map +1 -1
- package/transfer/agreement.d.ts +170 -0
- package/transfer/agreement.js +110 -0
- package/transfer/agreement.js.map +1 -0
- package/transfer/certificate.d.ts +172 -0
- package/transfer/certificate.js +103 -0
- package/transfer/certificate.js.map +1 -0
- package/transfer/connector.d.ts +152 -0
- package/transfer/connector.js +104 -0
- package/transfer/connector.js.map +1 -0
- package/transfer/index.d.ts +12 -0
- package/transfer/index.js +21 -1
- package/transfer/index.js.map +1 -1
- package/transfer/profile.d.ts +117 -0
- package/transfer/profile.js +78 -0
- package/transfer/profile.js.map +1 -0
- package/types/input.d.ts +9207 -97395
- package/types/output.d.ts +9845 -97697
- package/vpc/securityGroupEgressRule.d.ts +3 -3
- package/vpc/securityGroupEgressRule.js +4 -1
- package/vpc/securityGroupEgressRule.js.map +1 -1
- package/vpc/securityGroupIngressRule.d.ts +3 -3
- package/vpc/securityGroupIngressRule.js +4 -1
- package/vpc/securityGroupIngressRule.js.map +1 -1
- package/wafv2/ruleGroup.d.ts +0 -49
- package/wafv2/ruleGroup.js +0 -49
- package/wafv2/ruleGroup.js.map +1 -1
- package/wafv2/webAcl.d.ts +6 -246
- package/wafv2/webAcl.js +0 -240
- package/wafv2/webAcl.js.map +1 -1
- package/wafv2/webAclLoggingConfiguration.d.ts +17 -17
- package/wafv2/webAclLoggingConfiguration.js +5 -5
package/wafv2/webAcl.js
CHANGED
|
@@ -5,246 +5,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
5
5
|
exports.WebAcl = void 0;
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
|
-
/**
|
|
9
|
-
* Creates a WAFv2 Web ACL resource.
|
|
10
|
-
*
|
|
11
|
-
* > **Note:** In `fieldToMatch` blocks, _e.g._, in `byteMatchStatement`, the `body` block includes an optional argument `oversizeHandling`. AWS indicates this argument will be required starting February 2023. To avoid configurations breaking when that change happens, treat the `oversizeHandling` argument as **required** as soon as possible.
|
|
12
|
-
*
|
|
13
|
-
* ## Example Usage
|
|
14
|
-
*
|
|
15
|
-
* This resource is based on `aws.wafv2.RuleGroup`, check the documentation of the `aws.wafv2.RuleGroup` resource to see examples of the various available statements.
|
|
16
|
-
* ### Account Takeover Protection
|
|
17
|
-
*
|
|
18
|
-
* ```typescript
|
|
19
|
-
* import * as pulumi from "@pulumi/pulumi";
|
|
20
|
-
* import * as aws from "@pulumi/aws";
|
|
21
|
-
*
|
|
22
|
-
* const atp_example = new aws.wafv2.WebAcl("atp-example", {
|
|
23
|
-
* defaultAction: {
|
|
24
|
-
* allow: {},
|
|
25
|
-
* },
|
|
26
|
-
* description: "Example of a managed ATP rule.",
|
|
27
|
-
* rules: [{
|
|
28
|
-
* name: "atp-rule-1",
|
|
29
|
-
* overrideAction: {
|
|
30
|
-
* count: {},
|
|
31
|
-
* },
|
|
32
|
-
* priority: 1,
|
|
33
|
-
* statement: {
|
|
34
|
-
* managedRuleGroupStatement: {
|
|
35
|
-
* managedRuleGroupConfigs: [{
|
|
36
|
-
* awsManagedRulesAtpRuleSet: {
|
|
37
|
-
* loginPath: "/api/1/signin",
|
|
38
|
-
* requestInspection: {
|
|
39
|
-
* passwordField: {
|
|
40
|
-
* identifier: "/password",
|
|
41
|
-
* },
|
|
42
|
-
* payloadType: "JSON",
|
|
43
|
-
* usernameField: {
|
|
44
|
-
* identifier: "/email",
|
|
45
|
-
* },
|
|
46
|
-
* },
|
|
47
|
-
* responseInspection: {
|
|
48
|
-
* statusCode: {
|
|
49
|
-
* failureCodes: [403],
|
|
50
|
-
* successCodes: [200],
|
|
51
|
-
* },
|
|
52
|
-
* },
|
|
53
|
-
* },
|
|
54
|
-
* }],
|
|
55
|
-
* name: "AWSManagedRulesATPRuleSet",
|
|
56
|
-
* vendorName: "AWS",
|
|
57
|
-
* },
|
|
58
|
-
* },
|
|
59
|
-
* visibilityConfig: {
|
|
60
|
-
* cloudwatchMetricsEnabled: false,
|
|
61
|
-
* metricName: "friendly-rule-metric-name",
|
|
62
|
-
* sampledRequestsEnabled: false,
|
|
63
|
-
* },
|
|
64
|
-
* }],
|
|
65
|
-
* scope: "CLOUDFRONT",
|
|
66
|
-
* visibilityConfig: {
|
|
67
|
-
* cloudwatchMetricsEnabled: false,
|
|
68
|
-
* metricName: "friendly-metric-name",
|
|
69
|
-
* sampledRequestsEnabled: false,
|
|
70
|
-
* },
|
|
71
|
-
* });
|
|
72
|
-
* ```
|
|
73
|
-
* ### Rate Based
|
|
74
|
-
*
|
|
75
|
-
* Rate-limit US and NL-based clients to 10,000 requests for every 5 minutes.
|
|
76
|
-
*
|
|
77
|
-
* ```typescript
|
|
78
|
-
* import * as pulumi from "@pulumi/pulumi";
|
|
79
|
-
* import * as aws from "@pulumi/aws";
|
|
80
|
-
*
|
|
81
|
-
* const example = new aws.wafv2.WebAcl("example", {
|
|
82
|
-
* defaultAction: {
|
|
83
|
-
* allow: {},
|
|
84
|
-
* },
|
|
85
|
-
* description: "Example of a Cloudfront rate based statement.",
|
|
86
|
-
* rules: [{
|
|
87
|
-
* action: {
|
|
88
|
-
* block: {},
|
|
89
|
-
* },
|
|
90
|
-
* name: "rule-1",
|
|
91
|
-
* priority: 1,
|
|
92
|
-
* statement: {
|
|
93
|
-
* rateBasedStatement: {
|
|
94
|
-
* aggregateKeyType: "IP",
|
|
95
|
-
* limit: 10000,
|
|
96
|
-
* scopeDownStatement: {
|
|
97
|
-
* geoMatchStatement: {
|
|
98
|
-
* countryCodes: [
|
|
99
|
-
* "US",
|
|
100
|
-
* "NL",
|
|
101
|
-
* ],
|
|
102
|
-
* },
|
|
103
|
-
* },
|
|
104
|
-
* },
|
|
105
|
-
* },
|
|
106
|
-
* visibilityConfig: {
|
|
107
|
-
* cloudwatchMetricsEnabled: false,
|
|
108
|
-
* metricName: "friendly-rule-metric-name",
|
|
109
|
-
* sampledRequestsEnabled: false,
|
|
110
|
-
* },
|
|
111
|
-
* }],
|
|
112
|
-
* scope: "CLOUDFRONT",
|
|
113
|
-
* tags: {
|
|
114
|
-
* Tag1: "Value1",
|
|
115
|
-
* Tag2: "Value2",
|
|
116
|
-
* },
|
|
117
|
-
* visibilityConfig: {
|
|
118
|
-
* cloudwatchMetricsEnabled: false,
|
|
119
|
-
* metricName: "friendly-metric-name",
|
|
120
|
-
* sampledRequestsEnabled: false,
|
|
121
|
-
* },
|
|
122
|
-
* });
|
|
123
|
-
* ```
|
|
124
|
-
* ### Rule Group Reference
|
|
125
|
-
*
|
|
126
|
-
* ```typescript
|
|
127
|
-
* import * as pulumi from "@pulumi/pulumi";
|
|
128
|
-
* import * as aws from "@pulumi/aws";
|
|
129
|
-
*
|
|
130
|
-
* const example = new aws.wafv2.RuleGroup("example", {
|
|
131
|
-
* capacity: 10,
|
|
132
|
-
* scope: "REGIONAL",
|
|
133
|
-
* rules: [
|
|
134
|
-
* {
|
|
135
|
-
* name: "rule-1",
|
|
136
|
-
* priority: 1,
|
|
137
|
-
* action: {
|
|
138
|
-
* count: {},
|
|
139
|
-
* },
|
|
140
|
-
* statement: {
|
|
141
|
-
* geoMatchStatement: {
|
|
142
|
-
* countryCodes: ["NL"],
|
|
143
|
-
* },
|
|
144
|
-
* },
|
|
145
|
-
* visibilityConfig: {
|
|
146
|
-
* cloudwatchMetricsEnabled: false,
|
|
147
|
-
* metricName: "friendly-rule-metric-name",
|
|
148
|
-
* sampledRequestsEnabled: false,
|
|
149
|
-
* },
|
|
150
|
-
* },
|
|
151
|
-
* {
|
|
152
|
-
* name: "rule-to-exclude-a",
|
|
153
|
-
* priority: 10,
|
|
154
|
-
* action: {
|
|
155
|
-
* allow: {},
|
|
156
|
-
* },
|
|
157
|
-
* statement: {
|
|
158
|
-
* geoMatchStatement: {
|
|
159
|
-
* countryCodes: ["US"],
|
|
160
|
-
* },
|
|
161
|
-
* },
|
|
162
|
-
* visibilityConfig: {
|
|
163
|
-
* cloudwatchMetricsEnabled: false,
|
|
164
|
-
* metricName: "friendly-rule-metric-name",
|
|
165
|
-
* sampledRequestsEnabled: false,
|
|
166
|
-
* },
|
|
167
|
-
* },
|
|
168
|
-
* {
|
|
169
|
-
* name: "rule-to-exclude-b",
|
|
170
|
-
* priority: 15,
|
|
171
|
-
* action: {
|
|
172
|
-
* allow: {},
|
|
173
|
-
* },
|
|
174
|
-
* statement: {
|
|
175
|
-
* geoMatchStatement: {
|
|
176
|
-
* countryCodes: ["GB"],
|
|
177
|
-
* },
|
|
178
|
-
* },
|
|
179
|
-
* visibilityConfig: {
|
|
180
|
-
* cloudwatchMetricsEnabled: false,
|
|
181
|
-
* metricName: "friendly-rule-metric-name",
|
|
182
|
-
* sampledRequestsEnabled: false,
|
|
183
|
-
* },
|
|
184
|
-
* },
|
|
185
|
-
* ],
|
|
186
|
-
* visibilityConfig: {
|
|
187
|
-
* cloudwatchMetricsEnabled: false,
|
|
188
|
-
* metricName: "friendly-metric-name",
|
|
189
|
-
* sampledRequestsEnabled: false,
|
|
190
|
-
* },
|
|
191
|
-
* });
|
|
192
|
-
* const test = new aws.wafv2.WebAcl("test", {
|
|
193
|
-
* scope: "REGIONAL",
|
|
194
|
-
* defaultAction: {
|
|
195
|
-
* block: {},
|
|
196
|
-
* },
|
|
197
|
-
* rules: [{
|
|
198
|
-
* name: "rule-1",
|
|
199
|
-
* priority: 1,
|
|
200
|
-
* overrideAction: {
|
|
201
|
-
* count: {},
|
|
202
|
-
* },
|
|
203
|
-
* statement: {
|
|
204
|
-
* ruleGroupReferenceStatement: {
|
|
205
|
-
* arn: example.arn,
|
|
206
|
-
* ruleActionOverrides: [
|
|
207
|
-
* {
|
|
208
|
-
* actionToUse: {
|
|
209
|
-
* count: {},
|
|
210
|
-
* },
|
|
211
|
-
* name: "rule-to-exclude-b",
|
|
212
|
-
* },
|
|
213
|
-
* {
|
|
214
|
-
* actionToUse: {
|
|
215
|
-
* count: {},
|
|
216
|
-
* },
|
|
217
|
-
* name: "rule-to-exclude-a",
|
|
218
|
-
* },
|
|
219
|
-
* ],
|
|
220
|
-
* },
|
|
221
|
-
* },
|
|
222
|
-
* visibilityConfig: {
|
|
223
|
-
* cloudwatchMetricsEnabled: false,
|
|
224
|
-
* metricName: "friendly-rule-metric-name",
|
|
225
|
-
* sampledRequestsEnabled: false,
|
|
226
|
-
* },
|
|
227
|
-
* }],
|
|
228
|
-
* tags: {
|
|
229
|
-
* Tag1: "Value1",
|
|
230
|
-
* Tag2: "Value2",
|
|
231
|
-
* },
|
|
232
|
-
* visibilityConfig: {
|
|
233
|
-
* cloudwatchMetricsEnabled: false,
|
|
234
|
-
* metricName: "friendly-metric-name",
|
|
235
|
-
* sampledRequestsEnabled: false,
|
|
236
|
-
* },
|
|
237
|
-
* });
|
|
238
|
-
* ```
|
|
239
|
-
*
|
|
240
|
-
* ## Import
|
|
241
|
-
*
|
|
242
|
-
* WAFv2 Web ACLs can be imported using `ID/Name/Scope` e.g.,
|
|
243
|
-
*
|
|
244
|
-
* ```sh
|
|
245
|
-
* $ pulumi import aws:wafv2/webAcl:WebAcl example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL
|
|
246
|
-
* ```
|
|
247
|
-
*/
|
|
248
8
|
class WebAcl extends pulumi.CustomResource {
|
|
249
9
|
/**
|
|
250
10
|
* Get an existing WebAcl resource's state with the given name, ID, and optional extra
|
package/wafv2/webAcl.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webAcl.js","sourceRoot":"","sources":["../../wafv2/webAcl.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"webAcl.js","sourceRoot":"","sources":["../../wafv2/webAcl.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAIzC,0CAA0C;AAE1C,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IAC7C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;IAgED,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;SACnF;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC1D,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;aAChE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;aACnE;YACD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,KAAK,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC1C,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/C,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChD,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACjD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;;AAzIL,wBA0IC;AA5HG,gBAAgB;AACO,mBAAY,GAAG,yBAAyB,CAAC"}
|
|
@@ -2,11 +2,11 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
2
2
|
import * as inputs from "../types/input";
|
|
3
3
|
import * as outputs from "../types/output";
|
|
4
4
|
/**
|
|
5
|
-
*
|
|
5
|
+
* This resource creates a WAFv2 Web ACL Logging Configuration.
|
|
6
6
|
*
|
|
7
|
-
* > **
|
|
8
|
-
*
|
|
9
|
-
*
|
|
7
|
+
* > **NOTE:** To start logging from a WAFv2 Web ACL, you need to create an Amazon Kinesis Data Firehose resource, such as the `aws.kinesis.FirehoseDeliveryStream` resource. Make sure to create the firehose with a PUT source (not a stream) in the region where you are operating. If you are capturing logs for Amazon CloudFront, create the firehose in the US East (N. Virginia) region. It is important to name the data firehose, CloudWatch log group, and/or S3 bucket with a prefix of `aws-waf-logs-`.
|
|
8
|
+
*
|
|
9
|
+
* !> **WARNING:** When logging from a WAFv2 Web ACL to a CloudWatch Log Group, the WAFv2 service tries to create or update a generic Log Resource Policy named `AWSWAF-LOGS`. However, if there are a large number of Web ACLs or if the account frequently creates and deletes Web ACLs, this policy may exceed the maximum policy size. As a result, this resource type will fail to be created. More details about this issue can be found in this issue. To prevent this issue, you can manage a specific resource policy. Please refer to the example below for managing a CloudWatch Log Group with a managed CloudWatch Log Resource Policy.
|
|
10
10
|
*
|
|
11
11
|
* ## Example Usage
|
|
12
12
|
* ### With Redacted Fields
|
|
@@ -69,7 +69,7 @@ import * as outputs from "../types/output";
|
|
|
69
69
|
*
|
|
70
70
|
* ## Import
|
|
71
71
|
*
|
|
72
|
-
* WAFv2 Web ACL Logging Configurations
|
|
72
|
+
* To import WAFv2 Web ACL Logging Configurations, use the ARN of the WAFv2 Web ACL. For example
|
|
73
73
|
*
|
|
74
74
|
* ```sh
|
|
75
75
|
* $ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef
|
|
@@ -92,19 +92,19 @@ export declare class WebAclLoggingConfiguration extends pulumi.CustomResource {
|
|
|
92
92
|
*/
|
|
93
93
|
static isInstance(obj: any): obj is WebAclLoggingConfiguration;
|
|
94
94
|
/**
|
|
95
|
-
*
|
|
95
|
+
* Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL.
|
|
96
96
|
*/
|
|
97
97
|
readonly logDestinationConfigs: pulumi.Output<string[]>;
|
|
98
98
|
/**
|
|
99
|
-
*
|
|
99
|
+
* Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
|
|
100
100
|
*/
|
|
101
101
|
readonly loggingFilter: pulumi.Output<outputs.wafv2.WebAclLoggingConfigurationLoggingFilter | undefined>;
|
|
102
102
|
/**
|
|
103
|
-
*
|
|
103
|
+
* Configuration for parts of the request that you want to keep out of the logs. Up to 100 `redactedFields` blocks are supported. See Redacted Fields below for more details.
|
|
104
104
|
*/
|
|
105
105
|
readonly redactedFields: pulumi.Output<outputs.wafv2.WebAclLoggingConfigurationRedactedField[] | undefined>;
|
|
106
106
|
/**
|
|
107
|
-
*
|
|
107
|
+
* Amazon Resource Name (ARN) of the web ACL that you want to associate with `logDestinationConfigs`.
|
|
108
108
|
*/
|
|
109
109
|
readonly resourceArn: pulumi.Output<string>;
|
|
110
110
|
/**
|
|
@@ -121,19 +121,19 @@ export declare class WebAclLoggingConfiguration extends pulumi.CustomResource {
|
|
|
121
121
|
*/
|
|
122
122
|
export interface WebAclLoggingConfigurationState {
|
|
123
123
|
/**
|
|
124
|
-
*
|
|
124
|
+
* Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL.
|
|
125
125
|
*/
|
|
126
126
|
logDestinationConfigs?: pulumi.Input<pulumi.Input<string>[]>;
|
|
127
127
|
/**
|
|
128
|
-
*
|
|
128
|
+
* Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
|
|
129
129
|
*/
|
|
130
130
|
loggingFilter?: pulumi.Input<inputs.wafv2.WebAclLoggingConfigurationLoggingFilter>;
|
|
131
131
|
/**
|
|
132
|
-
*
|
|
132
|
+
* Configuration for parts of the request that you want to keep out of the logs. Up to 100 `redactedFields` blocks are supported. See Redacted Fields below for more details.
|
|
133
133
|
*/
|
|
134
134
|
redactedFields?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclLoggingConfigurationRedactedField>[]>;
|
|
135
135
|
/**
|
|
136
|
-
*
|
|
136
|
+
* Amazon Resource Name (ARN) of the web ACL that you want to associate with `logDestinationConfigs`.
|
|
137
137
|
*/
|
|
138
138
|
resourceArn?: pulumi.Input<string>;
|
|
139
139
|
}
|
|
@@ -142,19 +142,19 @@ export interface WebAclLoggingConfigurationState {
|
|
|
142
142
|
*/
|
|
143
143
|
export interface WebAclLoggingConfigurationArgs {
|
|
144
144
|
/**
|
|
145
|
-
*
|
|
145
|
+
* Configuration block that allows you to associate Amazon Kinesis Data Firehose, Cloudwatch Log log group, or S3 bucket Amazon Resource Names (ARNs) with the web ACL.
|
|
146
146
|
*/
|
|
147
147
|
logDestinationConfigs: pulumi.Input<pulumi.Input<string>[]>;
|
|
148
148
|
/**
|
|
149
|
-
*
|
|
149
|
+
* Configuration block that specifies which web requests are kept in the logs and which are dropped. It allows filtering based on the rule action and the web request labels applied by matching rules during web ACL evaluation. For more details, refer to the Logging Filter section below.
|
|
150
150
|
*/
|
|
151
151
|
loggingFilter?: pulumi.Input<inputs.wafv2.WebAclLoggingConfigurationLoggingFilter>;
|
|
152
152
|
/**
|
|
153
|
-
*
|
|
153
|
+
* Configuration for parts of the request that you want to keep out of the logs. Up to 100 `redactedFields` blocks are supported. See Redacted Fields below for more details.
|
|
154
154
|
*/
|
|
155
155
|
redactedFields?: pulumi.Input<pulumi.Input<inputs.wafv2.WebAclLoggingConfigurationRedactedField>[]>;
|
|
156
156
|
/**
|
|
157
|
-
*
|
|
157
|
+
* Amazon Resource Name (ARN) of the web ACL that you want to associate with `logDestinationConfigs`.
|
|
158
158
|
*/
|
|
159
159
|
resourceArn: pulumi.Input<string>;
|
|
160
160
|
}
|
|
@@ -6,11 +6,11 @@ exports.WebAclLoggingConfiguration = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
8
|
/**
|
|
9
|
-
*
|
|
9
|
+
* This resource creates a WAFv2 Web ACL Logging Configuration.
|
|
10
10
|
*
|
|
11
|
-
* > **
|
|
12
|
-
*
|
|
13
|
-
*
|
|
11
|
+
* > **NOTE:** To start logging from a WAFv2 Web ACL, you need to create an Amazon Kinesis Data Firehose resource, such as the `aws.kinesis.FirehoseDeliveryStream` resource. Make sure to create the firehose with a PUT source (not a stream) in the region where you are operating. If you are capturing logs for Amazon CloudFront, create the firehose in the US East (N. Virginia) region. It is important to name the data firehose, CloudWatch log group, and/or S3 bucket with a prefix of `aws-waf-logs-`.
|
|
12
|
+
*
|
|
13
|
+
* !> **WARNING:** When logging from a WAFv2 Web ACL to a CloudWatch Log Group, the WAFv2 service tries to create or update a generic Log Resource Policy named `AWSWAF-LOGS`. However, if there are a large number of Web ACLs or if the account frequently creates and deletes Web ACLs, this policy may exceed the maximum policy size. As a result, this resource type will fail to be created. More details about this issue can be found in this issue. To prevent this issue, you can manage a specific resource policy. Please refer to the example below for managing a CloudWatch Log Group with a managed CloudWatch Log Resource Policy.
|
|
14
14
|
*
|
|
15
15
|
* ## Example Usage
|
|
16
16
|
* ### With Redacted Fields
|
|
@@ -73,7 +73,7 @@ const utilities = require("../utilities");
|
|
|
73
73
|
*
|
|
74
74
|
* ## Import
|
|
75
75
|
*
|
|
76
|
-
* WAFv2 Web ACL Logging Configurations
|
|
76
|
+
* To import WAFv2 Web ACL Logging Configurations, use the ARN of the WAFv2 Web ACL. For example
|
|
77
77
|
*
|
|
78
78
|
* ```sh
|
|
79
79
|
* $ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef
|