api_op_CreateQueryLoggingConfig.go (10861B)
1 // Code generated by smithy-go-codegen DO NOT EDIT. 2 3 package route53 4 5 import ( 6 "context" 7 "fmt" 8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 9 "github.com/aws/aws-sdk-go-v2/service/route53/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12 ) 13 14 // Creates a configuration for DNS query logging. After you create a query logging 15 // configuration, Amazon Route 53 begins to publish log data to an Amazon 16 // CloudWatch Logs log group. DNS query logs contain information about the queries 17 // that Route 53 receives for a specified public hosted zone, such as the 18 // following: 19 // - Route 53 edge location that responded to the DNS query 20 // - Domain or subdomain that was requested 21 // - DNS record type, such as A or AAAA 22 // - DNS response code, such as NoError or ServFail 23 // 24 // Log Group and Resource Policy Before you create a query logging configuration, 25 // perform the following operations. If you create a query logging configuration 26 // using the Route 53 console, Route 53 performs these operations automatically. 27 // - Create a CloudWatch Logs log group, and make note of the ARN, which you 28 // specify when you create a query logging configuration. Note the following: 29 // - You must create the log group in the us-east-1 region. 30 // - You must use the same Amazon Web Services account to create the log group 31 // and the hosted zone that you want to configure query logging for. 32 // - When you create log groups for query logging, we recommend that you use a 33 // consistent prefix, for example: /aws/route53/hosted zone name In the next 34 // step, you'll create a resource policy, which controls access to one or more log 35 // groups and the associated Amazon Web Services resources, such as Route 53 hosted 36 // zones. There's a limit on the number of resource policies that you can create, 37 // so we recommend that you use a consistent prefix so you can use the same 38 // resource policy for all the log groups that you create for query logging. 39 // - Create a CloudWatch Logs resource policy, and give it the permissions that 40 // Route 53 needs to create log streams and to send query logs to log streams. For 41 // the value of Resource , specify the ARN for the log group that you created in 42 // the previous step. To use the same resource policy for all the CloudWatch Logs 43 // log groups that you created for query logging configurations, replace the hosted 44 // zone name with * , for example: 45 // arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/* To avoid the 46 // confused deputy problem, a security issue where an entity without a permission 47 // for an action can coerce a more-privileged entity to perform it, you can 48 // optionally limit the permissions that a service has to a resource in a 49 // resource-based policy by supplying the following values: 50 // - For aws:SourceArn , supply the hosted zone ARN used in creating the query 51 // logging configuration. For example, aws:SourceArn: 52 // arn:aws:route53:::hostedzone/hosted zone ID . 53 // - For aws:SourceAccount , supply the account ID for the account that creates 54 // the query logging configuration. For example, aws:SourceAccount:111111111111 . 55 // For more information, see The confused deputy problem (https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html) 56 // in the Amazon Web Services IAM User Guide. You can't use the CloudWatch console 57 // to create or edit a resource policy. You must use the CloudWatch API, one of the 58 // Amazon Web Services SDKs, or the CLI. 59 // 60 // Log Streams and Edge Locations When Route 53 finishes creating the 61 // configuration for DNS query logging, it does the following: 62 // - Creates a log stream for an edge location the first time that the edge 63 // location responds to DNS queries for the specified hosted zone. That log stream 64 // is used to log all queries that Route 53 responds to for that edge location. 65 // - Begins to send query logs to the applicable log stream. 66 // 67 // The name of each log stream is in the following format: hosted zone ID/edge 68 // location code The edge location code is a three-letter code and an arbitrarily 69 // assigned number, for example, DFW3. The three-letter code typically corresponds 70 // with the International Air Transport Association airport code for an airport 71 // near the edge location. (These abbreviations might change in the future.) For a 72 // list of edge locations, see "The Route 53 Global Network" on the Route 53 73 // Product Details (http://aws.amazon.com/route53/details/) page. Queries That Are 74 // Logged Query logs contain only the queries that DNS resolvers forward to Route 75 // 53. If a DNS resolver has already cached the response to a query (such as the IP 76 // address for a load balancer for example.com), the resolver will continue to 77 // return the cached response. It doesn't forward another query to Route 53 until 78 // the TTL for the corresponding resource record set expires. Depending on how many 79 // DNS queries are submitted for a resource record set, and depending on the TTL 80 // for that resource record set, query logs might contain information about only 81 // one query out of every several thousand queries that are submitted to DNS. For 82 // more information about how DNS works, see Routing Internet Traffic to Your 83 // Website or Web Application (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/welcome-dns-service.html) 84 // in the Amazon Route 53 Developer Guide. Log File Format For a list of the values 85 // in each query log and the format of each value, see Logging DNS Queries (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html) 86 // in the Amazon Route 53 Developer Guide. Pricing For information about charges 87 // for query logs, see Amazon CloudWatch Pricing (http://aws.amazon.com/cloudwatch/pricing/) 88 // . How to Stop Logging If you want Route 53 to stop sending query logs to 89 // CloudWatch Logs, delete the query logging configuration. For more information, 90 // see DeleteQueryLoggingConfig (https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeleteQueryLoggingConfig.html) 91 // . 92 func (c *Client) CreateQueryLoggingConfig(ctx context.Context, params *CreateQueryLoggingConfigInput, optFns ...func(*Options)) (*CreateQueryLoggingConfigOutput, error) { 93 if params == nil { 94 params = &CreateQueryLoggingConfigInput{} 95 } 96 97 result, metadata, err := c.invokeOperation(ctx, "CreateQueryLoggingConfig", params, optFns, c.addOperationCreateQueryLoggingConfigMiddlewares) 98 if err != nil { 99 return nil, err 100 } 101 102 out := result.(*CreateQueryLoggingConfigOutput) 103 out.ResultMetadata = metadata 104 return out, nil 105 } 106 107 type CreateQueryLoggingConfigInput struct { 108 109 // The Amazon Resource Name (ARN) for the log group that you want to Amazon Route 110 // 53 to send query logs to. This is the format of the ARN: 111 // arn:aws:logs:region:account-id:log-group:log_group_name To get the ARN for a log 112 // group, you can use the CloudWatch console, the DescribeLogGroups (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html) 113 // API action, the describe-log-groups (https://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html) 114 // command, or the applicable command in one of the Amazon Web Services SDKs. 115 // 116 // This member is required. 117 CloudWatchLogsLogGroupArn *string 118 119 // The ID of the hosted zone that you want to log queries for. You can log queries 120 // only for public hosted zones. 121 // 122 // This member is required. 123 HostedZoneId *string 124 125 noSmithyDocumentSerde 126 } 127 128 type CreateQueryLoggingConfigOutput struct { 129 130 // The unique URL representing the new query logging configuration. 131 // 132 // This member is required. 133 Location *string 134 135 // A complex type that contains the ID for a query logging configuration, the ID 136 // of the hosted zone that you want to log queries for, and the ARN for the log 137 // group that you want Amazon Route 53 to send query logs to. 138 // 139 // This member is required. 140 QueryLoggingConfig *types.QueryLoggingConfig 141 142 // Metadata pertaining to the operation's result. 143 ResultMetadata middleware.Metadata 144 145 noSmithyDocumentSerde 146 } 147 148 func (c *Client) addOperationCreateQueryLoggingConfigMiddlewares(stack *middleware.Stack, options Options) (err error) { 149 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { 150 return err 151 } 152 err = stack.Serialize.Add(&awsRestxml_serializeOpCreateQueryLoggingConfig{}, middleware.After) 153 if err != nil { 154 return err 155 } 156 err = stack.Deserialize.Add(&awsRestxml_deserializeOpCreateQueryLoggingConfig{}, middleware.After) 157 if err != nil { 158 return err 159 } 160 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateQueryLoggingConfig"); err != nil { 161 return fmt.Errorf("add protocol finalizers: %v", err) 162 } 163 164 if err = addlegacyEndpointContextSetter(stack, options); err != nil { 165 return err 166 } 167 if err = addSetLoggerMiddleware(stack, options); err != nil { 168 return err 169 } 170 if err = addClientRequestID(stack); err != nil { 171 return err 172 } 173 if err = addComputeContentLength(stack); err != nil { 174 return err 175 } 176 if err = addResolveEndpointMiddleware(stack, options); err != nil { 177 return err 178 } 179 if err = addComputePayloadSHA256(stack); err != nil { 180 return err 181 } 182 if err = addRetry(stack, options); err != nil { 183 return err 184 } 185 if err = addRawResponseToMetadata(stack); err != nil { 186 return err 187 } 188 if err = addRecordResponseTiming(stack); err != nil { 189 return err 190 } 191 if err = addClientUserAgent(stack, options); err != nil { 192 return err 193 } 194 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 195 return err 196 } 197 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 198 return err 199 } 200 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { 201 return err 202 } 203 if err = addOpCreateQueryLoggingConfigValidationMiddleware(stack); err != nil { 204 return err 205 } 206 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateQueryLoggingConfig(options.Region), middleware.Before); err != nil { 207 return err 208 } 209 if err = addRecursionDetection(stack); err != nil { 210 return err 211 } 212 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 213 return err 214 } 215 if err = addResponseErrorMiddleware(stack); err != nil { 216 return err 217 } 218 if err = addSanitizeURLMiddleware(stack); err != nil { 219 return err 220 } 221 if err = addRequestResponseLogging(stack, options); err != nil { 222 return err 223 } 224 if err = addDisableHTTPSMiddleware(stack, options); err != nil { 225 return err 226 } 227 return nil 228 } 229 230 func newServiceMetadataMiddleware_opCreateQueryLoggingConfig(region string) *awsmiddleware.RegisterServiceMetadata { 231 return &awsmiddleware.RegisterServiceMetadata{ 232 Region: region, 233 ServiceID: ServiceID, 234 OperationName: "CreateQueryLoggingConfig", 235 } 236 }