AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.networkfirewall.LoggingConfiguration

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

Create LoggingConfiguration Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LoggingConfiguration(name: string, args: LoggingConfigurationArgs, opts?: CustomResourceOptions);

@overload
def LoggingConfiguration(resource_name: str,
                         args: LoggingConfigurationInitArgs,
                         opts: Optional[ResourceOptions] = None)

@overload
def LoggingConfiguration(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         firewall_arn: Optional[str] = None,
                         logging_configuration: Optional[LoggingConfigurationArgs] = None,
                         firewall_name: Optional[str] = None)

func NewLoggingConfiguration(ctx *Context, name string, args LoggingConfigurationArgs, opts ...ResourceOption) (*LoggingConfiguration, error)

public LoggingConfiguration(string name, LoggingConfigurationArgs args, CustomResourceOptions? opts = null)

public LoggingConfiguration(String name, LoggingConfigurationArgs args)
public LoggingConfiguration(String name, LoggingConfigurationArgs args, CustomResourceOptions options)

type: aws-native:networkfirewall:LoggingConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LoggingConfigurationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LoggingConfigurationInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LoggingConfigurationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LoggingConfigurationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LoggingConfigurationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

LoggingConfiguration Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LoggingConfiguration resource accepts the following input properties:

FirewallArn string: The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
LoggingConfigurationValue Pulumi.AwsNative.NetworkFirewall.Inputs.LoggingConfiguration: Defines how AWS Network Firewall performs logging for a Firewall .
FirewallName string: The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

FirewallArn string: The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
LoggingConfiguration LoggingConfigurationTypeArgs: Defines how AWS Network Firewall performs logging for a Firewall .
FirewallName string: The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

firewallArn String: The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
loggingConfiguration LoggingConfiguration: Defines how AWS Network Firewall performs logging for a Firewall .
firewallName String: The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

firewallArn string: The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
loggingConfiguration LoggingConfiguration: Defines how AWS Network Firewall performs logging for a Firewall .
firewallName string: The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

firewall_arn str: The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
logging_configuration LoggingConfigurationArgs: Defines how AWS Network Firewall performs logging for a Firewall .
firewall_name str: The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

firewallArn String: The Amazon Resource Name (ARN) of the Firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.
loggingConfiguration Property Map: Defines how AWS Network Firewall performs logging for a Firewall .
firewallName String: The name of the firewall that the logging configuration is associated with. You can't change the firewall specification after you create the logging configuration.

Outputs

All input properties are implicitly available as output properties. Additionally, the LoggingConfiguration resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Supporting Types

LoggingConfiguration, LoggingConfigurationArgs

LogDestinationConfigs List<Pulumi.AwsNative.NetworkFirewall.Inputs.LoggingConfigurationLogDestinationConfig>: Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

LogDestinationConfigs []LoggingConfigurationLogDestinationConfig: Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

logDestinationConfigs List<LoggingConfigurationLogDestinationConfig>: Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

logDestinationConfigs LoggingConfigurationLogDestinationConfig[]: Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

log_destination_configs Sequence[LoggingConfigurationLogDestinationConfig]: Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

logDestinationConfigs List<Property Map>: Defines the logging destinations for the logs for a firewall. Network Firewall generates logs for stateful rule groups.

LoggingConfigurationLogDestinationConfig, LoggingConfigurationLogDestinationConfigArgs

LogDestination Dictionary<string, string>

A key-value pair to configure the logDestinations.

LogDestinationType Pulumi.AwsNative.NetworkFirewall.LoggingConfigurationLogDestinationConfigLogDestinationType

The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

LogType Pulumi.AwsNative.NetworkFirewall.LoggingConfigurationLogDestinationConfigLogType

The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

LogDestination map[string]string

A key-value pair to configure the logDestinations.

LogDestinationType LoggingConfigurationLogDestinationConfigLogDestinationType

The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

LogType LoggingConfigurationLogDestinationConfigLogType

The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

logDestination Map<String,String>

A key-value pair to configure the logDestinations.

logDestinationType LoggingConfigurationLogDestinationConfigLogDestinationType

The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

logType LoggingConfigurationLogDestinationConfigLogType

The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

logDestination {[key: string]: string}

A key-value pair to configure the logDestinations.

logDestinationType LoggingConfigurationLogDestinationConfigLogDestinationType

The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

logType LoggingConfigurationLogDestinationConfigLogType

The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

log_destination Mapping[str, str]

A key-value pair to configure the logDestinations.

log_destination_type LoggingConfigurationLogDestinationConfigLogDestinationType

The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

log_type LoggingConfigurationLogDestinationConfigLogType

The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

logDestination Map<String>

A key-value pair to configure the logDestinations.

logDestinationType "S3" | "CloudWatchLogs" | "KinesisDataFirehose"

The type of storage destination to send these logs to. You can send logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.

logType "ALERT" | "FLOW" | "TLS"

The type of log to record. You can record the following types of logs from your Network Firewall stateful engine.

ALERT - Logs for traffic that matches your stateful rules and that have an action that sends an alert. A stateful rule sends alerts for the rule actions DROP, ALERT, and REJECT. For more information, see the StatefulRule property.
FLOW - Standard network traffic flow logs. The stateful rules engine records flow logs for all network traffic that it receives. Each flow log record captures the network flow for a specific standard stateless rule group.
TLS - Logs for events that are related to TLS inspection. For more information, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide .

LoggingConfigurationLogDestinationConfigLogDestinationType, LoggingConfigurationLogDestinationConfigLogDestinationTypeArgs

S3: S3
CloudWatchLogs: CloudWatchLogs
KinesisDataFirehose: KinesisDataFirehose

LoggingConfigurationLogDestinationConfigLogDestinationTypeS3: S3
LoggingConfigurationLogDestinationConfigLogDestinationTypeCloudWatchLogs: CloudWatchLogs
LoggingConfigurationLogDestinationConfigLogDestinationTypeKinesisDataFirehose: KinesisDataFirehose

S3: S3
CloudWatchLogs: CloudWatchLogs
KinesisDataFirehose: KinesisDataFirehose

S3: S3
CloudWatchLogs: CloudWatchLogs
KinesisDataFirehose: KinesisDataFirehose

S3: S3
CLOUD_WATCH_LOGS: CloudWatchLogs
KINESIS_DATA_FIREHOSE: KinesisDataFirehose

"S3": S3
"CloudWatchLogs": CloudWatchLogs
"KinesisDataFirehose": KinesisDataFirehose

LoggingConfigurationLogDestinationConfigLogType, LoggingConfigurationLogDestinationConfigLogTypeArgs

Alert: ALERT
Flow: FLOW
Tls: TLS

LoggingConfigurationLogDestinationConfigLogTypeAlert: ALERT
LoggingConfigurationLogDestinationConfigLogTypeFlow: FLOW
LoggingConfigurationLogDestinationConfigLogTypeTls: TLS

Alert: ALERT
Flow: FLOW
Tls: TLS

Alert: ALERT
Flow: FLOW
Tls: TLS

ALERT: ALERT
FLOW: FLOW
TLS: TLS

"ALERT": ALERT
"FLOW": FLOW
"TLS": TLS

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.networkfirewall.LoggingConfiguration

On this page

On this page

Create LoggingConfiguration Resource

Constructor syntax

Parameters

LoggingConfiguration Resource Properties

Inputs

Outputs

Supporting Types

LoggingConfiguration, LoggingConfigurationArgs

LoggingConfigurationLogDestinationConfig, LoggingConfigurationLogDestinationConfigArgs

LoggingConfigurationLogDestinationConfigLogDestinationType, LoggingConfigurationLogDestinationConfigLogDestinationTypeArgs

LoggingConfigurationLogDestinationConfigLogType, LoggingConfigurationLogDestinationConfigLogTypeArgs

Package Details

On this page

On this page