# PutLoggingConfiguration
Enables the specified [LoggingConfiguration](API_LoggingConfiguration.md), to start logging from a web ACL, according to the configuration provided.
If you configure data protection for the web ACL, the protection applies to the data that AWS WAF sends to the logs.
**Note**
This operation completely replaces any mutable specifications that you already have for a logging configuration with the ones that you provide to this call.
To modify an existing logging configuration, do the following:
Retrieve it by calling [GetLoggingConfiguration](API_GetLoggingConfiguration.md)
Update its settings as needed
Provide the complete logging configuration specification to this call
**Note**
You can define one logging destination per web ACL.
You can access information about the traffic that AWS WAF inspects using the following steps:
1. Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
The name that you give the destination must start with `aws-waf-logs-`. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see [Logging web ACL traffic](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the * AWS WAF Developer Guide*.
1. Associate your logging destination to your web ACL using a `PutLoggingConfiguration` request.
When you successfully enable logging using a `PutLoggingConfiguration` request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role.
For additional information about web ACL logging, see [Logging web ACL traffic information](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the * AWS WAF Developer Guide*.
## Request Syntax
```
{
"LoggingConfiguration": {
"LogDestinationConfigs": [ "string" ],
"LoggingFilter": {
"DefaultBehavior": "string",
"Filters": [
{
"Behavior": "string",
"Conditions": [
{
"ActionCondition": {
"Action": "string"
},
"LabelNameCondition": {
"LabelName": "string"
}
}
],
"Requirement": "string"
}
]
},
"LogScope": "string",
"LogType": "string",
"ManagedByFirewallManager": boolean,
"RedactedFields": [
{
"AllQueryArguments": {
},
"Body": {
"OversizeHandling": "string"
},
"Cookies": {
"MatchPattern": {
"All": {
},
"ExcludedCookies": [ "string" ],
"IncludedCookies": [ "string" ]
},
"MatchScope": "string",
"OversizeHandling": "string"
},
"HeaderOrder": {
"OversizeHandling": "string"
},
"Headers": {
"MatchPattern": {
"All": {
},
"ExcludedHeaders": [ "string" ],
"IncludedHeaders": [ "string" ]
},
"MatchScope": "string",
"OversizeHandling": "string"
},
"JA3Fingerprint": {
"FallbackBehavior": "string"
},
"JA4Fingerprint": {
"FallbackBehavior": "string"
},
"JsonBody": {
"InvalidFallbackBehavior": "string",
"MatchPattern": {
"All": {
},
"IncludedPaths": [ "string" ]
},
"MatchScope": "string",
"OversizeHandling": "string"
},
"Method": {
},
"QueryString": {
},
"SingleHeader": {
"Name": "string"
},
"SingleQueryArgument": {
"Name": "string"
},
"UriFragment": {
"FallbackBehavior": "string"
},
"UriPath": {
}
}
],
"ResourceArn": "string"
}
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [LoggingConfiguration](#API_PutLoggingConfiguration_RequestSyntax) **
Type: [LoggingConfiguration](API_LoggingConfiguration.md) object
Required: Yes
## Response Syntax
```
{
"LoggingConfiguration": {
"LogDestinationConfigs": [ "string" ],
"LoggingFilter": {
"DefaultBehavior": "string",
"Filters": [
{
"Behavior": "string",
"Conditions": [
{
"ActionCondition": {
"Action": "string"
},
"LabelNameCondition": {
"LabelName": "string"
}
}
],
"Requirement": "string"
}
]
},
"LogScope": "string",
"LogType": "string",
"ManagedByFirewallManager": boolean,
"RedactedFields": [
{
"AllQueryArguments": {
},
"Body": {
"OversizeHandling": "string"
},
"Cookies": {
"MatchPattern": {
"All": {
},
"ExcludedCookies": [ "string" ],
"IncludedCookies": [ "string" ]
},
"MatchScope": "string",
"OversizeHandling": "string"
},
"HeaderOrder": {
"OversizeHandling": "string"
},
"Headers": {
"MatchPattern": {
"All": {
},
"ExcludedHeaders": [ "string" ],
"IncludedHeaders": [ "string" ]
},
"MatchScope": "string",
"OversizeHandling": "string"
},
"JA3Fingerprint": {
"FallbackBehavior": "string"
},
"JA4Fingerprint": {
"FallbackBehavior": "string"
},
"JsonBody": {
"InvalidFallbackBehavior": "string",
"MatchPattern": {
"All": {
},
"IncludedPaths": [ "string" ]
},
"MatchScope": "string",
"OversizeHandling": "string"
},
"Method": {
},
"QueryString": {
},
"SingleHeader": {
"Name": "string"
},
"SingleQueryArgument": {
"Name": "string"
},
"UriFragment": {
"FallbackBehavior": "string"
},
"UriPath": {
}
}
],
"ResourceArn": "string"
}
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [LoggingConfiguration](#API_PutLoggingConfiguration_ResponseSyntax) **
Type: [LoggingConfiguration](API_LoggingConfiguration.md) object
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** WAFFeatureNotIncludedInPricingPlanException **
The operation failed because the specified AWS WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.
** DisallowedFeatures **
The names of the disallowed AWS WAF features.
HTTP Status Code: 400
** WAFInternalErrorException **
Your request is valid, but AWS WAF couldn’t perform the operation because of a system problem. Retry your request.
HTTP Status Code: 500
** WAFInvalidOperationException **
The operation isn't valid.
HTTP Status Code: 400
** WAFInvalidParameterException **
The operation failed because AWS WAF didn't recognize a parameter in the request. For example:
+ You specified a parameter name or value that isn't valid.
+ Your nested statement isn't valid. You might have tried to nest a statement that can’t be nested.
+ You tried to update a `WebACL` with a `DefaultAction` that isn't among the types available at [DefaultAction](API_DefaultAction.md).
+ Your request references an ARN that is malformed, or corresponds to a resource with which a web ACL can't be associated.
** Field **
The settings where the invalid parameter was found.
** Parameter **
The invalid parameter that resulted in the exception.
** Reason **
Additional information about the exception.
HTTP Status Code: 400
** WAFLimitsExceededException **
AWS WAF couldn’t perform the operation because you exceeded your resource limit. For example, the maximum number of `WebACL` objects that you can create for an AWS account. For more information, see [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the * AWS WAF Developer Guide*.
** SourceType **
Source type for the exception.
HTTP Status Code: 400
** WAFLogDestinationPermissionIssueException **
The operation failed because you don't have the permissions that your logging configuration requires. For information, see [Logging web ACL traffic information](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** WAFNonexistentItemException **
AWS WAF couldn’t perform the operation because your resource doesn't exist. If you've just created a resource that you're using in this operation, you might just need to wait a few minutes. It can take from a few seconds to a number of minutes for changes to propagate.
HTTP Status Code: 400
** WAFOptimisticLockException **
AWS WAF couldn’t save your changes because you tried to update or delete a resource that has changed since you last retrieved it. Get the resource again, make any changes you need to make to the new copy, and retry your operation.
HTTP Status Code: 400
** WAFServiceLinkedRoleErrorException **
AWS WAF is not able to access the service linked role. This can be caused by a previous `PutLoggingConfiguration` request, which can lock the service linked role for about 20 seconds. Please try your request again. The service linked role can also be locked by a previous `DeleteServiceLinkedRole` request, which can lock the role for 15 minutes or more. If you recently made a call to `DeleteServiceLinkedRole`, wait at least 15 minutes and try the request again. If you receive this same exception again, you will have to wait additional time until the role is unlocked.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/wafv2-2019-07-29/PutLoggingConfiguration)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/wafv2-2019-07-29/PutLoggingConfiguration)