I'm trying to set up logging on our Web ACL with WAFv2.
I can successfully run the put-logging-configuration command with one 'RedactedField', but I am having issue adding more headers after the first one.
Here is the documentation in question -- I can't quite get my head around it:
The part of a web request that you want AWS WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of a web request, create a separate rule statement for each component.
Here is my command which works:
aws --region="us-west-2" wafv2 put-logging-configuration \
--logging-configuration ResourceArn=${MY_WEB_ACL_ARN},LogDestinationConfigs=${MY_FIREHOSE_DELIVERY_STREAM_ARN},RedactedFields={SingleHeader={Name="cookie"}}
This gives the following result:
{
"LoggingConfiguration": {
"ResourceArn": "{My arn}",
"LogDestinationConfigs": [
"{My firehose log stream arn}"
],
"RedactedFields": [
{
"SingleHeader": {
"Name": "cookie"
}
}
]
}
}
I also wish to redact the "authorization" header.
I have tried the following as part of "RedactedFields" portion of --logging-configuration:
1) Two SingleHeader statements within brackets
RedactedFields={SingleHeader={Name="cookie"},SingleHeader={Name="cookie"}}
(Results in 'Unknown options' error.)
2) Two sets of brackets with comma
RedactedFields={SingleHeader={Name="cookie"}},{SingleHeader={Name="authorization"}}
Error parsing parameter '--logging-configuration': Expected: '=', received: '{' for input:
3) Two sets of brackets, no comma
RedactedFields={SingleHeader={Name="cookie"}}{SingleHeader={Name="authorization"}}
Error parsing parameter '--logging-configuration': Expected: ',', received: '{' for input:
4) Two SingleHeader statements within brackets, no comma
RedactedFields={SingleHeader={Name="cookie"}{SingleHeader={Name="authorization"}}
Error parsing parameter '--logging-configuration': Expected: ',', received: '{' for input:
5) One SingleHeader statement, two headers (Isn't really a SingleHeader anymore, is it?)
RedactedFields={SingleHeader={Name="cookie", "authorization"}}
Unknown options: authorization}}
What am I getting wrong here? I've tried many other ways including [] square brackets, multiple instances of 'Name', multiple instances of 'RedactedFields' entirely -- none work.
To add multiple SingleHeaders to RedactedFields via shorthand-syntax, I had to
For example, if I wanted two SingleHeaders, one for 'cookie' and one for 'authorization', I would need to use the following for the
RedactedFieldsportion of--logging-configuration:In conclusion, if we add this to put-logging-configuration, the whole command would be:
Giving the following result:
This formatting can be used for any other FieldToMatch, such as SingleQueryArgument, AllQueryArguments, QueryString, UriPath, Body, etc.