@@ -243,6 +243,66 @@ export class AccessLogField {
243243 return '$context.identity.sourceIp' ;
244244 }
245245
246+ /**
247+ * The PEM-encoded client certificate that the client presented during mutual TLS authentication.
248+ * Present when a client accesses an API by using a custom domain name that has mutual TLS enabled.
249+ * Present only in access logs if mutual TLS authentication fails.
250+ */
251+
252+ public static contextIdentityClientCertPem ( ) {
253+ return '$context.identity.clientCert.clientCertPem' ;
254+ }
255+
256+ /**
257+ * The distinguished name of the subject of the certificate that a client presents.
258+ * Present when a client accesses an API by using a custom domain name that has mutual TLS enabled.
259+ * Present only in access logs if mutual TLS authentication fails.
260+ */
261+
262+ public static contextIdentityClientCertSubjectDN ( ) {
263+ return '$context.identity.clientCert.subjectDN' ;
264+ }
265+
266+ /**
267+ * The distinguished name of the issuer of the certificate that a client presents.
268+ * Present when a client accesses an API by using a custom domain name that has mutual TLS enabled.
269+ * Present only in access logs if mutual TLS authentication fails.
270+ */
271+
272+ public static contextIdentityClientCertIssunerDN ( ) {
273+ return '$context.identity.clientCert.issuerDN' ;
274+ }
275+
276+ /**
277+ * The serial number of the certificate.
278+ * Present when a client accesses an API by using a custom domain name that has mutual TLS enabled.
279+ * Present only in access logs if mutual TLS authentication fails.
280+ */
281+
282+ public static contextIdentityClientCertSerialNumber ( ) {
283+ return '$context.identity.clientCert.serialNumber' ;
284+ }
285+
286+ /**
287+ * The date before which the certificate is invalid.
288+ * Present when a client accesses an API by using a custom domain name that has mutual TLS enabled.
289+ * Present only in access logs if mutual TLS authentication fails.
290+ */
291+
292+ public static contextIdentityClientCertValidityNotBefore ( ) {
293+ return '$context.identity.clientCert.validity.notBefore' ;
294+ }
295+
296+ /**
297+ * The date after which the certificate is invalid.
298+ * Present when a client accesses an API by using a custom domain name that has mutual TLS enabled.
299+ * Present only in access logs if mutual TLS authentication fails.
300+ */
301+
302+ public static contextIdentityClientCertValidityNotAfter ( ) {
303+ return '$context.identity.clientCert.validity.notAfter' ;
304+ }
305+
246306 /**
247307 * The principal identifier of the user making the request. Used in Lambda authorizers.
248308 * @see https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
@@ -449,6 +509,121 @@ export class AccessLogField {
449509 public static contextStatus ( ) {
450510 return '$context.status' ;
451511 }
512+
513+ /**
514+ * The authorization error message.
515+ */
516+ public static contextAuthorizeError ( ) {
517+ return '$context.authorize.error' ;
518+ }
519+
520+ /**
521+ * The authorization latency in ms.
522+ */
523+ public static contextAuthorizeLatency ( ) {
524+ return '$context.authorize.latency' ;
525+ }
526+
527+ /**
528+ * The status code returned from an authorization attempt.
529+ */
530+ public static contextAuthorizeStatus ( ) {
531+ return '$context.authorize.status' ;
532+ }
533+
534+ /**
535+ * The error message returned from an authorizer.
536+ */
537+ public static contextAuthorizerError ( ) {
538+ return '$context.authorizer.error' ;
539+ }
540+
541+ /**
542+ * The status code returned from a Lambda authorizer.
543+ */
544+ public static contextAuthorizerIntegrationStatus ( ) {
545+ return '$context.authorizer.integrationStatus' ;
546+ }
547+
548+ /**
549+ * The authorizer latency in ms.
550+ */
551+ public static contextAuthorizerLatency ( ) {
552+ return '$context.authorizer.latency' ;
553+ }
554+
555+ /**
556+ * The AWS endpoint's request ID.
557+ */
558+ public static contextAuthorizerRequestId ( ) {
559+ return '$context.authorizer.requestId' ;
560+ }
561+
562+ /**
563+ * The status code returned from an authorizer.
564+ */
565+ public static contextAuthorizerStatus ( ) {
566+ return '$context.authorizer.status' ;
567+ }
568+
569+ /**
570+ * The error message returned from an authentication attempt.
571+ */
572+ public static contextAuthenticateError ( ) {
573+ return '$context.authenticate.error' ;
574+ }
575+
576+ /**
577+ * The authentication latency in ms.
578+ */
579+ public static contextAuthenticateLatency ( ) {
580+ return '$context.authenticate.latency' ;
581+ }
582+
583+ /**
584+ * The status code returned from an authentication attempt.
585+ */
586+ public static contextAuthenticateStatus ( ) {
587+ return '$context.authenticate.status' ;
588+ }
589+
590+ /**
591+ * The path for an API mapping that an incoming request matched.
592+ * Applicable when a client uses a custom domain name to access an API. For example if a client sends a request to
593+ * https://api.example.com/v1/orders/1234, and the request matches the API mapping with the path v1/orders, the value is v1/orders.
594+ * @see https://docs.aws.amazon.com/en_jp/apigateway/latest/developerguide/rest-api-mappings.html
595+ */
596+ public static contextCustomDomainBasePathMatched ( ) {
597+ return '$context.customDomain.basePathMatched' ;
598+ }
599+
600+ /**
601+ * A string that contains an integration error message.
602+ */
603+ public static contextIntegrationErrorMessage ( ) {
604+ return '$context.integrationErrorMessage' ;
605+ }
606+
607+ /**
608+ * The error message returned from AWS WAF.
609+ */
610+ public static contextWafError ( ) {
611+ return '$context.waf.error' ;
612+ }
613+
614+ /**
615+ * The AWS WAF latency in ms.
616+ */
617+ public static contextWafLatency ( ) {
618+ return '$context.waf.latency' ;
619+ }
620+
621+ /**
622+ * The status code returned from AWS WAF.
623+ */
624+ public static contextWafStatus ( ) {
625+ return '$context.waf.status' ;
626+ }
452627}
453628
454629/**
0 commit comments