1 // Code generated by smithy-go-codegen DO NOT EDIT.
2 3 package route53
4 5 import (
6 "context"
7 "fmt"
8 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
9 "github.com/aws/aws-sdk-go-v2/service/route53/types"
10 "github.com/aws/smithy-go/middleware"
11 smithyhttp "github.com/aws/smithy-go/transport/http"
12 )
13 14 // Creates a configuration for DNS query logging. After you create a query logging
15 // configuration, Amazon Route 53 begins to publish log data to an Amazon
16 // CloudWatch Logs log group.
17 //
18 // DNS query logs contain information about the queries that Route 53 receives for
19 // a specified public hosted zone, such as the following:
20 //
21 // - Route 53 edge location that responded to the DNS query
22 //
23 // - Domain or subdomain that was requested
24 //
25 // - DNS record type, such as A or AAAA
26 //
27 // - DNS response code, such as NoError or ServFail
28 //
29 // Log Group and Resource Policy Before you create a query logging configuration,
30 // perform the following operations.
31 //
32 // If you create a query logging configuration using the Route 53 console, Route
33 // 53 performs these operations automatically.
34 //
35 // - Create a CloudWatch Logs log group, and make note of the ARN, which you
36 // specify when you create a query logging configuration. Note the following:
37 //
38 // - You must create the log group in the us-east-1 region.
39 //
40 // - You must use the same Amazon Web Services account to create the log group
41 // and the hosted zone that you want to configure query logging for.
42 //
43 // - When you create log groups for query logging, we recommend that you use a
44 // consistent prefix, for example:
45 //
46 // /aws/route53/hosted zone name
47 //
48 // In the next step, you'll create a resource policy, which controls access to one
49 //
50 // or more log groups and the associated Amazon Web Services resources, such as
51 // Route 53 hosted zones. There's a limit on the number of resource policies that
52 // you can create, so we recommend that you use a consistent prefix so you can use
53 // the same resource policy for all the log groups that you create for query
54 // logging.
55 //
56 // - Create a CloudWatch Logs resource policy, and give it the permissions that
57 // Route 53 needs to create log streams and to send query logs to log streams. You
58 // must create the CloudWatch Logs resource policy in the us-east-1 region. For the
59 // value of Resource , specify the ARN for the log group that you created in the
60 // previous step. To use the same resource policy for all the CloudWatch Logs log
61 // groups that you created for query logging configurations, replace the hosted
62 // zone name with * , for example:
63 //
64 // arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/*
65 //
66 // To avoid the confused deputy problem, a security issue where an entity without
67 //
68 // a permission for an action can coerce a more-privileged entity to perform it,
69 // you can optionally limit the permissions that a service has to a resource in a
70 // resource-based policy by supplying the following values:
71 //
72 // - For aws:SourceArn , supply the hosted zone ARN used in creating the query
73 // logging configuration. For example, aws:SourceArn:
74 // arn:aws:route53:::hostedzone/hosted zone ID .
75 //
76 // - For aws:SourceAccount , supply the account ID for the account that creates
77 // the query logging configuration. For example, aws:SourceAccount:111111111111 .
78 //
79 // For more information, see [The confused deputy problem]in the Amazon Web Services IAM User Guide.
80 //
81 // You can't use the CloudWatch console to create or edit a resource policy. You
82 //
83 // must use the CloudWatch API, one of the Amazon Web Services SDKs, or the CLI.
84 //
85 // Log Streams and Edge Locations When Route 53 finishes creating the
86 // configuration for DNS query logging, it does the following:
87 //
88 // - Creates a log stream for an edge location the first time that the edge
89 // location responds to DNS queries for the specified hosted zone. That log stream
90 // is used to log all queries that Route 53 responds to for that edge location.
91 //
92 // - Begins to send query logs to the applicable log stream.
93 //
94 // The name of each log stream is in the following format:
95 //
96 // hosted zone ID/edge location code
97 //
98 // The edge location code is a three-letter code and an arbitrarily assigned
99 // number, for example, DFW3. The three-letter code typically corresponds with the
100 // International Air Transport Association airport code for an airport near the
101 // edge location. (These abbreviations might change in the future.) For a list of
102 // edge locations, see "The Route 53 Global Network" on the [Route 53 Product Details]page.
103 //
104 // Queries That Are Logged Query logs contain only the queries that DNS resolvers
105 // forward to Route 53. If a DNS resolver has already cached the response to a
106 // query (such as the IP address for a load balancer for example.com), the resolver
107 // will continue to return the cached response. It doesn't forward another query to
108 // Route 53 until the TTL for the corresponding resource record set expires.
109 // Depending on how many DNS queries are submitted for a resource record set, and
110 // depending on the TTL for that resource record set, query logs might contain
111 // information about only one query out of every several thousand queries that are
112 // submitted to DNS. For more information about how DNS works, see [Routing Internet Traffic to Your Website or Web Application]in the Amazon
113 // Route 53 Developer Guide.
114 //
115 // Log File Format For a list of the values in each query log and the format of
116 // each value, see [Logging DNS Queries]in the Amazon Route 53 Developer Guide.
117 //
118 // Pricing For information about charges for query logs, see [Amazon CloudWatch Pricing].
119 //
120 // How to Stop Logging If you want Route 53 to stop sending query logs to
121 // CloudWatch Logs, delete the query logging configuration. For more information,
122 // see [DeleteQueryLoggingConfig].
123 //
124 // [The confused deputy problem]: https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
125 // [DeleteQueryLoggingConfig]: https://docs.aws.amazon.com/Route53/latest/APIReference/API_DeleteQueryLoggingConfig.html
126 // [Routing Internet Traffic to Your Website or Web Application]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/welcome-dns-service.html
127 // [Route 53 Product Details]: http://aws.amazon.com/route53/details/
128 // [Amazon CloudWatch Pricing]: http://aws.amazon.com/cloudwatch/pricing/
129 // [Logging DNS Queries]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html
130 func (c *Client) CreateQueryLoggingConfig(ctx context.Context, params *CreateQueryLoggingConfigInput, optFns ...func(*Options)) (*CreateQueryLoggingConfigOutput, error) {
131 if params == nil {
132 params = &CreateQueryLoggingConfigInput{}
133 }
134 135 result, metadata, err := c.invokeOperation(ctx, "CreateQueryLoggingConfig", params, optFns, c.addOperationCreateQueryLoggingConfigMiddlewares)
136 if err != nil {
137 return nil, err
138 }
139 140 out := result.(*CreateQueryLoggingConfigOutput)
141 out.ResultMetadata = metadata
142 return out, nil
143 }
144 145 type CreateQueryLoggingConfigInput struct {
146 147 // The Amazon Resource Name (ARN) for the log group that you want to Amazon Route
148 // 53 to send query logs to. This is the format of the ARN:
149 //
150 // arn:aws:logs:region:account-id:log-group:log_group_name
151 //
152 // To get the ARN for a log group, you can use the CloudWatch console, the [DescribeLogGroups] API
153 // action, the [describe-log-groups]command, or the applicable command in one of the Amazon Web
154 // Services SDKs.
155 //
156 // [describe-log-groups]: https://docs.aws.amazon.com/cli/latest/reference/logs/describe-log-groups.html
157 // [DescribeLogGroups]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeLogGroups.html
158 //
159 // This member is required.
160 CloudWatchLogsLogGroupArn *string
161 162 // The ID of the hosted zone that you want to log queries for. You can log queries
163 // only for public hosted zones.
164 //
165 // This member is required.
166 HostedZoneId *string
167 168 noSmithyDocumentSerde
169 }
170 171 type CreateQueryLoggingConfigOutput struct {
172 173 // The unique URL representing the new query logging configuration.
174 //
175 // This member is required.
176 Location *string
177 178 // A complex type that contains the ID for a query logging configuration, the ID
179 // of the hosted zone that you want to log queries for, and the ARN for the log
180 // group that you want Amazon Route 53 to send query logs to.
181 //
182 // This member is required.
183 QueryLoggingConfig *types.QueryLoggingConfig
184 185 // Metadata pertaining to the operation's result.
186 ResultMetadata middleware.Metadata
187 188 noSmithyDocumentSerde
189 }
190 191 func (c *Client) addOperationCreateQueryLoggingConfigMiddlewares(stack *middleware.Stack, options Options) (err error) {
192 if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
193 return err
194 }
195 err = stack.Serialize.Add(&awsRestxml_serializeOpCreateQueryLoggingConfig{}, middleware.After)
196 if err != nil {
197 return err
198 }
199 err = stack.Deserialize.Add(&awsRestxml_deserializeOpCreateQueryLoggingConfig{}, middleware.After)
200 if err != nil {
201 return err
202 }
203 if err := addProtocolFinalizerMiddlewares(stack, options, "CreateQueryLoggingConfig"); err != nil {
204 return fmt.Errorf("add protocol finalizers: %v", err)
205 }
206 207 if err = addlegacyEndpointContextSetter(stack, options); err != nil {
208 return err
209 }
210 if err = addSetLoggerMiddleware(stack, options); err != nil {
211 return err
212 }
213 if err = addClientRequestID(stack); err != nil {
214 return err
215 }
216 if err = addComputeContentLength(stack); err != nil {
217 return err
218 }
219 if err = addResolveEndpointMiddleware(stack, options); err != nil {
220 return err
221 }
222 if err = addComputePayloadSHA256(stack); err != nil {
223 return err
224 }
225 if err = addRetry(stack, options); err != nil {
226 return err
227 }
228 if err = addRawResponseToMetadata(stack); err != nil {
229 return err
230 }
231 if err = addRecordResponseTiming(stack); err != nil {
232 return err
233 }
234 if err = addSpanRetryLoop(stack, options); err != nil {
235 return err
236 }
237 if err = addClientUserAgent(stack, options); err != nil {
238 return err
239 }
240 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
241 return err
242 }
243 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
244 return err
245 }
246 if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
247 return err
248 }
249 if err = addTimeOffsetBuild(stack, c); err != nil {
250 return err
251 }
252 if err = addUserAgentRetryMode(stack, options); err != nil {
253 return err
254 }
255 if err = addCredentialSource(stack, options); err != nil {
256 return err
257 }
258 if err = addOpCreateQueryLoggingConfigValidationMiddleware(stack); err != nil {
259 return err
260 }
261 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateQueryLoggingConfig(options.Region), middleware.Before); err != nil {
262 return err
263 }
264 if err = addRecursionDetection(stack); err != nil {
265 return err
266 }
267 if err = addRequestIDRetrieverMiddleware(stack); err != nil {
268 return err
269 }
270 if err = addResponseErrorMiddleware(stack); err != nil {
271 return err
272 }
273 if err = addSanitizeURLMiddleware(stack); err != nil {
274 return err
275 }
276 if err = addRequestResponseLogging(stack, options); err != nil {
277 return err
278 }
279 if err = addDisableHTTPSMiddleware(stack, options); err != nil {
280 return err
281 }
282 if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
283 return err
284 }
285 if err = addInterceptAttempt(stack, options); err != nil {
286 return err
287 }
288 if err = addInterceptors(stack, options); err != nil {
289 return err
290 }
291 return nil
292 }
293 294 func newServiceMetadataMiddleware_opCreateQueryLoggingConfig(region string) *awsmiddleware.RegisterServiceMetadata {
295 return &awsmiddleware.RegisterServiceMetadata{
296 Region: region,
297 ServiceID: ServiceID,
298 OperationName: "CreateQueryLoggingConfig",
299 }
300 }
301