SetLogDeliveryConfiguration
Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.
Request Syntax
{
   "LogConfigurations": [ 
      { 
         "CloudWatchLogsConfiguration": { 
            "LogGroupArn": "string"
         },
         "EventSource": "string",
         "FirehoseConfiguration": { 
            "StreamArn": "string"
         },
         "LogLevel": "string",
         "S3Configuration": { 
            "BucketArn": "string"
         }
      }
   ],
   "UserPoolId": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- LogConfigurations
- 
               A collection of the logging configurations for a user pool. Type: Array of LogConfigurationType objects Array Members: Minimum number of 0 items. Maximum number of 2 items. Required: Yes 
- UserPoolId
- 
               The ID of the user pool where you want to configure logging. Type: String Length Constraints: Minimum length of 1. Maximum length of 55. Pattern: [\w-]+_[0-9a-zA-Z]+Required: Yes 
Response Syntax
{
   "LogDeliveryConfiguration": { 
      "LogConfigurations": [ 
         { 
            "CloudWatchLogsConfiguration": { 
               "LogGroupArn": "string"
            },
            "EventSource": "string",
            "FirehoseConfiguration": { 
               "StreamArn": "string"
            },
            "LogLevel": "string",
            "S3Configuration": { 
               "BucketArn": "string"
            }
         }
      ],
      "UserPoolId": "string"
   }
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- LogDeliveryConfiguration
- 
               The logging configuration that you applied to the requested user pool. Type: LogDeliveryConfigurationType object 
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalErrorException
- 
               This exception is thrown when Amazon Cognito encounters an internal error. - message
- 
                        The message returned when Amazon Cognito throws an internal error exception. 
 HTTP Status Code: 500 
- InvalidParameterException
- 
               This exception is thrown when the Amazon Cognito service encounters an invalid parameter. - message
- 
                        The message returned when the Amazon Cognito service throws an invalid parameter exception. 
- reasonCode
- 
                        The reason code of the exception. 
 HTTP Status Code: 400 
- NotAuthorizedException
- 
               This exception is thrown when a user isn't authorized. - message
- 
                        The message returned when the Amazon Cognito service returns a not authorized exception. 
 HTTP Status Code: 400 
- ResourceNotFoundException
- 
               This exception is thrown when the Amazon Cognito service can't find the requested resource. - message
- 
                        The message returned when the Amazon Cognito service returns a resource not found exception. 
 HTTP Status Code: 400 
- TooManyRequestsException
- 
               This exception is thrown when the user has made too many requests for a given operation. - message
- 
                        The message returned when the Amazon Cognito service returns a too many requests exception. 
 HTTP Status Code: 400 
Examples
Example
A SetLogDeliveryConfiguration request that exports
                        userNotification logs to a log group and
                        userAuthEvents logs to an Amazon S3 bucket.
Sample Request
POST HTTP/1.1
Host: cognito-idp.us-east-1.amazonaws.com
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
{
    "LogConfigurations": [
        {
            "CloudWatchLogsConfiguration": {
                "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
            },
            "EventSource": "userNotification",
            "LogLevel": "ERROR"
        },
        {
            "EventSource": "userAuthEvents",
            "LogLevel": "INFO",
            "S3Configuration": {
                "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1"
            }
        }
    ],
    "UserPoolId": "us-west-2_EXAMPLE"
}Sample Response
HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
{
   "LogDeliveryConfiguration": {
      "LogConfigurations": [
        {
            "CloudWatchLogsConfiguration": {
                "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
            },
            "EventSource": "userNotification",
            "LogLevel": "ERROR"
        },
        {
            "EventSource": "userAuthEvents",
            "LogLevel": "INFO",
            "S3Configuration": {
                "BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1"
            }
        }
    ],
    "UserPoolId": "us-west-2_EXAMPLE"
   }
}Example
A SetLogDeliveryConfiguration request that exports
                        userAuthEvents events to a Firehose stream and
                        userNotification events to a CloudWatch log group.
Sample Request
POST HTTP/1.1
Host: cognito-idp.us-west-2.amazonaws.com
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
{
   "LogConfigurations": [
      {
         "EventSource": "userAuthEvents",
         "FirehoseConfiguration": {
            "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported"
         },
         "LogLevel": "INFO"
      }
   ],
   [ 
      { 
         "CloudWatchLogsConfiguration": { 
            "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported"
         },
         "EventSource": "userNotification",
         "LogLevel": "ERROR"
      }
   ],
   "UserPoolId": "us-west-2_EXAMPLE"
}Sample Response
HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
{
    "LogDeliveryConfiguration": {
        "LogConfigurations": [
            {
                "CloudWatchLogsConfiguration": {
                    "LogGroupArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported"
                },
                "EventSource": "userNotification",
                "LogLevel": "ERROR"
            },
            {
                "EventSource": "userAuthEvents",
                "FirehoseConfiguration": {
                    "StreamArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported"
                },
                "LogLevel": "INFO"
            }
        ],
        "UserPoolId": "us-west-2_EXAMPLE"
    }
}See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: