By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

WAFv2 Apply Kinesis Data Firehouse logging to WebACL in CloudFormation

0

I'm currently looking at how to build our WAFv2 configuration using CloudFormation. Creating the WebACL and adding rules is fine, but I can't see any option to apply the logging configuration (Logging and Metrics > Logging in the console).

If my Kinesis Data Firehose already exists, then I want to configure each new WebACL to log to this stream, but I can't see any option to configure this? If we can configure it via the console then I would presume that it can be done via CloudFormation.

Has anyone been able to do this? I must be missing something obvious!

Thanks,

Chris

Topics
AnalyticsInternet of Things (IoT)
Tags
Amazon Kinesis
Language
English
ChrisAC
asked 4 years ago264 views
2 Answers
0

Hi Chris,

Thank you for posting this question since I have the exact same one. Let me tell you that I've created an AWS support ticket and they replied saying that their engineering team is working on it, but there is no ETA at the moment.

Here's the response I got from AWS:

Good afternoon,

Thanks for contacting AWS Support. It's Dennis from networking team in Sydney. My pleasure to assist you with this case today.

I see that you would like to enable logging for your WAF using CloudFormation. Currently the logging configuration can be enabled and configured with Kinesis Firehose using the awscli commands and via the console. However, there is no way to do it using the CloudFormation scripts.

Our internal teams are striving to achieve logging configuration update through CloudFormation, but with no ETA to provide.

If you have more questions or concerns, please do not hesitate to update the case and our team will be happy to help you.

Best regards,

Dennis L.
Amazon Web Services

Check out the AWS Support Knowledge Center, a knowledge base of articles and videos that answer customer questions about AWS services: https://aws.amazon.com/premiumsupport/knowledge-center/?icmpid=support_email_category

We value your feedback. Please rate my response using the link below.

To contact us again about this case, please return to the AWS Support Center using the following URL:

https://console.aws.amazon.com/support/home#/case/?displayId=6830558301&language=en

(If you are connecting by federation, log in before following the link.)

*Please note: this e-mail was sent from an address that cannot accept incoming e-mail. Please use the link above if you need to contact us again about this same issue.

====================================================================
Learn to work with the AWS Cloud. Get started with free online videos and self-paced labs at
http://aws.amazon.com/training/

Amazon Web Services, Inc. is an affiliate of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. or its affiliates.

SergeP
answered 4 years ago
0

Thanks Serge,

I'll log a ticket with support as well and push the issue.

Thanks,

Chris

ChrisAC
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content