Syntax Properties Return values Examples

AWS::Cognito::LogDeliveryConfiguration

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::Cognito::LogDeliveryConfiguration",
  "Properties" : {
      "LogConfigurations" : [ LogConfiguration, ... ],
      "UserPoolId" : String
    }
}

YAML


Type: AWS::Cognito::LogDeliveryConfiguration
Properties:
  LogConfigurations: 
    - LogConfiguration
  UserPoolId: String

Properties

LogConfigurations

A logging destination of a user pool. User pools can have multiple logging destinations for message-delivery and user-activity logs.

Required: No

Type: Array of LogConfiguration

Minimum: 0

Maximum: 2

Update requires: No interruption

UserPoolId

The ID of the user pool where you configured logging.

Required: Yes

Type: String

Pattern: [\w-]+_[0-9a-zA-Z]+

Minimum: 1

Maximum: 55

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a resource identifier. A log delivery configuration attached to a user pool returns a user pool ID like us-east-1_EXAMPLE.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id: A user pool ID, for example us-east-1_EXAMPLE.

Examples

Creating a new log delivery configuration for a user pool

The following example creates log delivery of user message-delivery errors to a log group and threat-protection logs to a stream.

JSON


{
    "LogDeliveryConfiguration": {
        "Properties": {
            "LogConfigurations": [
                {
                    "CloudWatchLogsConfiguration": {
                        "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
                    },
                    "EventSource": "userNotification",
                    "LogLevel": "ERROR"
                },
                {
                    "EventSource": "userAuthEvents",
                    "FirehoseConfiguration": {
                        "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/test-deliverystream"
                    },
                    "LogLevel": "INFO"
                }
            ],
            "UserPoolId": "us-west-2_EXAMPLE"
        },
        "Type": "AWS::Cognito::LogDeliveryConfiguration"
    }
}

YAML


LogDeliveryConfiguration:
    Type: AWS::Cognito::LogDeliveryConfiguration
    Properties:
      LogConfigurations:
        - CloudWatchLogsConfiguration:
            LogGroupArn: arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported
          EventSource: userNotification
          LogLevel: ERROR
        - EventSource: userAuthEvents
          FirehoseConfiguration:
            StreamArn: arn:aws:firehose:us-west-2:123456789012:deliverystream/test-deliverystream
          LogLevel: INFO
      UserPoolId: us-west-2_EXAMPLE

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

RulesConfigurationType

CloudWatchLogsConfiguration