1 | import { ILogGroup } from '@aws-cdk/aws-logs';
|
2 | import { IStage } from './stage';
|
3 | /**
|
4 | * Access log destination for a RestApi Stage.
|
5 | */
|
6 | export interface IAccessLogDestination {
|
7 | /**
|
8 | * Binds this destination to the RestApi Stage.
|
9 | */
|
10 | bind(stage: IStage): AccessLogDestinationConfig;
|
11 | }
|
12 | /**
|
13 | * Options when binding a log destination to a RestApi Stage.
|
14 | */
|
15 | export interface AccessLogDestinationConfig {
|
16 | /**
|
17 | * The Amazon Resource Name (ARN) of the destination resource
|
18 | */
|
19 | readonly destinationArn: string;
|
20 | }
|
21 | /**
|
22 | * Use CloudWatch Logs as a custom access log destination for API Gateway.
|
23 | */
|
24 | export declare class LogGroupLogDestination implements IAccessLogDestination {
|
25 | private readonly logGroup;
|
26 | constructor(logGroup: ILogGroup);
|
27 | /**
|
28 | * Binds this destination to the CloudWatch Logs.
|
29 | */
|
30 | bind(_stage: IStage): AccessLogDestinationConfig;
|
31 | }
|
32 | /**
|
33 | * $context variables that can be used to customize access log pattern.
|
34 | */
|
35 | export declare class AccessLogField {
|
36 | /**
|
37 | * The API owner's AWS account ID.
|
38 | */
|
39 | static contextAccountId(): string;
|
40 | /**
|
41 | * The identifier API Gateway assigns to your API.
|
42 | */
|
43 | static contextApiId(): string;
|
44 | /**
|
45 | * A property of the claims returned from the Amazon Cognito user pool after the method caller is successfully authenticated.
|
46 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
|
47 | *
|
48 | * @param property A property key of the claims.
|
49 | */
|
50 | static contextAuthorizerClaims(property: string): string;
|
51 | /**
|
52 | * The principal user identification associated with the token sent by the client and returned
|
53 | * from an API Gateway Lambda authorizer (formerly known as a custom authorizer).
|
54 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
|
55 | */
|
56 | static contextAuthorizerPrincipalId(): string;
|
57 | /**
|
58 | * The stringified value of the specified key-value pair of the `context` map returned from an API Gateway Lambda authorizer function.
|
59 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
|
60 | * @param property key of the context map.
|
61 | */
|
62 | static contextAuthorizer(property: string): string;
|
63 | /**
|
64 | * The AWS endpoint's request ID.
|
65 | */
|
66 | static contextAwsEndpointRequestId(): string;
|
67 | /**
|
68 | * The full domain name used to invoke the API. This should be the same as the incoming `Host` header.
|
69 | */
|
70 | static contextDomainName(): string;
|
71 | /**
|
72 | * The first label of the `$context.domainName`. This is often used as a caller/customer identifier.
|
73 | */
|
74 | static contextDomainPrefix(): string;
|
75 | /**
|
76 | * A string containing an API Gateway error message.
|
77 | */
|
78 | static contextErrorMessage(): string;
|
79 | /**
|
80 | * The quoted value of $context.error.message, namely "$context.error.message".
|
81 | */
|
82 | static contextErrorMessageString(): string;
|
83 | /**
|
84 | * A type of GatewayResponse. This variable can only be used for simple variable substitution in a GatewayResponse body-mapping template,
|
85 | * which is not processed by the Velocity Template Language engine, and in access logging.
|
86 | *
|
87 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-logging.html
|
88 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/customize-gateway-responses.html
|
89 | */
|
90 | static contextErrorResponseType(): string;
|
91 | /**
|
92 | * A string containing a detailed validation error message.
|
93 | */
|
94 | static contextErrorValidationErrorString(): string;
|
95 | /**
|
96 | * The extended ID that API Gateway assigns to the API request, which contains more useful information for debugging/troubleshooting.
|
97 | */
|
98 | static contextExtendedRequestId(): string;
|
99 | /**
|
100 | * The HTTP method used. Valid values include: `DELETE`, `GET`, `HEAD`, `OPTIONS`, `PATCH`, `POST`, and `PUT`.
|
101 | */
|
102 | static contextHttpMethod(): string;
|
103 | /**
|
104 | * The AWS account ID associated with the request.
|
105 | */
|
106 | static contextIdentityAccountId(): string;
|
107 | /**
|
108 | * For API methods that require an API key, this variable is the API key associated with the method request.
|
109 | * For methods that don't require an API key, this variable is
|
110 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html
|
111 | */
|
112 | static contextIdentityApiKey(): string;
|
113 | /**
|
114 | * The API key ID associated with an API request that requires an API key.
|
115 | */
|
116 | static contextIdentityApiKeyId(): string;
|
117 | /**
|
118 | * The principal identifier of the caller making the request.
|
119 | */
|
120 | static contextIdentityCaller(): string;
|
121 | /**
|
122 | * The Amazon Cognito authentication provider used by the caller making the request.
|
123 | * Available only if the request was signed with Amazon Cognito credentials.
|
124 | * @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
125 | */
|
126 | static contextIdentityCognitoAuthenticationProvider(): string;
|
127 | /**
|
128 | * The Amazon Cognito authentication type of the caller making the request.
|
129 | * Available only if the request was signed with Amazon Cognito credentials.
|
130 | */
|
131 | static contextIdentityCognitoAuthenticationType(): string;
|
132 | /**
|
133 | * The Amazon Cognito identity ID of the caller making the request. Available only if the request was signed with Amazon Cognito credentials.
|
134 | */
|
135 | static contextIdentityCognitoIdentityId(): string;
|
136 | /**
|
137 | * The Amazon Cognito identity pool ID of the caller making the request.
|
138 | * Available only if the request was signed with Amazon Cognito credentials.
|
139 | */
|
140 | static contextIdentityCognitoIdentityPoolId(): string;
|
141 | /**
|
142 | * The AWS organization ID.
|
143 | */
|
144 | static contextIdentityPrincipalOrgId(): string;
|
145 | /**
|
146 | * The source IP address of the TCP connection making the request to API Gateway.
|
147 | * Warning: You should not trust this value if there is any chance that the `X-Forwarded-For` header could be forged.
|
148 | */
|
149 | static contextIdentitySourceIp(): string;
|
150 | /**
|
151 | * The principal identifier of the user making the request. Used in Lambda authorizers.
|
152 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
|
153 | */
|
154 | static contextIdentityUser(): string;
|
155 | /**
|
156 | * The User-Agent header of the API caller.
|
157 | */
|
158 | static contextIdentityUserAgent(): string;
|
159 | /**
|
160 | * The Amazon Resource Name (ARN) of the effective user identified after authentication.
|
161 | * @see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
|
162 | */
|
163 | static contextIdentityUserArn(): string;
|
164 | /**
|
165 | * The request path.
|
166 | * For example, for a non-proxy request URL of https://{rest-api-id.execute-api.{region}.amazonaws.com/{stage}/root/child,
|
167 | * this value is /{stage}/root/child.
|
168 | */
|
169 | static contextPath(): string;
|
170 | /**
|
171 | * The request protocol, for example, HTTP/1.1.
|
172 | */
|
173 | static contextProtocol(): string;
|
174 | /**
|
175 | * The ID that API Gateway assigns to the API request.
|
176 | */
|
177 | static contextRequestId(): string;
|
178 | /**
|
179 | * The request header override.
|
180 | * If this parameter is defined, it contains the headers to be used instead of the HTTP Headers that are defined in the Integration Request pane.
|
181 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
|
182 | *
|
183 | * @param headerName
|
184 | */
|
185 | static contextRequestOverrideHeader(headerName: string): string;
|
186 | /**
|
187 | * The request path override. If this parameter is defined,
|
188 | * it contains the request path to be used instead of the URL Path Parameters that are defined in the Integration Request pane.
|
189 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
|
190 | *
|
191 | * @param pathName
|
192 | */
|
193 | static contextRequestOverridePath(pathName: string): string;
|
194 | /**
|
195 | * The request query string override.
|
196 | * If this parameter is defined, it contains the request query strings to be used instead
|
197 | * of the URL Query String Parameters that are defined in the Integration Request pane.
|
198 | *
|
199 | * @param querystringName
|
200 | */
|
201 | static contextRequestOverrideQuerystring(querystringName: string): string;
|
202 | /**
|
203 | * The response header override.
|
204 | * If this parameter is defined, it contains the header to be returned instead of the Response header
|
205 | * that is defined as the Default mapping in the Integration Response pane.
|
206 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
|
207 | *
|
208 | * @param headerName
|
209 | */
|
210 | static contextResponseOverrideHeader(headerName: string): string;
|
211 | /**
|
212 | * The response status code override.
|
213 | * If this parameter is defined, it contains the status code to be returned instead of the Method response status
|
214 | * that is defined as the Default mapping in the Integration Response pane.
|
215 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
|
216 | */
|
217 | static contextResponseOverrideStatus(): string;
|
218 | /**
|
219 | * The CLF-formatted request time (dd/MMM/yyyy:HH:mm:ss +-hhmm).
|
220 | */
|
221 | static contextRequestTime(): string;
|
222 | /**
|
223 | * The Epoch-formatted request time.
|
224 | */
|
225 | static contextRequestTimeEpoch(): string;
|
226 | /**
|
227 | * The identifier that API Gateway assigns to your resource.
|
228 | */
|
229 | static contextResourceId(): string;
|
230 | /**
|
231 | * The path to your resource.
|
232 | * For example, for the non-proxy request URI of `https://{rest-api-id.execute-api.{region}.amazonaws.com/{stage}/root/child`,
|
233 | * The $context.resourcePath value is `/root/child`.
|
234 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html
|
235 | */
|
236 | static contextResourcePath(): string;
|
237 | /**
|
238 | * The deployment stage of the API request (for example, `Beta` or `Prod`).
|
239 | */
|
240 | static contextStage(): string;
|
241 | /**
|
242 | * The response received from AWS WAF: `WAF_ALLOW` or `WAF_BLOCK`. Will not be set if the stage is not associated with a web ACL.
|
243 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html
|
244 | */
|
245 | static contextWafResponseCode(): string;
|
246 | /**
|
247 | * The complete ARN of the web ACL that is used to decide whether to allow or block the request.
|
248 | * Will not be set if the stage is not associated with a web ACL.
|
249 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html
|
250 | */
|
251 | static contextWebaclArn(): string;
|
252 | /**
|
253 | * The trace ID for the X-Ray trace.
|
254 | * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enabling-xray.html
|
255 | */
|
256 | static contextXrayTraceId(): string;
|
257 | /**
|
258 | * The authorizer latency in ms.
|
259 | */
|
260 | static contextAuthorizerIntegrationLatency(): string;
|
261 | /**
|
262 | * The integration latency in ms.
|
263 | */
|
264 | static contextIntegrationLatency(): string;
|
265 | /**
|
266 | * For Lambda proxy integration, this parameter represents the status code returned from AWS Lambda,
|
267 | * not from the backend Lambda function.
|
268 | */
|
269 | static contextIntegrationStatus(): string;
|
270 | /**
|
271 | * The response latency in ms.
|
272 | */
|
273 | static contextResponseLatency(): string;
|
274 | /**
|
275 | * The response payload length.
|
276 | */
|
277 | static contextResponseLength(): string;
|
278 | /**
|
279 | * The method response status.
|
280 | */
|
281 | static contextStatus(): string;
|
282 | }
|
283 | /**
|
284 | * Properties for controlling items output in JSON standard format
|
285 | */
|
286 | export interface JsonWithStandardFieldProps {
|
287 | /**
|
288 | * If this flag is enabled, the source IP of request will be output to the log
|
289 | */
|
290 | readonly ip: boolean;
|
291 | /**
|
292 | * If this flag is enabled, the principal identifier of the caller will be output to the log
|
293 | */
|
294 | readonly caller: boolean;
|
295 | /**
|
296 | * If this flag is enabled, the principal identifier of the user will be output to the log
|
297 | */
|
298 | readonly user: boolean;
|
299 | /**
|
300 | * If this flag is enabled, the CLF-formatted request time((dd/MMM/yyyy:HH:mm:ss +-hhmm) will be output to the log
|
301 | */
|
302 | readonly requestTime: boolean;
|
303 | /**
|
304 | * If this flag is enabled, the http method will be output to the log
|
305 | */
|
306 | readonly httpMethod: boolean;
|
307 | /**
|
308 | * If this flag is enabled, the path to your resource will be output to the log
|
309 | */
|
310 | readonly resourcePath: boolean;
|
311 | /**
|
312 | * If this flag is enabled, the method response status will be output to the log
|
313 | */
|
314 | readonly status: boolean;
|
315 | /**
|
316 | * If this flag is enabled, the request protocol will be output to the log
|
317 | */
|
318 | readonly protocol: boolean;
|
319 | /**
|
320 | * If this flag is enabled, the response payload length will be output to the log
|
321 | */
|
322 | readonly responseLength: boolean;
|
323 | }
|
324 | /**
|
325 | * factory methods for access log format.
|
326 | */
|
327 | export declare class AccessLogFormat {
|
328 | /**
|
329 | * Custom log format.
|
330 | * You can create any log format string. You can easily get the $ context variable by using the methods of AccessLogField.
|
331 | * @param format
|
332 | * @example
|
333 | *
|
334 | * apigateway.AccessLogFormat.custom(JSON.stringify({
|
335 | * requestId: apigateway.AccessLogField.contextRequestId(),
|
336 | * sourceIp: apigateway.AccessLogField.contextIdentitySourceIp(),
|
337 | * method: apigateway.AccessLogField.contextHttpMethod(),
|
338 | * userContext: {
|
339 | * sub: apigateway.AccessLogField.contextAuthorizerClaims('sub'),
|
340 | * email: apigateway.AccessLogField.contextAuthorizerClaims('email')
|
341 | * }
|
342 | * }))
|
343 | */
|
344 | static custom(format: string): AccessLogFormat;
|
345 | /**
|
346 | * Generate Common Log Format.
|
347 | */
|
348 | static clf(): AccessLogFormat;
|
349 | /**
|
350 | * Access log will be produced in the JSON format with a set of fields most useful in the access log. All fields are turned on by default with the
|
351 | * option to turn off specific fields.
|
352 | */
|
353 | static jsonWithStandardFields(fields?: JsonWithStandardFieldProps): AccessLogFormat;
|
354 | /**
|
355 | * A API Gateway custom access log format
|
356 | */
|
357 | private readonly format;
|
358 | private constructor();
|
359 | /**
|
360 | * Output a format string to be used with CloudFormation.
|
361 | */
|
362 | toString(): string;
|
363 | }
|