Skip to content
Alchemy
GitHubXDiscord

LoggingConfiguration

The LoggingConfiguration resource allows you to manage AWS NetworkFirewall LoggingConfigurations for your network firewall, enabling you to configure logging settings for your firewall traffic.

Minimal Example

Section titled “Minimal Example”

Create a basic LoggingConfiguration for a network firewall with essential properties:

import AWS from "alchemy/aws/control";


const loggingConfig = await AWS.NetworkFirewall.LoggingConfiguration("basicLoggingConfig", {
  FirewallArn: "arn:aws:network-firewall:us-east-1:123456789012:firewall/my-firewall",
  LoggingConfiguration: {
    LogDestinationConfigs: [
      {
        LogDestinationType: "S3",
        LogDestination: {
          S3: {
            BucketName: "my-logging-bucket",
            Prefix: "firewall-logs/"
          }
        },
        LogType: ["ALERT", "FLOW"]
      }
    ]
  }
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a LoggingConfiguration with additional logging options for detailed monitoring:

const advancedLoggingConfig = await AWS.NetworkFirewall.LoggingConfiguration("advancedLoggingConfig", {
  FirewallArn: "arn:aws:network-firewall:us-east-1:123456789012:firewall/my-advanced-firewall",
  LoggingConfiguration: {
    LogDestinationConfigs: [
      {
        LogDestinationType: "CloudWatch",
        LogDestination: {
          CloudWatch: {
            LogGroupName: "my-firewall-logs",
            LogStreamName: "firewall-log-stream"
          }
        },
        LogType: ["ALERT", "FLOW", "INSPECTION"]
      },
      {
        LogDestinationType: "Kinesis",
        LogDestination: {
          Kinesis: {
            StreamName: "my-logs-kinesis-stream"
          }
        },
        LogType: ["ALERT", "FLOW"]
      }
    ]
  }
});

Adoption of Existing Configuration

Section titled “Adoption of Existing Configuration”

If you want to adopt an existing LoggingConfiguration without failing when it already exists, set the adopt property to true:

const adoptExistingConfig = await AWS.NetworkFirewall.LoggingConfiguration("adoptExistingConfig", {
  FirewallArn: "arn:aws:network-firewall:us-east-1:123456789012:firewall/my-existing-firewall",
  LoggingConfiguration: {
    LogDestinationConfigs: [
      {
        LogDestinationType: "S3",
        LogDestination: {
          S3: {
            BucketName: "existing-logging-bucket",
            Prefix: "existing-firewall-logs/"
          }
        },
        LogType: ["ALERT"]
      }
    ]
  },
  adopt: true
});