WAFv2 Apply Kinesis Data Firehouse logging to WebACL in CloudFormation

Question

I'm currently looking at how to build our WAFv2 configuration using CloudFormation. Creating the WebACL and adding rules is fine, but I can't see any option to apply the logging configuration (Logging and Metrics > Logging in the console).   
  
If my Kinesis Data Firehose already exists, then I want to configure each new WebACL to log to this stream, but I can't see any option to configure this? If we can configure it via the console then I would presume that it can be done via CloudFormation.  
  
Has anyone been able to do this? I must be missing something obvious!  
  
Thanks,  
  
Chris

Answer

Hi Chris,  
  
Thank you for posting this question since I have the exact same one. Let me tell you that I've created an AWS support ticket and they replied saying that their engineering team is working on it, but there is no ETA at the moment.  
  
Here's the response I got from AWS:  
  
Good afternoon,  
  
Thanks for contacting AWS Support. It's Dennis from networking team in Sydney. My pleasure to assist you with this case today.  
  
I see that you would like to enable logging for your WAF using CloudFormation. Currently the logging configuration can be enabled and configured with Kinesis Firehose using the awscli commands and via the console. However, there is no way to do it using the CloudFormation scripts.  
  
Our internal teams are striving to achieve logging configuration update through CloudFormation, but with no ETA to provide.  
  
If you have more questions or concerns, please do not hesitate to update the case and our team will be happy to help you.  
  
Best regards,  
  
Dennis L.  
Amazon Web Services  
  
Check out the AWS Support Knowledge Center, a knowledge base of articles and videos that answer customer questions about AWS services: https://aws.amazon.com/premiumsupport/knowledge-center/?icmpid=support_email_category  
  
We value your feedback. Please rate my response using the link below.  
===================================================  
  
To contact us again about this case, please return to the AWS Support Center using the following URL:  
  
https://console.aws.amazon.com/support/home#/case/?displayId=6830558301&language=en  
  
(If you are connecting by federation, log in before following the link.)  
  
*Please note: this e-mail was sent from an address that cannot accept incoming e-mail. Please use the link above if you need to contact us again about this same issue.  
  
====================================================================  
Learn to work with the AWS Cloud. Get started with free online videos and self-paced labs at  
http://aws.amazon.com/training/  
====================================================================  
  
Amazon Web Services, Inc. is an affiliate of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. or its affiliates.

Answer

Thanks Serge,  
  
I'll log a ticket with support as well and push the issue.  
  
Thanks,  
  
Chris

WAFv2 Apply Kinesis Data Firehouse logging to WebACL in CloudFormation

We value your feedback. Please rate my response using the link below.

==================================================================== Learn to work with the AWS Cloud. Get started with free online videos and self-paced labs at http://aws.amazon.com/training/

관련 콘텐츠

====================================================================
Learn to work with the AWS Cloud. Get started with free online videos and self-paced labs at
http://aws.amazon.com/training/