{
  "typeName" : "AWS::NetworkFirewall::LoggingConfiguration",
  "description" : "Resource type definition for AWS::NetworkFirewall::LoggingConfiguration",
  "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git",
  "additionalProperties" : false,
  "definitions" : {
    "ResourceArn" : {
      "description" : "A resource ARN.",
      "type" : "string",
      "pattern" : "^arn:aws.*$",
      "minLength" : 1,
      "maxLength" : 256
    },
    "LoggingConfiguration" : {
      "type" : "object",
      "properties" : {
        "LogDestinationConfigs" : {
          "type" : "array",
          "insertionOrder" : false,
          "items" : {
            "$ref" : "#/definitions/LogDestinationConfig"
          },
          "minItems" : 1
        }
      },
      "required" : [ "LogDestinationConfigs" ],
      "additionalProperties" : false
    },
    "LogDestinationConfig" : {
      "type" : "object",
      "properties" : {
        "LogType" : {
          "type" : "string",
          "enum" : [ "ALERT", "FLOW" ]
        },
        "LogDestinationType" : {
          "type" : "string",
          "enum" : [ "S3", "CloudWatchLogs", "KinesisDataFirehose" ]
        },
        "LogDestination" : {
          "type" : "object",
          "description" : "A key-value pair to configure the logDestinations.",
          "patternProperties" : {
            "^[0-9A-Za-z.\\-_@\\/]+$" : {
              "type" : "string",
              "minLength" : 1,
              "maxLength" : 1024
            }
          },
          "minProperties" : 1,
          "additionalProperties" : false
        }
      },
      "required" : [ "LogType", "LogDestinationType", "LogDestination" ],
      "additionalProperties" : false
    }
  },
  "properties" : {
    "FirewallName" : {
      "type" : "string",
      "minLength" : 1,
      "maxLength" : 128,
      "pattern" : "^[a-zA-Z0-9-]+$"
    },
    "FirewallArn" : {
      "$ref" : "#/definitions/ResourceArn"
    },
    "LoggingConfiguration" : {
      "$ref" : "#/definitions/LoggingConfiguration"
    }
  },
  "required" : [ "FirewallArn", "LoggingConfiguration" ],
  "createOnlyProperties" : [ "/properties/FirewallName", "/properties/FirewallArn" ],
  "primaryIdentifier" : [ "/properties/FirewallArn" ],
  "handlers" : {
    "create" : {
      "permissions" : [ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:ListLogDeliveries", "s3:PutBucketPolicy", "s3:GetBucketPolicy", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "iam:CreateServiceLinkedRole", "firehose:TagDeliveryStream", "network-firewall:UpdateLoggingConfiguration" ]
    },
    "read" : {
      "permissions" : [ "logs:GetLogDelivery", "logs:ListLogDeliveries", "network-firewall:DescribeLoggingConfiguration" ]
    },
    "update" : {
      "permissions" : [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:ListLogDeliveries", "s3:PutBucketPolicy", "s3:GetBucketPolicy", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "iam:CreateServiceLinkedRole", "firehose:TagDeliveryStream", "network-firewall:UpdateLoggingConfiguration" ]
    },
    "delete" : {
      "permissions" : [ "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:GetLogDelivery", "network-firewall:UpdateLoggingConfiguration" ]
    },
    "list" : {
      "permissions" : [ "logs:GetLogDelivery", "logs:ListLogDeliveries", "network-firewall:DescribeLoggingConfiguration" ]
    }
  }
}