amazon / amazon.cloud / 0.4.0 / module / wafv2_logging_configuration Creates and manages an association between logging destinations and a web ACL resource | "added in version" 0.3.0 of amazon.cloud" Authors: Ansible Cloud Team (@ansible-collections)amazon.cloud.wafv2_logging_configuration (0.4.0) — module
Install with ansible-galaxy collection install amazon.cloud:==0.4.0
collections: - name: amazon.cloud version: 0.4.0
Creates and manages an association between logging destinations and a web ACL resource, for logging from AWS WAF.
For more information see U(https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html).
wait: default: false description: - Wait for operation to complete before returning. type: bool force: default: false description: - Cancel IN_PROGRESS and PENDING resource requestes. - Because you can only perform a single operation on a given resource at a time, there might be cases where you need to cancel the current resource operation to make the resource available so that another operation may be performed on it. type: bool state: choices: - present - absent - list - describe - get default: present description: - Goal state for resource. - I(state=present) creates the resource if it doesn't exist, or updates to the provided state if the resource already exists. - I(state=absent) ensures an existing instance is deleted. - I(state=list) get all the existing resources. - I(state=describe) or I(state=get) retrieves information on an existing resource. type: str region: aliases: - aws_region - ec2_region description: - The AWS region to use. - For global services such as IAM, Route53 and CloudFront, I(region) is ignored. - The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used. - See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). - The C(ec2_region) alias has been deprecated and will be removed in a release after 2024-12-01 - Support for the C(EC2_REGION) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str profile: aliases: - aws_profile description: - A named AWS profile to use for authentication. - See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html). - The C(AWS_PROFILE) environment variable may also be used. - The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key) and I(security_token) options. type: str access_key: aliases: - aws_access_key_id - aws_access_key - ec2_access_key description: - AWS access key ID. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables may also be used in decreasing order of preference. - The I(aws_access_key) and I(profile) options are mutually exclusive. - The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_access_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). type: dict secret_key: aliases: - aws_secret_access_key - aws_secret_key - ec2_secret_key description: - AWS secret access key. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment variables may also be used in decreasing order of preference. - The I(secret_key) and I(profile) options are mutually exclusive. - The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_secret_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str endpoint_url: aliases: - ec2_url - aws_endpoint_url - s3_url description: - URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. - The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing order of preference. - The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_URL) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str resource_arn: description: - The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs. type: str wait_timeout: default: 320 description: - How many seconds to wait for an operation to complete before timing out. type: int aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - The C(AWS_CA_BUNDLE) environment variable may also be used. type: path session_token: aliases: - aws_session_token - security_token - aws_security_token - access_token description: - AWS STS session token for use with temporary credentials. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment variables may also be used in decreasing order of preference. - The I(security_token) and I(profile) options are mutually exclusive. - Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with the parameter being renamed from I(security_token) to I(session_token) in release 6.0.0. - The I(security_token), I(aws_security_token), and I(access_token) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables has been deprecated and will be removed in a release after 2024-12-01. type: str logging_filter: description: - Filtering that specifies which web requests are kept in the logs and which are dropped. - You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. suboptions: default_behavior: choices: - DROP - KEEP description: - Default handling for logs that dont match any of the specified filtering conditions. type: str filters: description: - The filters that you want to apply to the logs. elements: dict suboptions: behavior: choices: - DROP - KEEP description: - How to handle logs that satisfy the filters conditions and requirement. type: str conditions: description: - Match conditions for the filter. elements: dict suboptions: action_condition: description: - A single action condition. suboptions: action: choices: - ALLOW - BLOCK - CAPTCHA - CHALLENGE - COUNT - EXCLUDED_AS_COUNT description: - Logic to apply to the filtering conditions. - You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. type: str type: dict label_name_condition: description: - A single label name condition. suboptions: label_name: description: - The label name that a log record must contain in order to meet the condition. - This must be a fully qualified label name. - Fully qualified labels have a prefix, optional namespaces, and label name. - The prefix identifies the rule group or web ACL context of the rule that added the label. type: str type: dict type: list requirement: choices: - MEETS_ALL - MEETS_ANY description: - Logic to apply to the filtering conditions. - You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. type: str type: list type: dict validate_certs: default: true description: - When set to C(false), SSL certificates will not be validated for communication with the AWS APIs. - Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider setting I(aws_ca_bundle) instead. type: bool redacted_fields: description: - A key-value pair to associate with a resource. elements: dict suboptions: json_body: description: - Inspect the request body as JSON. The request body immediately follows the request headers. - This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. suboptions: invalid_fallback_behavior: choices: - EVALUATE_AS_STRING - MATCH - NO_MATCH description: - What AWS WAF should do if it fails to completely parse the JSON body. type: str match_pattern: description: - The patterns to look for in the JSON body. - AWS WAF inspects the results of these pattern matches against the rule inspection criteria. suboptions: all: description: - Match all of the elements. - See also I(match_scope) in I(json_body). - You must specify either this setting or the I(included_paths) setting, but not both. type: dict included_paths: description: - Match only the specified include paths. - See also I(match_scope) in I(json_body). elements: str type: list type: dict match_scope: choices: - ALL - KEY - VALUE description: - The parts of the JSON to match against using the I(match_pattern). - If you specify All, AWS WAF matches against keys and values. type: str type: dict method: description: - Inspect the HTTP method. - The method indicates the type of operation that the request is asking the origin to perform. type: dict query_string: description: - Inspect the query string. - This is the part of a URL that appears after a ? character, if any. type: dict single_header: description: - Inspect a single header. - Provide the name of the header to inspect, for example, User-Agent or Referer. - This setting isnt case sensitive. suboptions: name: description: - The name of the query header to inspect. type: str type: dict uri_path: description: - Inspect the request URI path. - This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg. type: dict type: list log_destination_configs: description: - The Amazon Resource Names (ARNs) of the logging destinations that you want to associate with the web ACL. elements: str type: list debug_botocore_endpoint_logs: default: false description: - Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action") API calls made during a task, outputing the set to the resource_actions key in the task results. Use the C(aws_resource_action) callback to output to total list made during a playbook. - The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used. type: bool
result: contains: identifier: description: The unique identifier of the resource. type: str properties: description: The resource properties. type: dict description: - When I(state=list), it is a list containing dictionaries of resource information. - Otherwise, it is a dictionary of resource information. - When I(state=absent), it is an empty dictionary. returned: always type: complex