Cloudformation-coverage-roadmap: AWS::WAFv2::WebACL-LoggingConfigration
1. Title
AWS::WAFv2::WebACL-LoggingConfigration
2. Scope of request
AWS::WAFv2::WebACL-LoggingConfiguration - can create resource via API, but not via CloudFormation
3. Expected behavior
There is no option to configure the default IAM role used for WAFv2 Logging. The resource should automatically create the role when logging configuration is set
4. Suggest specific test cases
N/A
5. Helpful Links to speed up research and evaluation
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html
https://docs.aws.amazon.com/cli/latest/reference/wafv2/put-logging-configuration.html
6. Category (required)
- Security (IAM, KMS...)
kenshinuesugi
All 13 comments
Please add LoggingConfiguration to AWS::WAF::WebACL and AWS::WAFRegional::WebACL too !
@kenshinuesugi can you correct the typo of LoggingConfiguration in the issue title and "2. Scope" content please ? It will be easier to search ^^
darylounet
on 12 Feb 2020
Please add LoggingConfiguration to AWS::WAF::WebACL and AWS::WAFRegional::WebACL too !
@kenshinuesugi can you correct the typo of LoggingConfiguration in the issue title and "2. Scope" content please ? It will be easier to search ^^
Thanks for that! All done.
kenshinuesugi
on 12 Feb 2020
Any update on this?
Juberstine
on 1 May 2020
Please add LoggingConfiguration to AWS::WAF::WebACL and AWS::WAFRegional::WebACL too !
Seriously, can we please get this?
I'm stuck using an older version of Terraform which doesn't fully support AWS WAFv2. No problem, I thought, I'll just include a Cloudformation Stack inside my TF. Wrong! No support for linking WAFv2 with Kinesis Firehose in Cloudformation either!
So far the only solutions I've found to programmatically do this are either using the WAF API, or involving lambdas as explained here: https://aws.amazon.com/blogs/security/enable-automatic-logging-of-web-acls-by-using-aws-config/ Unfortunately this is far more involved than my project needs at the moment.
Haalia
on 1 Jul 2020
Please add LoggingConfiguration to AWS::WAF::WebACL and AWS::WAFRegional::WebACL too !
Seriously, can we please get this?
I'm stuck using an older version of Terraform which doesn't fully support AWS WAFv2. No problem, I thought, I'll just include a Cloudformation Stack inside my TF. Wrong! No support for linking WAFv2 with Kinesis Firehose in Cloudformation either!So far the only solutions I've found to programmatically do this are either using the WAF API, or involving lambdas as explained here: https://aws.amazon.com/blogs/security/enable-automatic-logging-of-web-acls-by-using-aws-config/ Unfortunately this is far more involved than my project needs at the moment.
Disregard, I now see that the very recently released AWS provider 2.68.0 fixes this issue! https://github.com/terraform-providers/terraform-provider-aws/releases/tag/v2.68.0
Haalia
on 2 Jul 2020
+1 we would love to use this feature in the future
AljoschaDembowsky2909
on 25 Feb 2021
Would love to use this feature +1
ElijahGlover
on 24 Mar 2021
This feature would be great to have at AWS CDK level also.
nicohartto
on 24 Mar 2021
Yes, Would love to use this feature at the AWS CDK level.
pavana21
on 24 Mar 2021
this would be really good to have on the aws cdk level
gbooth27
on 27 Mar 2021
Upvote
johnkoehn
on 15 Apr 2021
This feature should really be implemented, you should not have to jump through Lambda hoops and whatnot to enable logging (especially on security services!)...
EBeureux
on 26 Apr 2021
Hey all - I have written a private resource for this feature, which will help you in deploying WAFv2 WebACL LoggingConfiguration using Cloudformation. The code is here. You can download the code and submit it to Cloudformation Registry as a Private Resource. (I have also provided instructions to do this).
Feedback, suggestions are welcome!
advaj
on 7 Jun 2021
Related issues
ghost
路
4Comments
msaggar
路
3Comments
TheDanBlanco
路
3Comments
luiseduardocolon
路
4Comments
johnkoehn
路
3Comments
Most helpful comment
Any update on this?