Permissions

Permissions for AWS Network Firewall Logging Configuration

To configure AWS Network Firewall logging, specific permissions are required in addition to the standard permissions needed to manage the Network Firewall API.

Required Permissions for Logging Configuration:

• logs:CreateLogDelivery – Create a new log delivery configuration.

• logs:GetLogDelivery – Retrieve details about log delivery configurations.

• logs:UpdateLogDelivery – Update an existing log delivery configuration.

• logs:DeleteLogDelivery – Delete an existing log delivery configuration.

• logs:ListLogDeliveries – List all log delivery configurations.

These permissions apply to all resources ("Resource": ["*"]).

Example Policy Statement:

{
    "Action": [
        "logs:CreateLogDelivery",
        "logs:GetLogDelivery",
        "logs:UpdateLogDelivery",
        "logs:DeleteLogDelivery",
        "logs:ListLogDeliveries"
    ],
    "Resource": "*",
    "Effect": "Allow",
    "Sid": "FirewallLogging"
}