AWS Network Firewall Logging Configuration
This page shows how to write Terraform and CloudFormation for Network Firewall Logging Configuration and write them securely.
aws_networkfirewall_logging_configuration (Terraform)
The Logging Configuration in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_logging_configuration
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_networkfirewall_logging_configuration" "firewall" {
firewall_arn = aws_networkfirewall_firewall.example.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.firewall.name
resource "aws_networkfirewall_logging_configuration" "this" {
count = var.firewall_enable_logging ? 1 : 0
firewall_arn = aws_networkfirewall_firewall.this.arn
logging_configuration {
log_destination_config {
log_destination = {
resource "aws_networkfirewall_logging_configuration" "default" {
firewall_arn = aws_networkfirewall_firewall.default.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.fw.name
resource "aws_networkfirewall_logging_configuration" "firewall_flow_log" {
firewall_arn = aws_networkfirewall_firewall.firewall.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.firewall_flow_log.name
resource "aws_networkfirewall_logging_configuration" "firewall_flow_log" {
firewall_arn = aws_networkfirewall_firewall.firewall.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.firewall_flow_log.name
Parameters
-
firewall_arn
required - string -
id
optional computed - string -
logging_configuration
list block-
log_destination_config
set block-
log_destination
required - map from string to string -
log_destination_type
required - string -
log_type
required - string
-
-
Explanation in Terraform Registry
Provides an AWS Network Firewall Logging Configuration Resource
AWS::NetworkFirewall::LoggingConfiguration (CloudFormation)
The LoggingConfiguration in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::LoggingConfiguration
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
FirewallName
optional - String -
FirewallArn
required - String -
LoggingConfiguration
required - LoggingConfiguration
Explanation in CloudFormation Registry
Use the AWS::NetworkFirewall::LoggingConfiguration to define the destinations and logging options for an AWS::NetworkFirewall::Firewall. You must change the logging configuration by changing one
LogDestinationConfig
setting at a time in yourLogDestinationConfigs
. You can make only one of the following changes to your AWS::NetworkFirewall::LoggingConfiguration resource: + Create a new log destination object by adding a singleLogDestinationConfig
array element toLogDestinationConfigs
.
Delete a log destination object by removing a single
LogDestinationConfig
array element fromLogDestinationConfigs
.Change the
LogDestination
setting in a singleLogDestinationConfig
array element.You can't change the
LogDestinationType
orLogType
in aLogDestinationConfig
. To change these settings, delete the existingLogDestinationConfig
object and create a new one, in two separate modifications.
Frequently asked questions
What is AWS Network Firewall Logging Configuration?
AWS Network Firewall Logging Configuration is a resource for Network Firewall of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Network Firewall Logging Configuration?
For Terraform, the toddlers/aws-network-firewall-workflow, pete911/eks-cluster and ericdahl/tf-vpc-sandbox source code examples are useful. See the Terraform Example section for further details.