api_op_CreateQueryLoggingConfig.go (10452B)
1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package route53 4 5 import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/route53/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12 ) 13 14 // Creates a configuration for DNS query logging. After you create a query logging 15 // configuration, Amazon Route 53 begins to publish log data to an Amazon 16 // CloudWatch Logs log group. DNS query logs contain information about the queries 17 // that Route 53 receives for a specified public hosted zone, such as the 18 // following: 19 // 20 // * Route 53 edge location that responded to the DNS query 21 // 22 // * Domain 23 // or subdomain that was requested 24 // 25 // * DNS record type, such as A or AAAA 26 // 27 // * DNS 28 // response code, such as NoError or ServFail 29 // 30 // Log Group and Resource Policy Before 31 // you create a query logging configuration, perform the following operations. If 32 // you create a query logging configuration using the Route 53 console, Route 53 33 // performs these operations automatically. 34 // 35 // * Create a CloudWatch Logs log group, 36 // and make note of the ARN, which you specify when you create a query logging 37 // configuration. Note the following: 38 // 39 // * You must create the log group in the 40 // us-east-1 region. 41 // 42 // * You must use the same Amazon Web Services account to create 43 // the log group and the hosted zone that you want to configure query logging 44 // for. 45 // 46 // * When you create log groups for query logging, we recommend that you use 47 // a consistent prefix, for example: /aws/route53/hosted zone name In the next 48 // step, you'll create a resource policy, which controls access to one or more log 49 // groups and the associated Amazon Web Services resources, such as Route 53 hosted 50 // zones. There's a limit on the number of resource policies that you can create, 51 // so we recommend that you use a consistent prefix so you can use the same 52 // resource policy for all the log groups that you create for query logging. 53 // 54 // * 55 // Create a CloudWatch Logs resource policy, and give it the permissions that Route 56 // 53 needs to create log streams and to send query logs to log streams. For the 57 // value of Resource, specify the ARN for the log group that you created in the 58 // previous step. To use the same resource policy for all the CloudWatch Logs log 59 // groups that you created for query logging configurations, replace the hosted 60 // zone name with *, for example: 61 // arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the 62 // confused deputy problem, a security issue where an entity without a permission 63 // for an action can coerce a more-privileged entity to perform it, you can 64 // optionally limit the permissions that a service has to a resource in a 65 // resource-based policy by supplying the following values: 66 // 67 // * For aws:SourceArn, 68 // supply the hosted zone ARN used in creating the query logging configuration. For 69 // example, aws:SourceArn: arn:aws:route53:::hostedzone/hosted zone ID. 70 // 71 // * For 72 // aws:SourceAccount, supply the account ID for the account that creates the query 73 // logging configuration. For example, aws:SourceAccount:111111111111. 74 // 75 // For more 76 // information, see The confused deputy problem 77 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html) in the 78 // Amazon Web Services IAM User Guide. You can't use the CloudWatch console to 79 // create or edit a resource policy. You must use the CloudWatch API, one of the 80 // Amazon Web Services SDKs, or the CLI. 81 // 82 // Log Streams and Edge Locations When Route 83 // 53 finishes creating the configuration for DNS query logging, it does the 84 // following: 85 // 86 // * Creates a log stream for an edge location the first time that the 87 // edge location responds to DNS queries for the specified hosted zone. That log 88 // stream is used to log all queries that Route 53 responds to for that edge 89 // location. 90 // 91 // * Begins to send query logs to the applicable log stream. 92 // 93 // The name 94 // of each log stream is in the following format: hosted zone ID/edge location 95 // code The edge location code is a three-letter code and an arbitrarily assigned 96 // number, for example, DFW3. The three-letter code typically corresponds with the 97 // International Air Transport Association airport code for an airport near the 98 // edge location. (These abbreviations might change in the future.) For a list of 99 // edge locations, see "The Route 53 Global Network" on the Route 53 Product 100 // Details (http://aws.amazon.com/route53/details/) page. Queries That Are Logged 101 // Query logs contain only the queries that DNS resolvers forward to Route 53. If a 102 // DNS resolver has already cached the response to a query (such as the IP address 103 // for a load balancer for example.com), the resolver will continue to return the 104 // cached response. It doesn't forward another query to Route 53 until the TTL for 105 // the corresponding resource record set expires. Depending on how many DNS queries 106 // are submitted for a resource record set, and depending on the TTL for that 107 // resource record set, query logs might contain information about only one query 108 // out of every several thousand queries that are submitted to DNS. For more 109 // information about how DNS works, see Routing Internet Traffic to Your Website or 110 // Web Application 111 // (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/welcome-dns-service.html) 112 // in the Amazon Route 53 Developer Guide. Log File Format For a list of the values 113 // in each query log and the format of each value, see Logging DNS Queries 114 // (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html) in 115 // the Amazon Route 53 Developer Guide. Pricing For information about charges for 116 // query logs, see Amazon CloudWatch Pricing 117 // (http://aws.amazon.com/cloudwatch/pricing/). How to Stop Logging If you want 118 // Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging 119 // configuration. For more information, see DeleteQueryLoggingConfig 120 // (https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeleteQueryLoggingConfig.html). 121 func (c *Client) CreateQueryLoggingConfig(ctx context.Context, params *CreateQueryLoggingConfigInput, optFns ...func(*Options)) (*CreateQueryLoggingConfigOutput, error) { 122 if params == nil { 123 params = &CreateQueryLoggingConfigInput{} 124 } 125 126 result, metadata, err := c.invokeOperation(ctx, "CreateQueryLoggingConfig", params, optFns, c.addOperationCreateQueryLoggingConfigMiddlewares) 127 if err != nil { 128 return nil, err 129 } 130 131 out := result.(*CreateQueryLoggingConfigOutput) 132 out.ResultMetadata = metadata 133 return out, nil 134 } 135 136 type CreateQueryLoggingConfigInput struct { 137 138 // The Amazon Resource Name (ARN) for the log group that you want to Amazon Route 139 // 53 to send query logs to. This is the format of the ARN: 140 // arn:aws:logs:region:account-id:log-group:log_group_name To get the ARN for a log 141 // group, you can use the CloudWatch console, the DescribeLogGroups 142 // (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html) 143 // API action, the describe-log-groups 144 // (https://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html) 145 // command, or the applicable command in one of the Amazon Web Services SDKs. 146 // 147 // This member is required. 148 CloudWatchLogsLogGroupArn *string 149 150 // The ID of the hosted zone that you want to log queries for. You can log queries 151 // only for public hosted zones. 152 // 153 // This member is required. 154 HostedZoneId *string 155 156 noSmithyDocumentSerde 157 } 158 159 type CreateQueryLoggingConfigOutput struct { 160 161 // The unique URL representing the new query logging configuration. 162 // 163 // This member is required. 164 Location *string 165 166 // A complex type that contains the ID for a query logging configuration, the ID of 167 // the hosted zone that you want to log queries for, and the ARN for the log group 168 // that you want Amazon Route 53 to send query logs to. 169 // 170 // This member is required. 171 QueryLoggingConfig *types.QueryLoggingConfig 172 173 // Metadata pertaining to the operation's result. 174 ResultMetadata middleware.Metadata 175 176 noSmithyDocumentSerde 177 } 178 179 func (c *Client) addOperationCreateQueryLoggingConfigMiddlewares(stack *middleware.Stack, options Options) (err error) { 180 err = stack.Serialize.Add(&awsRestxml_serializeOpCreateQueryLoggingConfig{}, middleware.After) 181 if err != nil { 182 return err 183 } 184 err = stack.Deserialize.Add(&awsRestxml_deserializeOpCreateQueryLoggingConfig{}, middleware.After) 185 if err != nil { 186 return err 187 } 188 if err = addSetLoggerMiddleware(stack, options); err != nil { 189 return err 190 } 191 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 192 return err 193 } 194 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 195 return err 196 } 197 if err = addResolveEndpointMiddleware(stack, options); err != nil { 198 return err 199 } 200 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 201 return err 202 } 203 if err = addRetryMiddlewares(stack, options); err != nil { 204 return err 205 } 206 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 207 return err 208 } 209 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 210 return err 211 } 212 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 213 return err 214 } 215 if err = addClientUserAgent(stack); err != nil { 216 return err 217 } 218 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 219 return err 220 } 221 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 222 return err 223 } 224 if err = addOpCreateQueryLoggingConfigValidationMiddleware(stack); err != nil { 225 return err 226 } 227 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateQueryLoggingConfig(options.Region), middleware.Before); err != nil { 228 return err 229 } 230 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 231 return err 232 } 233 if err = addResponseErrorMiddleware(stack); err != nil { 234 return err 235 } 236 if err = addSanitizeURLMiddleware(stack); err != nil { 237 return err 238 } 239 if err = addRequestResponseLogging(stack, options); err != nil { 240 return err 241 } 242 return nil 243 } 244 245 func newServiceMetadataMiddleware_opCreateQueryLoggingConfig(region string) *awsmiddleware.RegisterServiceMetadata { 246 return &awsmiddleware.RegisterServiceMetadata{ 247 Region: region, 248 ServiceID: ServiceID, 249 SigningName: "route53", 250 OperationName: "CreateQueryLoggingConfig", 251 } 252 }