Module Smaws_Client_WAFV2.PutLoggingConfiguration

val request : Smaws_Lib.Context.t -> put_logging_configuration_request -> (put_logging_configuration_response, [> Smaws_Lib.Protocols.AwsJson.error | `WAFInternalErrorException of waf_internal_error_exception | `WAFInvalidOperationException of waf_invalid_operation_exception | `WAFInvalidParameterException of waf_invalid_parameter_exception | `WAFLimitsExceededException of waf_limits_exceeded_exception | `WAFLogDestinationPermissionIssueException of waf_log_destination_permission_issue_exception | `WAFNonexistentItemException of waf_nonexistent_item_exception | `WAFOptimisticLockException of waf_optimistic_lock_exception | `WAFServiceLinkedRoleErrorException of waf_service_linked_role_error_exception ]) Stdlib.result

Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.

This operation completely replaces any mutable specifications that you already have for a logging configuration with the ones that you provide to this call.

To modify an existing logging configuration, do the following:

  1. Retrieve it by calling GetLoggingConfiguration
  2. Update its settings as needed
  3. Provide the complete logging configuration specification to this call

You can define one logging destination per web ACL.

You can access information about the traffic that WAF inspects using the following steps:

  1. Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

    The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.

    For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.

  2. Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.

For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.