api_op_CreateQueryLoggingConfig.go (12624B)
1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package route53 4 5 import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/service/route53/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12 ) 13 14 // Creates a configuration for DNS query logging. After you create a query logging 15 // configuration, Amazon Route 53 begins to publish log data to an Amazon 16 // CloudWatch Logs log group. 17 // 18 // DNS query logs contain information about the queries that Route 53 receives for 19 // a specified public hosted zone, such as the following: 20 // 21 // - Route 53 edge location that responded to the DNS query 22 // 23 // - Domain or subdomain that was requested 24 // 25 // - DNS record type, such as A or AAAA 26 // 27 // - DNS response code, such as NoError or ServFail 28 // 29 // Log Group and Resource Policy Before you create a query logging configuration, 30 // perform the following operations. 31 // 32 // If you create a query logging configuration using the Route 53 console, Route 33 // 53 performs these operations automatically. 34 // 35 // - Create a CloudWatch Logs log group, and make note of the ARN, which you 36 // specify when you create a query logging configuration. Note the following: 37 // 38 // - You must create the log group in the us-east-1 region. 39 // 40 // - You must use the same Amazon Web Services account to create the log group 41 // and the hosted zone that you want to configure query logging for. 42 // 43 // - When you create log groups for query logging, we recommend that you use a 44 // consistent prefix, for example: 45 // 46 // /aws/route53/hosted zone name 47 // 48 // In the next step, you'll create a resource policy, which controls access to one 49 // 50 // or more log groups and the associated Amazon Web Services resources, such as 51 // Route 53 hosted zones. There's a limit on the number of resource policies that 52 // you can create, so we recommend that you use a consistent prefix so you can use 53 // the same resource policy for all the log groups that you create for query 54 // logging. 55 // 56 // - Create a CloudWatch Logs resource policy, and give it the permissions that 57 // Route 53 needs to create log streams and to send query logs to log streams. You 58 // must create the CloudWatch Logs resource policy in the us-east-1 region. For the 59 // value of Resource , specify the ARN for the log group that you created in the 60 // previous step. To use the same resource policy for all the CloudWatch Logs log 61 // groups that you created for query logging configurations, replace the hosted 62 // zone name with * , for example: 63 // 64 // arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* 65 // 66 // To avoid the confused deputy problem, a security issue where an entity without 67 // 68 // a permission for an action can coerce a more-privileged entity to perform it, 69 // you can optionally limit the permissions that a service has to a resource in a 70 // resource-based policy by supplying the following values: 71 // 72 // - For aws:SourceArn , supply the hosted zone ARN used in creating the query 73 // logging configuration. For example, aws:SourceArn: 74 // arn:aws:route53:::hostedzone/hosted zone ID . 75 // 76 // - For aws:SourceAccount , supply the account ID for the account that creates 77 // the query logging configuration. For example, aws:SourceAccount:111111111111 . 78 // 79 // For more information, see [The confused deputy problem]in the Amazon Web Services IAM User Guide. 80 // 81 // You can't use the CloudWatch console to create or edit a resource policy. You 82 // 83 // must use the CloudWatch API, one of the Amazon Web Services SDKs, or the CLI. 84 // 85 // Log Streams and Edge Locations When Route 53 finishes creating the 86 // configuration for DNS query logging, it does the following: 87 // 88 // - Creates a log stream for an edge location the first time that the edge 89 // location responds to DNS queries for the specified hosted zone. That log stream 90 // is used to log all queries that Route 53 responds to for that edge location. 91 // 92 // - Begins to send query logs to the applicable log stream. 93 // 94 // The name of each log stream is in the following format: 95 // 96 // hosted zone ID/edge location code 97 // 98 // The edge location code is a three-letter code and an arbitrarily assigned 99 // number, for example, DFW3. The three-letter code typically corresponds with the 100 // International Air Transport Association airport code for an airport near the 101 // edge location. (These abbreviations might change in the future.) For a list of 102 // edge locations, see "The Route 53 Global Network" on the [Route 53 Product Details]page. 103 // 104 // Queries That Are Logged Query logs contain only the queries that DNS resolvers 105 // forward to Route 53. If a DNS resolver has already cached the response to a 106 // query (such as the IP address for a load balancer for example.com), the resolver 107 // will continue to return the cached response. It doesn't forward another query to 108 // Route 53 until the TTL for the corresponding resource record set expires. 109 // Depending on how many DNS queries are submitted for a resource record set, and 110 // depending on the TTL for that resource record set, query logs might contain 111 // information about only one query out of every several thousand queries that are 112 // submitted to DNS. For more information about how DNS works, see [Routing Internet Traffic to Your Website or Web Application]in the Amazon 113 // Route 53 Developer Guide. 114 // 115 // Log File Format For a list of the values in each query log and the format of 116 // each value, see [Logging DNS Queries]in the Amazon Route 53 Developer Guide. 117 // 118 // Pricing For information about charges for query logs, see [Amazon CloudWatch Pricing]. 119 // 120 // How to Stop Logging If you want Route 53 to stop sending query logs to 121 // CloudWatch Logs, delete the query logging configuration. For more information, 122 // see [DeleteQueryLoggingConfig]. 123 // 124 // [The confused deputy problem]: https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html 125 // [DeleteQueryLoggingConfig]: https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeleteQueryLoggingConfig.html 126 // [Routing Internet Traffic to Your Website or Web Application]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/welcome-dns-service.html 127 // [Route 53 Product Details]: http://aws.amazon.com/route53/details/ 128 // [Amazon CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/ 129 // [Logging DNS Queries]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html 130 func (c *Client) CreateQueryLoggingConfig(ctx context.Context, params *CreateQueryLoggingConfigInput, optFns ...func(*Options)) (*CreateQueryLoggingConfigOutput, error) { 131 if params == nil { 132 params = &CreateQueryLoggingConfigInput{} 133 } 134 135 result, metadata, err := c.invokeOperation(ctx, "CreateQueryLoggingConfig", params, optFns, c.addOperationCreateQueryLoggingConfigMiddlewares) 136 if err != nil { 137 return nil, err 138 } 139 140 out := result.(*CreateQueryLoggingConfigOutput) 141 out.ResultMetadata = metadata 142 return out, nil 143 } 144 145 type CreateQueryLoggingConfigInput struct { 146 147 // The Amazon Resource Name (ARN) for the log group that you want to Amazon Route 148 // 53 to send query logs to. This is the format of the ARN: 149 // 150 // arn:aws:logs:region:account-id:log-group:log_group_name 151 // 152 // To get the ARN for a log group, you can use the CloudWatch console, the [DescribeLogGroups] API 153 // action, the [describe-log-groups]command, or the applicable command in one of the Amazon Web 154 // Services SDKs. 155 // 156 // [describe-log-groups]: https://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html 157 // [DescribeLogGroups]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html 158 // 159 // This member is required. 160 CloudWatchLogsLogGroupArn *string 161 162 // The ID of the hosted zone that you want to log queries for. You can log queries 163 // only for public hosted zones. 164 // 165 // This member is required. 166 HostedZoneId *string 167 168 noSmithyDocumentSerde 169 } 170 171 type CreateQueryLoggingConfigOutput struct { 172 173 // The unique URL representing the new query logging configuration. 174 // 175 // This member is required. 176 Location *string 177 178 // A complex type that contains the ID for a query logging configuration, the ID 179 // of the hosted zone that you want to log queries for, and the ARN for the log 180 // group that you want Amazon Route 53 to send query logs to. 181 // 182 // This member is required. 183 QueryLoggingConfig *types.QueryLoggingConfig 184 185 // Metadata pertaining to the operation's result. 186 ResultMetadata middleware.Metadata 187 188 noSmithyDocumentSerde 189 } 190 191 func (c *Client) addOperationCreateQueryLoggingConfigMiddlewares(stack *middleware.Stack, options Options) (err error) { 192 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { 193 return err 194 } 195 err = stack.Serialize.Add(&awsRestxml_serializeOpCreateQueryLoggingConfig{}, middleware.After) 196 if err != nil { 197 return err 198 } 199 err = stack.Deserialize.Add(&awsRestxml_deserializeOpCreateQueryLoggingConfig{}, middleware.After) 200 if err != nil { 201 return err 202 } 203 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateQueryLoggingConfig"); err != nil { 204 return fmt.Errorf("add protocol finalizers: %v", err) 205 } 206 207 if err = addlegacyEndpointContextSetter(stack, options); err != nil { 208 return err 209 } 210 if err = addSetLoggerMiddleware(stack, options); err != nil { 211 return err 212 } 213 if err = addClientRequestID(stack); err != nil { 214 return err 215 } 216 if err = addComputeContentLength(stack); err != nil { 217 return err 218 } 219 if err = addResolveEndpointMiddleware(stack, options); err != nil { 220 return err 221 } 222 if err = addComputePayloadSHA256(stack); err != nil { 223 return err 224 } 225 if err = addRetry(stack, options); err != nil { 226 return err 227 } 228 if err = addRawResponseToMetadata(stack); err != nil { 229 return err 230 } 231 if err = addRecordResponseTiming(stack); err != nil { 232 return err 233 } 234 if err = addSpanRetryLoop(stack, options); err != nil { 235 return err 236 } 237 if err = addClientUserAgent(stack, options); err != nil { 238 return err 239 } 240 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 241 return err 242 } 243 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 244 return err 245 } 246 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { 247 return err 248 } 249 if err = addTimeOffsetBuild(stack, c); err != nil { 250 return err 251 } 252 if err = addUserAgentRetryMode(stack, options); err != nil { 253 return err 254 } 255 if err = addCredentialSource(stack, options); err != nil { 256 return err 257 } 258 if err = addOpCreateQueryLoggingConfigValidationMiddleware(stack); err != nil { 259 return err 260 } 261 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateQueryLoggingConfig(options.Region), middleware.Before); err != nil { 262 return err 263 } 264 if err = addRecursionDetection(stack); err != nil { 265 return err 266 } 267 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 268 return err 269 } 270 if err = addResponseErrorMiddleware(stack); err != nil { 271 return err 272 } 273 if err = addSanitizeURLMiddleware(stack); err != nil { 274 return err 275 } 276 if err = addRequestResponseLogging(stack, options); err != nil { 277 return err 278 } 279 if err = addDisableHTTPSMiddleware(stack, options); err != nil { 280 return err 281 } 282 if err = addInterceptBeforeRetryLoop(stack, options); err != nil { 283 return err 284 } 285 if err = addInterceptAttempt(stack, options); err != nil { 286 return err 287 } 288 if err = addInterceptExecution(stack, options); err != nil { 289 return err 290 } 291 if err = addInterceptBeforeSerialization(stack, options); err != nil { 292 return err 293 } 294 if err = addInterceptAfterSerialization(stack, options); err != nil { 295 return err 296 } 297 if err = addInterceptBeforeSigning(stack, options); err != nil { 298 return err 299 } 300 if err = addInterceptAfterSigning(stack, options); err != nil { 301 return err 302 } 303 if err = addInterceptTransmit(stack, options); err != nil { 304 return err 305 } 306 if err = addInterceptBeforeDeserialization(stack, options); err != nil { 307 return err 308 } 309 if err = addInterceptAfterDeserialization(stack, options); err != nil { 310 return err 311 } 312 if err = addSpanInitializeStart(stack); err != nil { 313 return err 314 } 315 if err = addSpanInitializeEnd(stack); err != nil { 316 return err 317 } 318 if err = addSpanBuildRequestStart(stack); err != nil { 319 return err 320 } 321 if err = addSpanBuildRequestEnd(stack); err != nil { 322 return err 323 } 324 return nil 325 } 326 327 func newServiceMetadataMiddleware_opCreateQueryLoggingConfig(region string) *awsmiddleware.RegisterServiceMetadata { 328 return &awsmiddleware.RegisterServiceMetadata{ 329 Region: region, 330 ServiceID: ServiceID, 331 OperationName: "CreateQueryLoggingConfig", 332 } 333 }