Module waf

@pulumi/aws > waf

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class ByteMatchSet

extends CustomResource

Provides a WAF Byte Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byteSet = new aws.waf.ByteMatchSet("byteSet", {
    byteMatchTuples: [{
        fieldToMatch: {
            data: "referer",
            type: "HEADER",
        },
        positionalConstraint: "CONTAINS",
        targetString: "badrefer1",
        textTransformation: "NONE",
    }],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_byte_match_set.html.markdown.

constructor

new ByteMatchSet(name: string, args?: ByteMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ByteMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ByteMatchSetState, opts?: pulumi.CustomResourceOptions): ByteMatchSet

Get an existing ByteMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ByteMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property byteMatchTuples

public byteMatchTuples: pulumi.Output<{
    fieldToMatch: {
        data: undefined | string;
        type: string;
    };
    positionalConstraint: string;
    targetString: undefined | string;
    textTransformation: string;
}[] | undefined>;

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Byte Match Set.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class GeoMatchSet

extends CustomResource

Provides a WAF Geo Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const geoMatchSet = new aws.waf.GeoMatchSet("geoMatchSet", {
    geoMatchConstraints: [
        {
            type: "Country",
            value: "US",
        },
        {
            type: "Country",
            value: "CA",
        },
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_geo_match_set.html.markdown.

constructor

new GeoMatchSet(name: string, args?: GeoMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a GeoMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GeoMatchSetState, opts?: pulumi.CustomResourceOptions): GeoMatchSet

Get an existing GeoMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of GeoMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property geoMatchConstraints

public geoMatchConstraints: pulumi.Output<{
    type: string;
    value: string;
}[] | undefined>;

The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the GeoMatchSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IpSet

extends CustomResource

Provides a WAF IPSet Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [
        {
            type: "IPV4",
            value: "192.0.7.0/24",
        },
        {
            type: "IPV4",
            value: "10.16.16.0/16",
        },
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_ipset.html.markdown.

constructor

new IpSet(name: string, args?: IpSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IpSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IpSetState, opts?: pulumi.CustomResourceOptions): IpSet

Get an existing IpSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of IpSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the WAF IPSet.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipSetDescriptors

public ipSetDescriptors: pulumi.Output<{
    type: string;
    value: string;
}[] | undefined>;

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.

property name

public name: pulumi.Output<string>;

The name or description of the IPSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RateBasedRule

extends CustomResource

Provides a WAF Rate Based Rule Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.RateBasedRule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
    rateKey: "IP",
    rateLimit: 2000,
}, {dependsOn: [ipset]});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_rate_based_rule.html.markdown.

constructor

new RateBasedRule(name: string, args: RateBasedRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a RateBasedRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RateBasedRuleState, opts?: pulumi.CustomResourceOptions): RateBasedRule

Get an existing RateBasedRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RateBasedRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metricName

public metricName: pulumi.Output<string>;

The name or description for the Amazon CloudWatch metric of this rule.

property name

public name: pulumi.Output<string>;

The name or description of the rule.

property predicates

public predicates: pulumi.Output<{
    dataId: string;
    negated: boolean;
    type: string;
}[] | undefined>;

The objects to include in a rule (documented below).

property rateKey

public rateKey: pulumi.Output<string>;

Valid value is IP.

property rateLimit

public rateLimit: pulumi.Output<number>;

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 2000.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RegexMatchSet

extends CustomResource

Provides a WAF Regex Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRegexPatternSet = new aws.waf.RegexPatternSet("example", {
    regexPatternStrings: [
        "one",
        "two",
    ],
});
const exampleRegexMatchSet = new aws.waf.RegexMatchSet("example", {
    regexMatchTuples: [{
        fieldToMatch: {
            data: "User-Agent",
            type: "HEADER",
        },
        regexPatternSetId: exampleRegexPatternSet.id,
        textTransformation: "NONE",
    }],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_regex_match_set.html.markdown.

constructor

new RegexMatchSet(name: string, args?: RegexMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a RegexMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegexMatchSetState, opts?: pulumi.CustomResourceOptions): RegexMatchSet

Get an existing RegexMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RegexMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Regex Match Set.

property regexMatchTuples

public regexMatchTuples: pulumi.Output<{
    fieldToMatch: {
        data: undefined | string;
        type: string;
    };
    regexPatternSetId: string;
    textTransformation: string;
}[] | undefined>;

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RegexPatternSet

extends CustomResource

Provides a WAF Regex Pattern Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.waf.RegexPatternSet("example", {
    regexPatternStrings: [
        "one",
        "two",
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_regex_pattern_set.html.markdown.

constructor

new RegexPatternSet(name: string, args?: RegexPatternSetArgs, opts?: pulumi.CustomResourceOptions)

Create a RegexPatternSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegexPatternSetState, opts?: pulumi.CustomResourceOptions): RegexPatternSet

Get an existing RegexPatternSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RegexPatternSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Regex Pattern Set.

property regexPatternStrings

public regexPatternStrings: pulumi.Output<string[] | undefined>;

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Rule

extends CustomResource

Provides a WAF Rule Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.Rule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
}, {dependsOn: [ipset]});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_rule.html.markdown.

constructor

new Rule(name: string, args: RuleArgs, opts?: pulumi.CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleState, opts?: pulumi.CustomResourceOptions): Rule

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Rule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metricName

public metricName: pulumi.Output<string>;

The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can’t contain whitespace.

property name

public name: pulumi.Output<string>;

The name or description of the rule.

property predicates

public predicates: pulumi.Output<{
    dataId: string;
    negated: boolean;
    type: string;
}[] | undefined>;

The objects to include in a rule (documented below).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RuleGroup

extends CustomResource

Provides a WAF Rule Group Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRule = new aws.waf.Rule("example", {
    metricName: "example",
});
const exampleRuleGroup = new aws.waf.RuleGroup("example", {
    activatedRules: [{
        action: {
            type: "COUNT",
        },
        priority: 50,
        ruleId: exampleRule.id,
    }],
    metricName: "example",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_rule_group.html.markdown.

constructor

new RuleGroup(name: string, args: RuleGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a RuleGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleGroupState, opts?: pulumi.CustomResourceOptions): RuleGroup

Get an existing RuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RuleGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activatedRules

public activatedRules: pulumi.Output<{
    action: {
        type: string;
    };
    priority: number;
    ruleId: string;
    type: undefined | string;
}[] | undefined>;

A list of activated rules, see below

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metricName

public metricName: pulumi.Output<string>;

A friendly name for the metrics from the rule group

property name

public name: pulumi.Output<string>;

A friendly name of the rule group

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class SizeConstraintSet

extends CustomResource

Provides a WAF Size Constraint Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const sizeConstraintSet = new aws.waf.SizeConstraintSet("sizeConstraintSet", {
    sizeConstraints: [{
        comparisonOperator: "EQ",
        fieldToMatch: {
            type: "BODY",
        },
        size: 4096,
        textTransformation: "NONE",
    }],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_size_constraint_set.html.markdown.

constructor

new SizeConstraintSet(name: string, args?: SizeConstraintSetArgs, opts?: pulumi.CustomResourceOptions)

Create a SizeConstraintSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SizeConstraintSetState, opts?: pulumi.CustomResourceOptions): SizeConstraintSet

Get an existing SizeConstraintSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of SizeConstraintSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Size Constraint Set.

property sizeConstraints

public sizeConstraints: pulumi.Output<{
    comparisonOperator: string;
    fieldToMatch: {
        data: undefined | string;
        type: string;
    };
    size: number;
    textTransformation: string;
}[] | undefined>;

Specifies the parts of web requests that you want to inspect the size of.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class SqlInjectionMatchSet

extends CustomResource

Provides a WAF SQL Injection Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const sqlInjectionMatchSet = new aws.waf.SqlInjectionMatchSet("sqlInjectionMatchSet", {
    sqlInjectionMatchTuples: [{
        fieldToMatch: {
            type: "QUERY_STRING",
        },
        textTransformation: "URL_DECODE",
    }],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_sql_injection_match_set.html.markdown.

constructor

new SqlInjectionMatchSet(name: string, args?: SqlInjectionMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a SqlInjectionMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SqlInjectionMatchSetState, opts?: pulumi.CustomResourceOptions): SqlInjectionMatchSet

Get an existing SqlInjectionMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of SqlInjectionMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the SQL Injection Match Set.

property sqlInjectionMatchTuples

public sqlInjectionMatchTuples: pulumi.Output<{
    fieldToMatch: {
        data: undefined | string;
        type: string;
    };
    textTransformation: string;
}[] | undefined>;

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class WebAcl

extends CustomResource

Provides a WAF Web ACL Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.Rule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
}, {dependsOn: [ipset]});
const wafAcl = new aws.waf.WebAcl("wafAcl", {
    defaultAction: {
        type: "ALLOW",
    },
    metricName: "tfWebACL",
    rules: [{
        action: {
            type: "BLOCK",
        },
        priority: 1,
        ruleId: wafrule.id,
        type: "REGULAR",
    }],
}, {dependsOn: [ipset, wafrule]});

Logging

NOTE: The Kinesis Firehose Delivery Stream name must begin with aws-waf-logs- and be located in us-east-1 region. See the AWS WAF Developer Guide for more information about enabling WAF logging.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.waf.WebAcl("example", {
    // ... other configuration ...
    loggingConfiguration: {
        logDestination: aws_kinesis_firehose_delivery_stream_example.arn,
        redactedFields: {
            fieldToMatches: [
                {
                    type: "URI",
                },
                {
                    data: "referer",
                    type: "HEADER",
                },
            ],
        },
    },
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_web_acl.html.markdown.

constructor

new WebAcl(name: string, args: WebAclArgs, opts?: pulumi.CustomResourceOptions)

Create a WebAcl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebAclState, opts?: pulumi.CustomResourceOptions): WebAcl

Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of WebAcl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

property defaultAction

public defaultAction: pulumi.Output<{
    type: string;
}>;

Configuration block with action that you want AWS WAF to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL. Detailed below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property loggingConfiguration

public loggingConfiguration: pulumi.Output<{
    logDestination: string;
    redactedFields: undefined | {
        fieldToMatches: {
            data: undefined | string;
            type: string;
        }[];
    };
} | undefined>;

Configuration block to enable WAF logging. Detailed below.

property metricName

public metricName: pulumi.Output<string>;

The name or description for the Amazon CloudWatch metric of this web ACL.

property name

public name: pulumi.Output<string>;

The name or description of the web ACL.

property rules

public rules: pulumi.Output<{
    action: undefined | {
        type: string;
    };
    overrideAction: undefined | {
        type: string;
    };
    priority: number;
    ruleId: string;
    type: undefined | string;
}[] | undefined>;

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class XssMatchSet

extends CustomResource

Provides a WAF XSS Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const xssMatchSet = new aws.waf.XssMatchSet("xssMatchSet", {
    xssMatchTuples: [
        {
            fieldToMatch: {
                type: "URI",
            },
            textTransformation: "NONE",
        },
        {
            fieldToMatch: {
                type: "QUERY_STRING",
            },
            textTransformation: "NONE",
        },
    ],
});

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/waf_xss_match_set.html.markdown.

constructor

new XssMatchSet(name: string, args?: XssMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a XssMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: XssMatchSetState, opts?: pulumi.CustomResourceOptions): XssMatchSet

Get an existing XssMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of XssMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the SizeConstraintSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property xssMatchTuples

public xssMatchTuples: pulumi.Output<{
    fieldToMatch: {
        data: undefined | string;
        type: string;
    };
    textTransformation: string;
}[] | undefined>;

The parts of web requests that you want to inspect for cross-site scripting attacks.

function getIpset

getIpset(args: GetIpsetArgs, opts?: pulumi.InvokeOptions): Promise<GetIpsetResult> & GetIpsetResult

aws.waf.IpSet Retrieves a WAF IP Set Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getIpset({
    name: "tfWAFIPSet",
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/waf_ipset.html.markdown.

function getRule

getRule(args: GetRuleArgs, opts?: pulumi.InvokeOptions): Promise<GetRuleResult> & GetRuleResult

aws.waf.Rule Retrieves a WAF Rule Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getRule({
    name: "tfWAFRule",
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/waf_rule.html.markdown.

function getWebAcl

getWebAcl(args: GetWebAclArgs, opts?: pulumi.InvokeOptions): Promise<GetWebAclResult> & GetWebAclResult

aws.waf.Rule Retrieves a WAF Web ACL Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getWebAcl({
    name: "tfWAFRule",
}));

This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/waf_web_acl.html.markdown.

interface ByteMatchSetArgs

The set of arguments for constructing a ByteMatchSet resource.

property byteMatchTuples

byteMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    positionalConstraint: pulumi.Input<string>;
    targetString: pulumi.Input<string>;
    textTransformation: pulumi.Input<string>;
}>[]>;

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

property name

name?: pulumi.Input<string>;

The name or description of the Byte Match Set.

interface ByteMatchSetState

Input properties used for looking up and filtering ByteMatchSet resources.

property byteMatchTuples

byteMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    positionalConstraint: pulumi.Input<string>;
    targetString: pulumi.Input<string>;
    textTransformation: pulumi.Input<string>;
}>[]>;

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

property name

name?: pulumi.Input<string>;

The name or description of the Byte Match Set.

interface GeoMatchSetArgs

The set of arguments for constructing a GeoMatchSet resource.

property geoMatchConstraints

geoMatchConstraints?: pulumi.Input<pulumi.Input<{
    type: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.

property name

name?: pulumi.Input<string>;

The name or description of the GeoMatchSet.

interface GeoMatchSetState

Input properties used for looking up and filtering GeoMatchSet resources.

property geoMatchConstraints

geoMatchConstraints?: pulumi.Input<pulumi.Input<{
    type: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.

property name

name?: pulumi.Input<string>;

The name or description of the GeoMatchSet.

interface GetIpsetArgs

A collection of arguments for invoking getIpset.

property name

name: string;

The name of the WAF IP set.

interface GetIpsetResult

A collection of values returned by getIpset.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

interface GetRuleArgs

A collection of arguments for invoking getRule.

property name

name: string;

The name of the WAF rule.

interface GetRuleResult

A collection of values returned by getRule.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

interface GetWebAclArgs

A collection of arguments for invoking getWebAcl.

property name

name: string;

The name of the WAF Web ACL.

interface GetWebAclResult

A collection of values returned by getWebAcl.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

interface IpSetArgs

The set of arguments for constructing a IpSet resource.

property ipSetDescriptors

ipSetDescriptors?: pulumi.Input<pulumi.Input<{
    type: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.

property name

name?: pulumi.Input<string>;

The name or description of the IPSet.

interface IpSetState

Input properties used for looking up and filtering IpSet resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the WAF IPSet.

property ipSetDescriptors

ipSetDescriptors?: pulumi.Input<pulumi.Input<{
    type: pulumi.Input<string>;
    value: pulumi.Input<string>;
}>[]>;

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.

property name

name?: pulumi.Input<string>;

The name or description of the IPSet.

interface RateBasedRuleArgs

The set of arguments for constructing a RateBasedRule resource.

property metricName

metricName: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<{
    dataId: pulumi.Input<string>;
    negated: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>[]>;

The objects to include in a rule (documented below).

property rateKey

rateKey: pulumi.Input<string>;

Valid value is IP.

property rateLimit

rateLimit: pulumi.Input<number>;

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 2000.

interface RateBasedRuleState

Input properties used for looking up and filtering RateBasedRule resources.

property metricName

metricName?: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<{
    dataId: pulumi.Input<string>;
    negated: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>[]>;

The objects to include in a rule (documented below).

property rateKey

rateKey?: pulumi.Input<string>;

Valid value is IP.

property rateLimit

rateLimit?: pulumi.Input<number>;

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 2000.

interface RegexMatchSetArgs

The set of arguments for constructing a RegexMatchSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the Regex Match Set.

property regexMatchTuples

regexMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    regexPatternSetId: pulumi.Input<string>;
    textTransformation: pulumi.Input<string>;
}>[]>;

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

interface RegexMatchSetState

Input properties used for looking up and filtering RegexMatchSet resources.

property name

name?: pulumi.Input<string>;

The name or description of the Regex Match Set.

property regexMatchTuples

regexMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    regexPatternSetId: pulumi.Input<string>;
    textTransformation: pulumi.Input<string>;
}>[]>;

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

interface RegexPatternSetArgs

The set of arguments for constructing a RegexPatternSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the Regex Pattern Set.

property regexPatternStrings

regexPatternStrings?: pulumi.Input<pulumi.Input<string>[]>;

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

interface RegexPatternSetState

Input properties used for looking up and filtering RegexPatternSet resources.

property name

name?: pulumi.Input<string>;

The name or description of the Regex Pattern Set.

property regexPatternStrings

regexPatternStrings?: pulumi.Input<pulumi.Input<string>[]>;

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

interface RuleArgs

The set of arguments for constructing a Rule resource.

property metricName

metricName: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can’t contain whitespace.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<{
    dataId: pulumi.Input<string>;
    negated: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>[]>;

The objects to include in a rule (documented below).

interface RuleGroupArgs

The set of arguments for constructing a RuleGroup resource.

property activatedRules

activatedRules?: pulumi.Input<pulumi.Input<{
    action: pulumi.Input<{
        type: pulumi.Input<string>;
    }>;
    priority: pulumi.Input<number>;
    ruleId: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

A list of activated rules, see below

property metricName

metricName: pulumi.Input<string>;

A friendly name for the metrics from the rule group

property name

name?: pulumi.Input<string>;

A friendly name of the rule group

interface RuleGroupState

Input properties used for looking up and filtering RuleGroup resources.

property activatedRules

activatedRules?: pulumi.Input<pulumi.Input<{
    action: pulumi.Input<{
        type: pulumi.Input<string>;
    }>;
    priority: pulumi.Input<number>;
    ruleId: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

A list of activated rules, see below

property metricName

metricName?: pulumi.Input<string>;

A friendly name for the metrics from the rule group

property name

name?: pulumi.Input<string>;

A friendly name of the rule group

interface RuleState

Input properties used for looking up and filtering Rule resources.

property metricName

metricName?: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can’t contain whitespace.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<{
    dataId: pulumi.Input<string>;
    negated: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>[]>;

The objects to include in a rule (documented below).

interface SizeConstraintSetArgs

The set of arguments for constructing a SizeConstraintSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the Size Constraint Set.

property sizeConstraints

sizeConstraints?: pulumi.Input<pulumi.Input<{
    comparisonOperator: pulumi.Input<string>;
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    size: pulumi.Input<number>;
    textTransformation: pulumi.Input<string>;
}>[]>;

Specifies the parts of web requests that you want to inspect the size of.

interface SizeConstraintSetState

Input properties used for looking up and filtering SizeConstraintSet resources.

property name

name?: pulumi.Input<string>;

The name or description of the Size Constraint Set.

property sizeConstraints

sizeConstraints?: pulumi.Input<pulumi.Input<{
    comparisonOperator: pulumi.Input<string>;
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    size: pulumi.Input<number>;
    textTransformation: pulumi.Input<string>;
}>[]>;

Specifies the parts of web requests that you want to inspect the size of.

interface SqlInjectionMatchSetArgs

The set of arguments for constructing a SqlInjectionMatchSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the SQL Injection Match Set.

property sqlInjectionMatchTuples

sqlInjectionMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    textTransformation: pulumi.Input<string>;
}>[]>;

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

interface SqlInjectionMatchSetState

Input properties used for looking up and filtering SqlInjectionMatchSet resources.

property name

name?: pulumi.Input<string>;

The name or description of the SQL Injection Match Set.

property sqlInjectionMatchTuples

sqlInjectionMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    textTransformation: pulumi.Input<string>;
}>[]>;

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

interface WebAclArgs

The set of arguments for constructing a WebAcl resource.

property defaultAction

defaultAction: pulumi.Input<{
    type: pulumi.Input<string>;
}>;

Configuration block with action that you want AWS WAF to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL. Detailed below.

property loggingConfiguration

loggingConfiguration?: pulumi.Input<{
    logDestination: pulumi.Input<string>;
    redactedFields: pulumi.Input<{
        fieldToMatches: pulumi.Input<pulumi.Input<{
            data: pulumi.Input<string>;
            type: pulumi.Input<string>;
        }>[]>;
    }>;
}>;

Configuration block to enable WAF logging. Detailed below.

property metricName

metricName: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this web ACL.

property name

name?: pulumi.Input<string>;

The name or description of the web ACL.

property rules

rules?: pulumi.Input<pulumi.Input<{
    action: pulumi.Input<{
        type: pulumi.Input<string>;
    }>;
    overrideAction: pulumi.Input<{
        type: pulumi.Input<string>;
    }>;
    priority: pulumi.Input<number>;
    ruleId: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

interface WebAclState

Input properties used for looking up and filtering WebAcl resources.

property arn

property defaultAction

defaultAction?: pulumi.Input<{
    type: pulumi.Input<string>;
}>;

Configuration block with action that you want AWS WAF to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL. Detailed below.

property loggingConfiguration

loggingConfiguration?: pulumi.Input<{
    logDestination: pulumi.Input<string>;
    redactedFields: pulumi.Input<{
        fieldToMatches: pulumi.Input<pulumi.Input<{
            data: pulumi.Input<string>;
            type: pulumi.Input<string>;
        }>[]>;
    }>;
}>;

Configuration block to enable WAF logging. Detailed below.

property metricName

metricName?: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this web ACL.

property name

name?: pulumi.Input<string>;

The name or description of the web ACL.

property rules

rules?: pulumi.Input<pulumi.Input<{
    action: pulumi.Input<{
        type: pulumi.Input<string>;
    }>;
    overrideAction: pulumi.Input<{
        type: pulumi.Input<string>;
    }>;
    priority: pulumi.Input<number>;
    ruleId: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

interface XssMatchSetArgs

The set of arguments for constructing a XssMatchSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the SizeConstraintSet.

property xssMatchTuples

xssMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    textTransformation: pulumi.Input<string>;
}>[]>;

The parts of web requests that you want to inspect for cross-site scripting attacks.

interface XssMatchSetState

Input properties used for looking up and filtering XssMatchSet resources.

property name

name?: pulumi.Input<string>;

The name or description of the SizeConstraintSet.

property xssMatchTuples

xssMatchTuples?: pulumi.Input<pulumi.Input<{
    fieldToMatch: pulumi.Input<{
        data: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>;
    textTransformation: pulumi.Input<string>;
}>[]>;

The parts of web requests that you want to inspect for cross-site scripting attacks.