AWS Network Firewall Logging Configuration
This page shows how to write Terraform and CloudFormation for Network Firewall Logging Configuration and write them securely.
aws_networkfirewall_logging_configuration (Terraform)
The Logging Configuration in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_logging_configuration. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_networkfirewall_logging_configuration" "firewall" {
firewall_arn = aws_networkfirewall_firewall.example.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.firewall.name
resource "aws_networkfirewall_logging_configuration" "this" {
count = var.firewall_enable_logging ? 1 : 0
firewall_arn = aws_networkfirewall_firewall.this.arn
logging_configuration {
log_destination_config {
log_destination = {
resource "aws_networkfirewall_logging_configuration" "default" {
firewall_arn = aws_networkfirewall_firewall.default.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.fw.name
resource "aws_networkfirewall_logging_configuration" "firewall_flow_log" {
firewall_arn = aws_networkfirewall_firewall.firewall.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.firewall_flow_log.name
resource "aws_networkfirewall_logging_configuration" "firewall_flow_log" {
firewall_arn = aws_networkfirewall_firewall.firewall.arn
logging_configuration {
log_destination_config {
log_destination = {
logGroup = aws_cloudwatch_log_group.firewall_flow_log.name
Parameters
-
firewall_arnrequired - string -
idoptional computed - string -
logging_configurationlist block-
log_destination_configset block-
log_destinationrequired - map from string to string -
log_destination_typerequired - string -
log_typerequired - string
-
-
Explanation in Terraform Registry
Provides an AWS Network Firewall Logging Configuration Resource
AWS::NetworkFirewall::LoggingConfiguration (CloudFormation)
The LoggingConfiguration in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::LoggingConfiguration. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
FirewallNameoptional - String -
FirewallArnrequired - String -
LoggingConfigurationrequired - LoggingConfiguration
Explanation in CloudFormation Registry
Use the AWS::NetworkFirewall::LoggingConfiguration to define the destinations and logging options for an AWS::NetworkFirewall::Firewall. You must change the logging configuration by changing one
LogDestinationConfigsetting at a time in yourLogDestinationConfigs. You can make only one of the following changes to your AWS::NetworkFirewall::LoggingConfiguration resource: + Create a new log destination object by adding a singleLogDestinationConfigarray element toLogDestinationConfigs.
Delete a log destination object by removing a single
LogDestinationConfigarray element fromLogDestinationConfigs.Change the
LogDestinationsetting in a singleLogDestinationConfigarray element.You can't change the
LogDestinationTypeorLogTypein aLogDestinationConfig. To change these settings, delete the existingLogDestinationConfigobject and create a new one, in two separate modifications.
Frequently asked questions
What is AWS Network Firewall Logging Configuration?
AWS Network Firewall Logging Configuration is a resource for Network Firewall of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Network Firewall Logging Configuration?
For Terraform, the toddlers/aws-network-firewall-workflow, pete911/eks-cluster and ericdahl/tf-vpc-sandbox source code examples are useful. See the Terraform Example section for further details.
