Merge pull request #1397 from aligent/feature/DO-1705_WAF_enable_logging

introduce logging to WAF, bumping up to 2.2.0
aligent · Sep 10, 2024 · c4299a1 · c4299a1
2 parents 58c3bc3 + e514d12
commit c4299a1
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/packages/waf/lib/waf.ts b/packages/waf/lib/waf.ts
@@ -1,4 +1,5 @@
-import { aws_wafv2 } from "aws-cdk-lib";
+import { aws_wafv2, RemovalPolicy } from "aws-cdk-lib";
+import { LogGroup, RetentionDays } from "aws-cdk-lib/aws-logs";
 import { Construct } from "constructs";
 
 export const REGIONAL = "REGIONAL";
@@ -76,6 +77,21 @@ export interface WebApplicationFirewallProps {
    * Priority numbers must be equal to or bigger than 30
    */
   postProcessCustomRules?: aws_wafv2.CfnWebACL.RuleProperty[];
+
+  /**
+   * Enable CloudWatch logging. Default: true
+   */
+  enableLogging?: boolean;
+
+  /**
+   * Define CloudWatch log retention period. Default: 1 year
+   */
+  logRetentionDays?: RetentionDays;
+
+  /**
+   * Define CloudWatch log removal policy. Default: RETAIN
+   */
+  logRemovalPolicy?: RemovalPolicy;
 }
 
 export class WebApplicationFirewall extends Construct {
@@ -391,5 +407,22 @@ export class WebApplicationFirewall extends Construct {
         });
       });
     }
+
+    const enableLogging = props.enableLogging ?? true;
+    if (enableLogging) {
+      const wafLogGroup = new LogGroup(this, `WAF-Logs-${this.web_acl.name}`, {
+        retention: props.logRetentionDays
+          ? props.logRetentionDays
+          : RetentionDays.ONE_YEAR,
+        removalPolicy: props.logRemovalPolicy
+          ? props.logRemovalPolicy
+          : RemovalPolicy.RETAIN,
+        logGroupName: `aws-waf-logs-${this.web_acl.name}`,
+      });
+      new aws_wafv2.CfnLoggingConfiguration(this, "CloudWatchLogging", {
+        logDestinationConfigs: [`${wafLogGroup.logGroupArn}`],
+        resourceArn: this.web_acl.attrArn,
+      });
+    }
   }
 }
diff --git a/packages/waf/package.json b/packages/waf/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@aligent/cdk-waf",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "main": "index.js",
   "license": "GPL-3.0-only",
   "homepage": "https://github.com/aligent/aws-cdk-waf-stack#readme",