Feature Request: Support Comprehensive Logging Functionality for AWS WAF

vladholubiev commented 6 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

AWS released a feature for AWS WAF which allows wiring up Kinesis Firehose stream to route all the logs about incoming requests and matched rules.

https://aws.amazon.com/about-aws/whats-new/2018/08/aws-waf-launches-new-comprehensive-logging-functionality/

Screenshot

![image](https://user-images.githubusercontent.com/3817380/44977864-e56b9b80-af71-11e8-884c-a9771247720e.png)

New or Affected Resource(s)

aws_waf_web_acl
aws_wafregional_web_acl

Potential Terraform Configuration

resource "aws_waf_web_acl" "waf_acl" {
  depends_on = [
    "aws_waf_ipset.ipset",
    "aws_waf_rule.wafrule",
  ]

  name        = "tfWebACL"
  metric_name = "tfWebACL"

  logging {
    firehose_stream_arn = "${aws_kinesis_firehose_delivery_stream.test.arn}"

    redacted_fields {
      http_method  = true
      query_string = true
      uri          = true

      headers = [
        "Accept",
        "Content-Type",
      ]
    }
  }

  default_action {
    type = "ALLOW"
  }

  rules {
    action {
      type = "BLOCK"
    }

    priority = 1
    rule_id  = "${aws_waf_rule.wafrule.id}"
    type     = "REGULAR"
  }
}

ghost commented 6 years ago

+1

anilkasu commented 5 years ago

Any update on this enhancement, when can we expect to release this? Any chances including this feature in v0.12?

jgrevich commented 5 years ago

+1

bflad commented 5 years ago

I provided an initial pull request review of #6059 which adds logging support for the aws_waf_web_acl resource and submitted a pull request (#7480) which does the same for the aws_wafregional_web_acl resource.

Any update on this enhancement, when can we expect to release this?

The aws_waf_web_acl resource pull request will be reviewed again when the community contributor has completed the feedback items or the maintainers will finish and release it in two weeks if there is no response. The aws_wafregional_web_acl resource pull request needs another maintainer review and can likely be released next week.

Any chances including this feature in v0.12?

@anilkasu please note since Terraform 0.10, providers are no longer distributed as part of Terraform Core and have their own release cadence. Here are the Terraform AWS Provider CHANGELOG and the Terraform documentation on provider versioning for reference.

bflad commented 5 years ago

Support for a new logging_configuration configuration block has been added to both the aws_waf_web_acl and aws_wafregional_web_acl resources which will release in version 1.59.0 of the Terraform AWS Provider, likely in the next day or two. 👍

bflad commented 5 years ago

This has been released in version 1.59.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashicorp / terraform-provider-aws