AWS WAFv2 put-logging-configuration 命令中的多个 RedactedFields

Multiple RedactedFields in AWS WAFv2 put-logging-configuration command

我正在尝试使用 WAFv2 在我们的 Web ACL 上设置日志记录。 我可以使用一个 'RedactedField' 成功 运行 put-logging-configuration 命令,但是我在第一个 header 之后添加更多 header 时遇到问题。

这是有问题的 documentation -- 我不太明白:

The part of a web request that you want AWS WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of a web request, create a separate rule statement for each component.

这是我的有效命令:

 aws --region="us-west-2" wafv2 put-logging-configuration \
 --logging-configuration ResourceArn=${MY_WEB_ACL_ARN},LogDestinationConfigs=${MY_FIREHOSE_DELIVERY_STREAM_ARN},RedactedFields={SingleHeader={Name="cookie"}}

结果如下:

{
    "LoggingConfiguration": {
        "ResourceArn": "{My arn}",
        "LogDestinationConfigs": [
            "{My firehose log stream arn}"
        ],
        "RedactedFields": [
            {
                "SingleHeader": {
                    "Name": "cookie"
                }
            }
        ]
    }
}

我也想修改“授权”header。

我尝试了以下作为 --logging-configuration 的“RedactedFields”部分的一部分:

1) Two SingleHeader statements within brackets
RedactedFields={SingleHeader={Name="cookie"},SingleHeader={Name="cookie"}}
(Results in 'Unknown options' error.)

2) Two sets of brackets with comma
RedactedFields={SingleHeader={Name="cookie"}},{SingleHeader={Name="authorization"}}
Error parsing parameter '--logging-configuration': Expected: '=', received: '{' for input:

3) Two sets of brackets, no comma 
RedactedFields={SingleHeader={Name="cookie"}}{SingleHeader={Name="authorization"}}
Error parsing parameter '--logging-configuration': Expected: ',', received: '{' for input: 

4) Two SingleHeader statements within brackets, no comma
RedactedFields={SingleHeader={Name="cookie"}{SingleHeader={Name="authorization"}}
Error parsing parameter '--logging-configuration': Expected: ',', received: '{' for input:

5) One SingleHeader statement, two headers (Isn't really a SingleHeader anymore, is it?)
RedactedFields={SingleHeader={Name="cookie", "authorization"}}
Unknown options: authorization}}

我在这里弄错了什么?我已经尝试了许多其他方法,包括 [] 方括号、'Name' 的多个实例、'RedactedFields' 的多个实例完全 -- none 工作。

要通过 shorthand-syntax 将多个 SingleHeaders 添加到 RedactedFields,我必须

  • 给每个 SingleHeader 它自己的一组括号
  • 在每个括号组之间添加一个逗号
  • 用方括号括起所有集合
  • 将所有内容用单引号括起来。

例如,如果我想要两个 SingleHeaders,一个用于 'cookie',一个用于 'authorization',我需要对 [=14= 的 RedactedFields 部分使用以下内容]:

RedactedFields='[{SingleHeader={Name="cookie"}},{SingleHeader={Name="authorization"}}]'

总之,如果我们将此添加到 put-logging-configuration,整个命令将是:

aws --region=${MY_REGION} wafv2 put-logging-configuration \
--logging-configuration ResourceArn=${MY_WEB_ACL_ARN},LogDestinationConfigs=${MY_FIREHOSE_DELIVERY_STREAM_ARN},RedactedFields='[{SingleHeader={Name="cookie"}},{SingleHeader={Name="authorization"}}]'

给出以下结果:

{
    "LoggingConfiguration": {
        "ResourceArn": "{my acl arn}",
        "LogDestinationConfigs": [
            "{my firehose log stream arn}"
        ],
        "RedactedFields": [
            {
                "SingleHeader": {
                    "Name": "cookie"
                }
            },
            {
                "SingleHeader": {
                    "Name": "authorization"
                }
            },
        ]
    }
}

此格式可用于任何其他 FieldToMatch,例如 SingleQueryArgument、AllQueryArguments、QueryString、UriPath、Body 等