Terraform-provider-aws: Feature Request: Support Comprehensive Logging Functionality for AWS WAF
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
AWS released a feature for AWS WAF which allows wiring up Kinesis Firehose stream to route all the logs about incoming requests and matched rules.
Screenshot
New or Affected Resource(s)
- aws_waf_web_acl
- aws_wafregional_web_acl
Potential Terraform Configuration
resource "aws_waf_web_acl" "waf_acl" {
depends_on = [
"aws_waf_ipset.ipset",
"aws_waf_rule.wafrule",
]
name = "tfWebACL"
metric_name = "tfWebACL"
logging {
firehose_stream_arn = "${aws_kinesis_firehose_delivery_stream.test.arn}"
redacted_fields {
http_method = true
query_string = true
uri = true
headers = [
"Accept",
"Content-Type",
]
}
}
default_action {
type = "ALLOW"
}
rules {
action {
type = "BLOCK"
}
priority = 1
rule_id = "${aws_waf_rule.wafrule.id}"
type = "REGULAR"
}
}
vladgolubev
All 7 comments
+1
ghost
on 3 Sep 2018
Any update on this enhancement, when can we expect to release this? Any chances including this feature in v0.12?
anilkasu
on 29 Jan 2019
+1
jgrevich
on 7 Feb 2019
I provided an initial pull request review of #6059 which adds logging support for the aws_waf_web_acl resource and submitted a pull request (#7480) which does the same for the aws_wafregional_web_acl resource.
Any update on this enhancement, when can we expect to release this?
The aws_waf_web_acl resource pull request will be reviewed again when the community contributor has completed the feedback items or the maintainers will finish and release it in two weeks if there is no response. The aws_wafregional_web_acl resource pull request needs another maintainer review and can likely be released next week.
Any chances including this feature in v0.12?
@anilkasu please note since Terraform 0.10, providers are no longer distributed as part of Terraform Core and have their own release cadence. Here are the Terraform AWS Provider CHANGELOG and the Terraform documentation on provider versioning for reference.
bflad
on 8 Feb 2019
Support for a new logging_configuration configuration block has been added to both the aws_waf_web_acl and aws_wafregional_web_acl resources which will release in version 1.59.0 of the Terraform AWS Provider, likely in the next day or two. 👍
bflad
on 13 Feb 2019
This has been released in version 1.59.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
bflad
on 15 Feb 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 31 Mar 2020
Related issues
joelittlejohn
·
3Comments
blaltarriba
·
3Comments
carmas
·
3Comments
hashibot
·
3Comments
ghost
·
3Comments
Most helpful comment
Support for a new
logging_configurationconfiguration block has been added to both theaws_waf_web_aclandaws_wafregional_web_aclresources which will release in version 1.59.0 of the Terraform AWS Provider, likely in the next day or two. 👍