1. Packages
  2. AWS Classic
  3. API Docs
  4. wafregional
  5. WebAcl

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

aws.wafregional.WebAcl

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

    Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.

    Example Usage

    Regular Rule

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const ipset = new aws.wafregional.IpSet("ipset", {
        name: "tfIPSet",
        ipSetDescriptors: [{
            type: "IPV4",
            value: "192.0.7.0/24",
        }],
    });
    const wafrule = new aws.wafregional.Rule("wafrule", {
        name: "tfWAFRule",
        metricName: "tfWAFRule",
        predicates: [{
            dataId: ipset.id,
            negated: false,
            type: "IPMatch",
        }],
    });
    const wafacl = new aws.wafregional.WebAcl("wafacl", {
        name: "tfWebACL",
        metricName: "tfWebACL",
        defaultAction: {
            type: "ALLOW",
        },
        rules: [{
            action: {
                type: "BLOCK",
            },
            priority: 1,
            ruleId: wafrule.id,
            type: "REGULAR",
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    ipset = aws.wafregional.IpSet("ipset",
        name="tfIPSet",
        ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(
            type="IPV4",
            value="192.0.7.0/24",
        )])
    wafrule = aws.wafregional.Rule("wafrule",
        name="tfWAFRule",
        metric_name="tfWAFRule",
        predicates=[aws.wafregional.RulePredicateArgs(
            data_id=ipset.id,
            negated=False,
            type="IPMatch",
        )])
    wafacl = aws.wafregional.WebAcl("wafacl",
        name="tfWebACL",
        metric_name="tfWebACL",
        default_action=aws.wafregional.WebAclDefaultActionArgs(
            type="ALLOW",
        ),
        rules=[aws.wafregional.WebAclRuleArgs(
            action=aws.wafregional.WebAclRuleActionArgs(
                type="BLOCK",
            ),
            priority=1,
            rule_id=wafrule.id,
            type="REGULAR",
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		ipset, err := wafregional.NewIpSet(ctx, "ipset", &wafregional.IpSetArgs{
    			Name: pulumi.String("tfIPSet"),
    			IpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{
    				&wafregional.IpSetIpSetDescriptorArgs{
    					Type:  pulumi.String("IPV4"),
    					Value: pulumi.String("192.0.7.0/24"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		wafrule, err := wafregional.NewRule(ctx, "wafrule", &wafregional.RuleArgs{
    			Name:       pulumi.String("tfWAFRule"),
    			MetricName: pulumi.String("tfWAFRule"),
    			Predicates: wafregional.RulePredicateArray{
    				&wafregional.RulePredicateArgs{
    					DataId:  ipset.ID(),
    					Negated: pulumi.Bool(false),
    					Type:    pulumi.String("IPMatch"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = wafregional.NewWebAcl(ctx, "wafacl", &wafregional.WebAclArgs{
    			Name:       pulumi.String("tfWebACL"),
    			MetricName: pulumi.String("tfWebACL"),
    			DefaultAction: &wafregional.WebAclDefaultActionArgs{
    				Type: pulumi.String("ALLOW"),
    			},
    			Rules: wafregional.WebAclRuleArray{
    				&wafregional.WebAclRuleArgs{
    					Action: &wafregional.WebAclRuleActionArgs{
    						Type: pulumi.String("BLOCK"),
    					},
    					Priority: pulumi.Int(1),
    					RuleId:   wafrule.ID(),
    					Type:     pulumi.String("REGULAR"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var ipset = new Aws.WafRegional.IpSet("ipset", new()
        {
            Name = "tfIPSet",
            IpSetDescriptors = new[]
            {
                new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
                {
                    Type = "IPV4",
                    Value = "192.0.7.0/24",
                },
            },
        });
    
        var wafrule = new Aws.WafRegional.Rule("wafrule", new()
        {
            Name = "tfWAFRule",
            MetricName = "tfWAFRule",
            Predicates = new[]
            {
                new Aws.WafRegional.Inputs.RulePredicateArgs
                {
                    DataId = ipset.Id,
                    Negated = false,
                    Type = "IPMatch",
                },
            },
        });
    
        var wafacl = new Aws.WafRegional.WebAcl("wafacl", new()
        {
            Name = "tfWebACL",
            MetricName = "tfWebACL",
            DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
            {
                Type = "ALLOW",
            },
            Rules = new[]
            {
                new Aws.WafRegional.Inputs.WebAclRuleArgs
                {
                    Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
                    {
                        Type = "BLOCK",
                    },
                    Priority = 1,
                    RuleId = wafrule.Id,
                    Type = "REGULAR",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.wafregional.IpSet;
    import com.pulumi.aws.wafregional.IpSetArgs;
    import com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;
    import com.pulumi.aws.wafregional.Rule;
    import com.pulumi.aws.wafregional.RuleArgs;
    import com.pulumi.aws.wafregional.inputs.RulePredicateArgs;
    import com.pulumi.aws.wafregional.WebAcl;
    import com.pulumi.aws.wafregional.WebAclArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ipset = new IpSet("ipset", IpSetArgs.builder()        
                .name("tfIPSet")
                .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()
                    .type("IPV4")
                    .value("192.0.7.0/24")
                    .build())
                .build());
    
            var wafrule = new Rule("wafrule", RuleArgs.builder()        
                .name("tfWAFRule")
                .metricName("tfWAFRule")
                .predicates(RulePredicateArgs.builder()
                    .dataId(ipset.id())
                    .negated(false)
                    .type("IPMatch")
                    .build())
                .build());
    
            var wafacl = new WebAcl("wafacl", WebAclArgs.builder()        
                .name("tfWebACL")
                .metricName("tfWebACL")
                .defaultAction(WebAclDefaultActionArgs.builder()
                    .type("ALLOW")
                    .build())
                .rules(WebAclRuleArgs.builder()
                    .action(WebAclRuleActionArgs.builder()
                        .type("BLOCK")
                        .build())
                    .priority(1)
                    .ruleId(wafrule.id())
                    .type("REGULAR")
                    .build())
                .build());
    
        }
    }
    
    resources:
      ipset:
        type: aws:wafregional:IpSet
        properties:
          name: tfIPSet
          ipSetDescriptors:
            - type: IPV4
              value: 192.0.7.0/24
      wafrule:
        type: aws:wafregional:Rule
        properties:
          name: tfWAFRule
          metricName: tfWAFRule
          predicates:
            - dataId: ${ipset.id}
              negated: false
              type: IPMatch
      wafacl:
        type: aws:wafregional:WebAcl
        properties:
          name: tfWebACL
          metricName: tfWebACL
          defaultAction:
            type: ALLOW
          rules:
            - action:
                type: BLOCK
              priority: 1
              ruleId: ${wafrule.id}
              type: REGULAR
    

    Group Rule

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.wafregional.WebAcl("example", {
        name: "example",
        metricName: "example",
        defaultAction: {
            type: "ALLOW",
        },
        rules: [{
            priority: 1,
            ruleId: exampleAwsWafregionalRuleGroup.id,
            type: "GROUP",
            overrideAction: {
                type: "NONE",
            },
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.wafregional.WebAcl("example",
        name="example",
        metric_name="example",
        default_action=aws.wafregional.WebAclDefaultActionArgs(
            type="ALLOW",
        ),
        rules=[aws.wafregional.WebAclRuleArgs(
            priority=1,
            rule_id=example_aws_wafregional_rule_group["id"],
            type="GROUP",
            override_action=aws.wafregional.WebAclRuleOverrideActionArgs(
                type="NONE",
            ),
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := wafregional.NewWebAcl(ctx, "example", &wafregional.WebAclArgs{
    			Name:       pulumi.String("example"),
    			MetricName: pulumi.String("example"),
    			DefaultAction: &wafregional.WebAclDefaultActionArgs{
    				Type: pulumi.String("ALLOW"),
    			},
    			Rules: wafregional.WebAclRuleArray{
    				&wafregional.WebAclRuleArgs{
    					Priority: pulumi.Int(1),
    					RuleId:   pulumi.Any(exampleAwsWafregionalRuleGroup.Id),
    					Type:     pulumi.String("GROUP"),
    					OverrideAction: &wafregional.WebAclRuleOverrideActionArgs{
    						Type: pulumi.String("NONE"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.WafRegional.WebAcl("example", new()
        {
            Name = "example",
            MetricName = "example",
            DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
            {
                Type = "ALLOW",
            },
            Rules = new[]
            {
                new Aws.WafRegional.Inputs.WebAclRuleArgs
                {
                    Priority = 1,
                    RuleId = exampleAwsWafregionalRuleGroup.Id,
                    Type = "GROUP",
                    OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs
                    {
                        Type = "NONE",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.wafregional.WebAcl;
    import com.pulumi.aws.wafregional.WebAclArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclRuleOverrideActionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new WebAcl("example", WebAclArgs.builder()        
                .name("example")
                .metricName("example")
                .defaultAction(WebAclDefaultActionArgs.builder()
                    .type("ALLOW")
                    .build())
                .rules(WebAclRuleArgs.builder()
                    .priority(1)
                    .ruleId(exampleAwsWafregionalRuleGroup.id())
                    .type("GROUP")
                    .overrideAction(WebAclRuleOverrideActionArgs.builder()
                        .type("NONE")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:wafregional:WebAcl
        properties:
          name: example
          metricName: example
          defaultAction:
            type: ALLOW
          rules:
            - priority: 1
              ruleId: ${exampleAwsWafregionalRuleGroup.id}
              type: GROUP
              overrideAction:
                type: NONE
    

    Logging

    NOTE: The Kinesis Firehose Delivery Stream name must begin with aws-waf-logs-. See the AWS WAF Developer Guide for more information about enabling WAF logging.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.wafregional.WebAcl("example", {loggingConfiguration: {
        logDestination: exampleAwsKinesisFirehoseDeliveryStream.arn,
        redactedFields: {
            fieldToMatches: [
                {
                    type: "URI",
                },
                {
                    data: "referer",
                    type: "HEADER",
                },
            ],
        },
    }});
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.wafregional.WebAcl("example", logging_configuration=aws.wafregional.WebAclLoggingConfigurationArgs(
        log_destination=example_aws_kinesis_firehose_delivery_stream["arn"],
        redacted_fields=aws.wafregional.WebAclLoggingConfigurationRedactedFieldsArgs(
            field_to_matches=[
                aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(
                    type="URI",
                ),
                aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(
                    data="referer",
                    type="HEADER",
                ),
            ],
        ),
    ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := wafregional.NewWebAcl(ctx, "example", &wafregional.WebAclArgs{
    			LoggingConfiguration: &wafregional.WebAclLoggingConfigurationArgs{
    				LogDestination: pulumi.Any(exampleAwsKinesisFirehoseDeliveryStream.Arn),
    				RedactedFields: &wafregional.WebAclLoggingConfigurationRedactedFieldsArgs{
    					FieldToMatches: wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{
    						&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
    							Type: pulumi.String("URI"),
    						},
    						&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
    							Data: pulumi.String("referer"),
    							Type: pulumi.String("HEADER"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.WafRegional.WebAcl("example", new()
        {
            LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs
            {
                LogDestination = exampleAwsKinesisFirehoseDeliveryStream.Arn,
                RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs
                {
                    FieldToMatches = new[]
                    {
                        new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                        {
                            Type = "URI",
                        },
                        new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                        {
                            Data = "referer",
                            Type = "HEADER",
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.wafregional.WebAcl;
    import com.pulumi.aws.wafregional.WebAclArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationArgs;
    import com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new WebAcl("example", WebAclArgs.builder()        
                .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()
                    .logDestination(exampleAwsKinesisFirehoseDeliveryStream.arn())
                    .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()
                        .fieldToMatches(                    
                            WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                                .type("URI")
                                .build(),
                            WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                                .data("referer")
                                .type("HEADER")
                                .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:wafregional:WebAcl
        properties:
          loggingConfiguration:
            logDestination: ${exampleAwsKinesisFirehoseDeliveryStream.arn}
            redactedFields:
              fieldToMatches:
                - type: URI
                - data: referer
                  type: HEADER
    

    Create WebAcl Resource

    new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
    @overload
    def WebAcl(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               default_action: Optional[WebAclDefaultActionArgs] = None,
               logging_configuration: Optional[WebAclLoggingConfigurationArgs] = None,
               metric_name: Optional[str] = None,
               name: Optional[str] = None,
               rules: Optional[Sequence[WebAclRuleArgs]] = None,
               tags: Optional[Mapping[str, str]] = None)
    @overload
    def WebAcl(resource_name: str,
               args: WebAclArgs,
               opts: Optional[ResourceOptions] = None)
    func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
    public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
    public WebAcl(String name, WebAclArgs args)
    public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
    
    type: aws:wafregional:WebAcl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    WebAcl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The WebAcl resource accepts the following input properties:

    DefaultAction WebAclDefaultAction
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    MetricName string
    The name or description for the Amazon CloudWatch metric of this web ACL.
    LoggingConfiguration WebAclLoggingConfiguration
    Configuration block to enable WAF logging. Detailed below.
    Name string
    The name or description of the web ACL.
    Rules List<WebAclRule>
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    Tags Dictionary<string, string>
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    DefaultAction WebAclDefaultActionArgs
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    MetricName string
    The name or description for the Amazon CloudWatch metric of this web ACL.
    LoggingConfiguration WebAclLoggingConfigurationArgs
    Configuration block to enable WAF logging. Detailed below.
    Name string
    The name or description of the web ACL.
    Rules []WebAclRuleArgs
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    Tags map[string]string
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    defaultAction WebAclDefaultAction
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    metricName String
    The name or description for the Amazon CloudWatch metric of this web ACL.
    loggingConfiguration WebAclLoggingConfiguration
    Configuration block to enable WAF logging. Detailed below.
    name String
    The name or description of the web ACL.
    rules List<WebAclRule>
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags Map<String,String>
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    defaultAction WebAclDefaultAction
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    metricName string
    The name or description for the Amazon CloudWatch metric of this web ACL.
    loggingConfiguration WebAclLoggingConfiguration
    Configuration block to enable WAF logging. Detailed below.
    name string
    The name or description of the web ACL.
    rules WebAclRule[]
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags {[key: string]: string}
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    default_action WebAclDefaultActionArgs
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    metric_name str
    The name or description for the Amazon CloudWatch metric of this web ACL.
    logging_configuration WebAclLoggingConfigurationArgs
    Configuration block to enable WAF logging. Detailed below.
    name str
    The name or description of the web ACL.
    rules Sequence[WebAclRuleArgs]
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags Mapping[str, str]
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    defaultAction Property Map
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    metricName String
    The name or description for the Amazon CloudWatch metric of this web ACL.
    loggingConfiguration Property Map
    Configuration block to enable WAF logging. Detailed below.
    name String
    The name or description of the web ACL.
    rules List<Property Map>
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags Map<String>
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Arn string
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn string
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn str
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Look up Existing WebAcl Resource

    Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            default_action: Optional[WebAclDefaultActionArgs] = None,
            logging_configuration: Optional[WebAclLoggingConfigurationArgs] = None,
            metric_name: Optional[str] = None,
            name: Optional[str] = None,
            rules: Optional[Sequence[WebAclRuleArgs]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None) -> WebAcl
    func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
    public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
    public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    DefaultAction WebAclDefaultAction
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    LoggingConfiguration WebAclLoggingConfiguration
    Configuration block to enable WAF logging. Detailed below.
    MetricName string
    The name or description for the Amazon CloudWatch metric of this web ACL.
    Name string
    The name or description of the web ACL.
    Rules List<WebAclRule>
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    Tags Dictionary<string, string>
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Arn string
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    DefaultAction WebAclDefaultActionArgs
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    LoggingConfiguration WebAclLoggingConfigurationArgs
    Configuration block to enable WAF logging. Detailed below.
    MetricName string
    The name or description for the Amazon CloudWatch metric of this web ACL.
    Name string
    The name or description of the web ACL.
    Rules []WebAclRuleArgs
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    Tags map[string]string
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    defaultAction WebAclDefaultAction
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    loggingConfiguration WebAclLoggingConfiguration
    Configuration block to enable WAF logging. Detailed below.
    metricName String
    The name or description for the Amazon CloudWatch metric of this web ACL.
    name String
    The name or description of the web ACL.
    rules List<WebAclRule>
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags Map<String,String>
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn string
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    defaultAction WebAclDefaultAction
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    loggingConfiguration WebAclLoggingConfiguration
    Configuration block to enable WAF logging. Detailed below.
    metricName string
    The name or description for the Amazon CloudWatch metric of this web ACL.
    name string
    The name or description of the web ACL.
    rules WebAclRule[]
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags {[key: string]: string}
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn str
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    default_action WebAclDefaultActionArgs
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    logging_configuration WebAclLoggingConfigurationArgs
    Configuration block to enable WAF logging. Detailed below.
    metric_name str
    The name or description for the Amazon CloudWatch metric of this web ACL.
    name str
    The name or description of the web ACL.
    rules Sequence[WebAclRuleArgs]
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags Mapping[str, str]
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    arn String
    Amazon Resource Name (ARN) of the WAF Regional WebACL.
    defaultAction Property Map
    The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
    loggingConfiguration Property Map
    Configuration block to enable WAF logging. Detailed below.
    metricName String
    The name or description for the Amazon CloudWatch metric of this web ACL.
    name String
    The name or description of the web ACL.
    rules List<Property Map>
    Set of configuration blocks containing rules for the web ACL. Detailed below.
    tags Map<String>
    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Supporting Types

    WebAclDefaultAction, WebAclDefaultActionArgs

    Type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
    Type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
    type String
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
    type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
    type str
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
    type String
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT

    WebAclLoggingConfiguration, WebAclLoggingConfigurationArgs

    LogDestination string
    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
    RedactedFields WebAclLoggingConfigurationRedactedFields
    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
    LogDestination string
    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
    RedactedFields WebAclLoggingConfigurationRedactedFields
    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
    logDestination String
    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
    redactedFields WebAclLoggingConfigurationRedactedFields
    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
    logDestination string
    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
    redactedFields WebAclLoggingConfigurationRedactedFields
    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
    log_destination str
    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
    redacted_fields WebAclLoggingConfigurationRedactedFields
    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
    logDestination String
    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
    redactedFields Property Map
    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    WebAclLoggingConfigurationRedactedFields, WebAclLoggingConfigurationRedactedFieldsArgs

    FieldToMatches List<WebAclLoggingConfigurationRedactedFieldsFieldToMatch>
    Set of configuration blocks for fields to redact. Detailed below.
    FieldToMatches []WebAclLoggingConfigurationRedactedFieldsFieldToMatch
    Set of configuration blocks for fields to redact. Detailed below.
    fieldToMatches List<WebAclLoggingConfigurationRedactedFieldsFieldToMatch>
    Set of configuration blocks for fields to redact. Detailed below.
    fieldToMatches WebAclLoggingConfigurationRedactedFieldsFieldToMatch[]
    Set of configuration blocks for fields to redact. Detailed below.
    field_to_matches Sequence[WebAclLoggingConfigurationRedactedFieldsFieldToMatch]
    Set of configuration blocks for fields to redact. Detailed below.
    fieldToMatches List<Property Map>
    Set of configuration blocks for fields to redact. Detailed below.

    WebAclLoggingConfigurationRedactedFieldsFieldToMatch, WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs

    Type string
    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
    Data string
    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
    Type string
    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
    Data string
    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
    type String
    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
    data String
    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
    type string
    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
    data string
    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
    type str
    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
    data str
    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
    type String
    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
    data String
    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    WebAclRule, WebAclRuleArgs

    Priority int
    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
    RuleId string
    ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
    Action WebAclRuleAction
    Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
    OverrideAction WebAclRuleOverrideAction
    Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
    Type string
    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
    Priority int
    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
    RuleId string
    ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
    Action WebAclRuleAction
    Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
    OverrideAction WebAclRuleOverrideAction
    Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
    Type string
    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
    priority Integer
    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
    ruleId String
    ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
    action WebAclRuleAction
    Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
    overrideAction WebAclRuleOverrideAction
    Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
    type String
    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
    priority number
    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
    ruleId string
    ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
    action WebAclRuleAction
    Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
    overrideAction WebAclRuleOverrideAction
    Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
    type string
    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
    priority int
    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
    rule_id str
    ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
    action WebAclRuleAction
    Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
    override_action WebAclRuleOverrideAction
    Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
    type str
    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
    priority Number
    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
    ruleId String
    ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
    action Property Map
    Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
    overrideAction Property Map
    Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
    type String
    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    WebAclRuleAction, WebAclRuleActionArgs

    Type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    Type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type String
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type str
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type String
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.

    WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs

    Type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    Type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type String
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type string
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type str
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
    type String
    Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.

    Import

    Using pulumi import, import WAF Regional Web ACL using the id. For example:

    $ pulumi import aws:wafregional/webAcl:WebAcl wafacl a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi