WAF log table update (#90)

* Update the latest WAF log format * Remove parameter.paths for JsonSerDe
elastic-infra · Aug 21, 2024 · 33ef465 · 33ef465
1 parent b292765
commit 33ef465
Showing 1 changed file with 48 additions and 8 deletions.
diff --git a/aws/waf-log-table/main.tf b/aws/waf-log-table/main.tf
@@ -42,11 +42,6 @@ resource "aws_glue_catalog_table" "t" {
 
     ser_de_info {
       serialization_library = "org.openx.data.jsonserde.JsonSerDe"
-
-      parameters = {
-        # NOTE: https://docs.aws.amazon.com/athena/latest/ug/waf-logs.html
-        "paths" = "action,formatVersion,httpRequest,httpSourceId,httpSourceName,nonTerminatingMatchingRules,rateBasedRuleList,ruleGroupList,terminatingRuleId,terminatingRuleMatchDetails,terminatingRuleType,timestamp,webaclId"
-      }
     }
 
     columns {
@@ -81,7 +76,7 @@ resource "aws_glue_catalog_table" "t" {
 
     columns {
       name = "terminatingrulematchdetails"
-      type = "array<struct<conditiontype:string,location:string,matcheddata:array<string>>>"
+      type = "array<struct<conditiontype:string,sensitivitylevel:string,location:string,matcheddata:array<string>>>"
     }
 
     columns {
@@ -96,7 +91,7 @@ resource "aws_glue_catalog_table" "t" {
 
     columns {
       name = "rulegrouplist"
-      type = "array<struct<rulegroupid:string,terminatingrule:struct<ruleid:string,action:string,rulematchdetails:string>,nonterminatingmatchingrules:array<struct<ruleid:string,action:string,rulematchdetails:array<struct<conditiontype:string,location:string,matcheddata:array<string>>>>>,excludedrules:string>>"
+      type = "array<struct<rulegroupid:string,terminatingrule:struct<ruleid:string,action:string,rulematchdetails:array<struct<conditiontype:string,sensitivitylevel:string,location:string,matcheddata:array<string>>>>,nonterminatingmatchingrules:array<struct<ruleid:string,action:string,overriddenaction:string,rulematchdetails:array<struct<conditiontype:string,sensitivitylevel:string,location:string,matcheddata:array<string>>>,challengeresponse:struct<responsecode:string,solvetimestamp:string>,captcharesponse:struct<responsecode:string,solvetimestamp:string>>>,excludedrules:string>>"
     }
 
     columns {
@@ -106,13 +101,58 @@ resource "aws_glue_catalog_table" "t" {
 
     columns {
       name = "nonterminatingmatchingrules"
-      type = "array<struct<ruleid:string,action:string>>"
+      type = "array<struct<ruleid:string,action:string,rulematchdetails:array<struct<conditiontype:string,sensitivitylevel:string,location:string,matcheddata:array<string>>>,challengeresponse:struct<responsecode:string,solvetimestamp:string>,captcharesponse:struct<responsecode:string,solvetimestamp:string>>>"
+    }
+
+    columns {
+      name = "requestheadersinserted"
+      type = "array<struct<name:string,value:string>>"
+    }
+
+    columns {
+      name = "responsecodesent"
+      type = "string"
     }
 
     columns {
       name = "httprequest"
       type = "struct<clientip:string,country:string,headers:array<struct<name:string,value:string>>,uri:string,args:string,httpversion:string,httpmethod:string,requestid:string>"
     }
+
+    columns {
+      name = "labels"
+      type = "array<struct<name:string>>"
+    }
+
+    columns {
+      name = "captcharesponse"
+      type = "struct<responsecode:string,solvetimestamp:string,failureReason:string>"
+    }
+
+    columns {
+      name = "challengeresponse"
+      type = "struct<responsecode:string,solvetimestamp:string,failureReason:string>"
+    }
+
+    columns {
+      name = "ja3fingerprint"
+      type = "string"
+    }
+
+    columns {
+      name = "oversizefields"
+      type = "string"
+    }
+
+    columns {
+      name = "requestbodysize"
+      type = "int"
+    }
+
+    columns {
+      name = "requestbodysizeinspectedbywaf"
+      type = "int"
+    }
   }
 
   partition_keys {