RuleGroup

Contains the Rules that identify the requests that you want to allow, block, or count. In a RuleGroup, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a RuleGroup, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the RuleGroup with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a RuleGroup, a request needs to match only one of the specifications to be allowed, blocked, or counted.

Create a RuleGroup Resource

new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);
@overload
def RuleGroup(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              capacity: Optional[int] = None,
              custom_response_bodies: Optional[RuleGroupCustomResponseBodiesArgs] = None,
              description: Optional[str] = None,
              name: Optional[str] = None,
              rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
              scope: Optional[RuleGroupScope] = None,
              tags: Optional[Sequence[RuleGroupTagArgs]] = None,
              visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None)
@overload
def RuleGroup(resource_name: str,
              args: RuleGroupArgs,
              opts: Optional[ResourceOptions] = None)
func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)
public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

RuleGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RuleGroup resource accepts the following input properties:

Outputs

All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:

Arn string
AvailableLabels List<Pulumi.AwsNative.WAFv2.Outputs.RuleGroupLabelSummary>
Collection of Available Labels.
ConsumedLabels List<Pulumi.AwsNative.WAFv2.Outputs.RuleGroupLabelSummary>
Collection of Consumed Labels.
Id string
The provider-assigned unique ID for this managed resource.
LabelNamespace string
Arn string
AvailableLabels []RuleGroupLabelSummary
Collection of Available Labels.
ConsumedLabels []RuleGroupLabelSummary
Collection of Consumed Labels.
Id string
The provider-assigned unique ID for this managed resource.
LabelNamespace string
arn string
availableLabels RuleGroupLabelSummary[]
Collection of Available Labels.
consumedLabels RuleGroupLabelSummary[]
Collection of Consumed Labels.
id string
The provider-assigned unique ID for this managed resource.
labelNamespace string
arn str
available_labels Sequence[RuleGroupLabelSummary]
Collection of Available Labels.
consumed_labels Sequence[RuleGroupLabelSummary]
Collection of Consumed Labels.
id str
The provider-assigned unique ID for this managed resource.
label_namespace str

Supporting Types

RuleGroupAndStatement

RuleGroupBodyParsingFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
EvaluateAsString
EVALUATE_AS_STRING
RuleGroupBodyParsingFallbackBehaviorMatch
MATCH
RuleGroupBodyParsingFallbackBehaviorNoMatch
NO_MATCH
RuleGroupBodyParsingFallbackBehaviorEvaluateAsString
EVALUATE_AS_STRING
Match
MATCH
NoMatch
NO_MATCH
EvaluateAsString
EVALUATE_AS_STRING
MATCH
MATCH
NO_MATCH
NO_MATCH
EVALUATE_AS_STRING
EVALUATE_AS_STRING

RuleGroupByteMatchStatement

RuleGroupCaptchaConfig

RuleGroupCustomHTTPHeader

Name string
Value string
Name string
Value string
name string
value string
name str
value str

RuleGroupCustomRequestHandling

InsertHeaders []RuleGroupCustomHTTPHeader
Collection of HTTP headers.
insertHeaders RuleGroupCustomHTTPHeader[]
Collection of HTTP headers.

RuleGroupCustomResponse

ResponseCode int
CustomResponseBodyKey string
Custom response body key.
ResponseHeaders []RuleGroupCustomHTTPHeader
Collection of HTTP headers.
responseCode number
customResponseBodyKey string
Custom response body key.
responseHeaders RuleGroupCustomHTTPHeader[]
Collection of HTTP headers.
response_code int
custom_response_body_key str
Custom response body key.
response_headers Sequence[RuleGroupCustomHTTPHeader]
Collection of HTTP headers.

RuleGroupFieldToMatch

AllQueryArguments object
All query arguments of a web request.
Body object
The body of a web request. This immediately follows the request headers.
JsonBody Pulumi.AwsNative.WAFv2.Inputs.RuleGroupJsonBody
Method object
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
QueryString object
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
SingleHeader Pulumi.AwsNative.WAFv2.Inputs.RuleGroupFieldToMatchSingleHeaderProperties
SingleQueryArgument Pulumi.AwsNative.WAFv2.Inputs.RuleGroupFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
UriPath object
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
AllQueryArguments interface{}
All query arguments of a web request.
Body interface{}
The body of a web request. This immediately follows the request headers.
JsonBody RuleGroupJsonBody
Method interface{}
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
QueryString interface{}
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
SingleHeader RuleGroupFieldToMatchSingleHeaderProperties
SingleQueryArgument RuleGroupFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
UriPath interface{}
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
allQueryArguments any
All query arguments of a web request.
body any
The body of a web request. This immediately follows the request headers.
jsonBody RuleGroupJsonBody
method any
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
queryString any
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
singleHeader RuleGroupFieldToMatchSingleHeaderProperties
singleQueryArgument RuleGroupFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
uriPath any
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
all_query_arguments Any
All query arguments of a web request.
body Any
The body of a web request. This immediately follows the request headers.
json_body RuleGroupJsonBody
method Any
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
query_string Any
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
single_header RuleGroupFieldToMatchSingleHeaderProperties
single_query_argument RuleGroupFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
uri_path Any
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupFieldToMatchSingleHeaderProperties

Name string
Name string
name string
name str

RuleGroupFieldToMatchSingleQueryArgumentProperties

Name string
Name string
name string
name str

RuleGroupForwardedIPConfiguration

RuleGroupForwardedIPConfigurationFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
RuleGroupForwardedIPConfigurationFallbackBehaviorMatch
MATCH
RuleGroupForwardedIPConfigurationFallbackBehaviorNoMatch
NO_MATCH
Match
MATCH
NoMatch
NO_MATCH
MATCH
MATCH
NO_MATCH
NO_MATCH

RuleGroupGeoMatchStatement

RuleGroupIPSetForwardedIPConfiguration

RuleGroupIPSetForwardedIPConfigurationFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
RuleGroupIPSetForwardedIPConfigurationFallbackBehaviorMatch
MATCH
RuleGroupIPSetForwardedIPConfigurationFallbackBehaviorNoMatch
NO_MATCH
Match
MATCH
NoMatch
NO_MATCH
MATCH
MATCH
NO_MATCH
NO_MATCH

RuleGroupIPSetForwardedIPConfigurationPosition

First
FIRST
Last
LAST
Any
ANY
RuleGroupIPSetForwardedIPConfigurationPositionFirst
FIRST
RuleGroupIPSetForwardedIPConfigurationPositionLast
LAST
RuleGroupIPSetForwardedIPConfigurationPositionAny
ANY
First
FIRST
Last
LAST
Any
ANY
FIRST
FIRST
LAST
LAST
ANY
ANY

RuleGroupIPSetReferenceStatement

RuleGroupImmunityTimeProperty

immunityTime number

RuleGroupJsonBody

RuleGroupJsonMatchPattern

All object
Inspect all parts of the web request’s JSON body.
IncludedPaths List<string>
All interface{}
Inspect all parts of the web request’s JSON body.
IncludedPaths []string
all any
Inspect all parts of the web request’s JSON body.
includedPaths string[]
all Any
Inspect all parts of the web request’s JSON body.
included_paths Sequence[str]

RuleGroupJsonMatchScope

All
ALL
Key
KEY
Value
VALUE
RuleGroupJsonMatchScopeAll
ALL
RuleGroupJsonMatchScopeKey
KEY
RuleGroupJsonMatchScopeValue
VALUE
All
ALL
Key
KEY
Value
VALUE
ALL
ALL
KEY
KEY
VALUE
VALUE

RuleGroupLabel

Name string
Name string
name string
name str

RuleGroupLabelMatchScope

Label
LABEL
Namespace
NAMESPACE
RuleGroupLabelMatchScopeLabel
LABEL
RuleGroupLabelMatchScopeNamespace
NAMESPACE
Label
LABEL
Namespace
NAMESPACE
LABEL
LABEL
NAMESPACE
NAMESPACE

RuleGroupLabelMatchStatement

RuleGroupLabelSummary

Name string
Name string
name string
name str

RuleGroupNotStatement

RuleGroupOrStatement

RuleGroupPositionalConstraint

Exactly
EXACTLY
StartsWith
STARTS_WITH
EndsWith
ENDS_WITH
Contains
CONTAINS
ContainsWord
CONTAINS_WORD
RuleGroupPositionalConstraintExactly
EXACTLY
RuleGroupPositionalConstraintStartsWith
STARTS_WITH
RuleGroupPositionalConstraintEndsWith
ENDS_WITH
RuleGroupPositionalConstraintContains
CONTAINS
RuleGroupPositionalConstraintContainsWord
CONTAINS_WORD
Exactly
EXACTLY
StartsWith
STARTS_WITH
EndsWith
ENDS_WITH
Contains
CONTAINS
ContainsWord
CONTAINS_WORD
EXACTLY
EXACTLY
STARTS_WITH
STARTS_WITH
ENDS_WITH
ENDS_WITH
CONTAINS
CONTAINS
CONTAINS_WORD
CONTAINS_WORD

RuleGroupRateBasedStatement

RuleGroupRateBasedStatementAggregateKeyType

Ip
IP
ForwardedIp
FORWARDED_IP
RuleGroupRateBasedStatementAggregateKeyTypeIp
IP
RuleGroupRateBasedStatementAggregateKeyTypeForwardedIp
FORWARDED_IP
Ip
IP
ForwardedIp
FORWARDED_IP
IP
IP
FORWARDED_IP
FORWARDED_IP

RuleGroupRegexMatchStatement

RuleGroupRegexPatternSetReferenceStatement

RuleGroupRule

RuleGroupRuleAction

Allow RuleGroupRuleActionAllowProperties
Allow traffic towards application.
Block RuleGroupRuleActionBlockProperties
Block traffic towards application.
Captcha RuleGroupRuleActionCaptchaProperties
Checks valid token exists with request.
Count RuleGroupRuleActionCountProperties
Count traffic towards application.
allow RuleGroupRuleActionAllowProperties
Allow traffic towards application.
block RuleGroupRuleActionBlockProperties
Block traffic towards application.
captcha RuleGroupRuleActionCaptchaProperties
Checks valid token exists with request.
count RuleGroupRuleActionCountProperties
Count traffic towards application.
allow RuleGroupRuleActionAllowProperties
Allow traffic towards application.
block RuleGroupRuleActionBlockProperties
Block traffic towards application.
captcha RuleGroupRuleActionCaptchaProperties
Checks valid token exists with request.
count RuleGroupRuleActionCountProperties
Count traffic towards application.

RuleGroupRuleActionAllowProperties

RuleGroupRuleActionBlockProperties

RuleGroupRuleActionCaptchaProperties

RuleGroupRuleActionCountProperties

RuleGroupScope

Cloudfront
CLOUDFRONT
Regional
REGIONAL
RuleGroupScopeCloudfront
CLOUDFRONT
RuleGroupScopeRegional
REGIONAL
Cloudfront
CLOUDFRONT
Regional
REGIONAL
CLOUDFRONT
CLOUDFRONT
REGIONAL
REGIONAL

RuleGroupSizeConstraintStatement

RuleGroupSizeConstraintStatementComparisonOperator

Eq
EQ
Ne
NE
Le
LE
Lt
LT
Ge
GE
Gt
GT
RuleGroupSizeConstraintStatementComparisonOperatorEq
EQ
RuleGroupSizeConstraintStatementComparisonOperatorNe
NE
RuleGroupSizeConstraintStatementComparisonOperatorLe
LE
RuleGroupSizeConstraintStatementComparisonOperatorLt
LT
RuleGroupSizeConstraintStatementComparisonOperatorGe
GE
RuleGroupSizeConstraintStatementComparisonOperatorGt
GT
Eq
EQ
Ne
NE
Le
LE
Lt
LT
Ge
GE
Gt
GT
EQ
EQ
NE
NE
LE
LE
LT
LT
GE
GE
GT
GT

RuleGroupSqliMatchStatement

RuleGroupStatement

AndStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupAndStatement
ByteMatchStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupByteMatchStatement
GeoMatchStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupGeoMatchStatement
IPSetReferenceStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupIPSetReferenceStatement
LabelMatchStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupLabelMatchStatement
NotStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupNotStatement
OrStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupOrStatement
RateBasedStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupRateBasedStatement
RegexMatchStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupRegexMatchStatement
RegexPatternSetReferenceStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupRegexPatternSetReferenceStatement
SizeConstraintStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupSizeConstraintStatement
SqliMatchStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupSqliMatchStatement
XssMatchStatement Pulumi.AwsNative.WAFv2.Inputs.RuleGroupXssMatchStatement

RuleGroupTag

Key string
Value string
Key string
Value string
key string
value string
key str
value str

RuleGroupTextTransformation

RuleGroupTextTransformationType

None
NONE
CompressWhiteSpace
COMPRESS_WHITE_SPACE
HtmlEntityDecode
HTML_ENTITY_DECODE
Lowercase
LOWERCASE
CmdLine
CMD_LINE
UrlDecode
URL_DECODE
Base64Decode
BASE64_DECODE
HexDecode
HEX_DECODE
Md5
MD5
ReplaceComments
REPLACE_COMMENTS
EscapeSeqDecode
ESCAPE_SEQ_DECODE
SqlHexDecode
SQL_HEX_DECODE
CssDecode
CSS_DECODE
JsDecode
JS_DECODE
NormalizePath
NORMALIZE_PATH
NormalizePathWin
NORMALIZE_PATH_WIN
RemoveNulls
REMOVE_NULLS
ReplaceNulls
REPLACE_NULLS
Base64DecodeExt
BASE64_DECODE_EXT
UrlDecodeUni
URL_DECODE_UNI
Utf8ToUnicode
UTF8_TO_UNICODE
RuleGroupTextTransformationTypeNone
NONE
RuleGroupTextTransformationTypeCompressWhiteSpace
COMPRESS_WHITE_SPACE
RuleGroupTextTransformationTypeHtmlEntityDecode
HTML_ENTITY_DECODE
RuleGroupTextTransformationTypeLowercase
LOWERCASE
RuleGroupTextTransformationTypeCmdLine
CMD_LINE
RuleGroupTextTransformationTypeUrlDecode
URL_DECODE
RuleGroupTextTransformationTypeBase64Decode
BASE64_DECODE
RuleGroupTextTransformationTypeHexDecode
HEX_DECODE
RuleGroupTextTransformationTypeMd5
MD5
RuleGroupTextTransformationTypeReplaceComments
REPLACE_COMMENTS
RuleGroupTextTransformationTypeEscapeSeqDecode
ESCAPE_SEQ_DECODE
RuleGroupTextTransformationTypeSqlHexDecode
SQL_HEX_DECODE
RuleGroupTextTransformationTypeCssDecode
CSS_DECODE
RuleGroupTextTransformationTypeJsDecode
JS_DECODE
RuleGroupTextTransformationTypeNormalizePath
NORMALIZE_PATH
RuleGroupTextTransformationTypeNormalizePathWin
NORMALIZE_PATH_WIN
RuleGroupTextTransformationTypeRemoveNulls
REMOVE_NULLS
RuleGroupTextTransformationTypeReplaceNulls
REPLACE_NULLS
RuleGroupTextTransformationTypeBase64DecodeExt
BASE64_DECODE_EXT
RuleGroupTextTransformationTypeUrlDecodeUni
URL_DECODE_UNI
RuleGroupTextTransformationTypeUtf8ToUnicode
UTF8_TO_UNICODE
None
NONE
CompressWhiteSpace
COMPRESS_WHITE_SPACE
HtmlEntityDecode
HTML_ENTITY_DECODE
Lowercase
LOWERCASE
CmdLine
CMD_LINE
UrlDecode
URL_DECODE
Base64Decode
BASE64_DECODE
HexDecode
HEX_DECODE
Md5
MD5
ReplaceComments
REPLACE_COMMENTS
EscapeSeqDecode
ESCAPE_SEQ_DECODE
SqlHexDecode
SQL_HEX_DECODE
CssDecode
CSS_DECODE
JsDecode
JS_DECODE
NormalizePath
NORMALIZE_PATH
NormalizePathWin
NORMALIZE_PATH_WIN
RemoveNulls
REMOVE_NULLS
ReplaceNulls
REPLACE_NULLS
Base64DecodeExt
BASE64_DECODE_EXT
UrlDecodeUni
URL_DECODE_UNI
Utf8ToUnicode
UTF8_TO_UNICODE
NONE
NONE
COMPRESS_WHITE_SPACE
COMPRESS_WHITE_SPACE
HTML_ENTITY_DECODE
HTML_ENTITY_DECODE
LOWERCASE
LOWERCASE
CMD_LINE
CMD_LINE
URL_DECODE
URL_DECODE
BASE64_DECODE
BASE64_DECODE
HEX_DECODE
HEX_DECODE
MD5
MD5
REPLACE_COMMENTS
REPLACE_COMMENTS
ESCAPE_SEQ_DECODE
ESCAPE_SEQ_DECODE
SQL_HEX_DECODE
SQL_HEX_DECODE
CSS_DECODE
CSS_DECODE
JS_DECODE
JS_DECODE
NORMALIZE_PATH
NORMALIZE_PATH
NORMALIZE_PATH_WIN
NORMALIZE_PATH_WIN
REMOVE_NULLS
REMOVE_NULLS
REPLACE_NULLS
REPLACE_NULLS
BASE64_DECODE_EXT
BASE64_DECODE_EXT
URL_DECODE_UNI
URL_DECODE_UNI
UTF8_TO_UNICODE
UTF8_TO_UNICODE

RuleGroupVisibilityConfig

RuleGroupXssMatchStatement

Package Details

Repository
https://github.com/pulumi/pulumi-aws-native
License
Apache-2.0