WebACL

Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a WebACL, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL, a request needs to match only one of the specifications to be allowed, blocked, or counted.

Create a WebACL Resource

new WebACL(name: string, args: WebACLArgs, opts?: CustomResourceOptions);
@overload
def WebACL(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           captcha_config: Optional[WebACLCaptchaConfigArgs] = None,
           custom_response_bodies: Optional[WebACLCustomResponseBodiesArgs] = None,
           default_action: Optional[WebACLDefaultActionArgs] = None,
           description: Optional[str] = None,
           name: Optional[str] = None,
           rules: Optional[Sequence[WebACLRuleArgs]] = None,
           scope: Optional[WebACLScope] = None,
           tags: Optional[Sequence[WebACLTagArgs]] = None,
           visibility_config: Optional[WebACLVisibilityConfigArgs] = None)
@overload
def WebACL(resource_name: str,
           args: WebACLArgs,
           opts: Optional[ResourceOptions] = None)
func NewWebACL(ctx *Context, name string, args WebACLArgs, opts ...ResourceOption) (*WebACL, error)
public WebACL(string name, WebACLArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args WebACLArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args WebACLArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args WebACLArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args WebACLArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

WebACL Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The WebACL resource accepts the following input properties:

Outputs

All input properties are implicitly available as output properties. Additionally, the WebACL resource produces the following output properties:

Arn string
Capacity int
Id string
The provider-assigned unique ID for this managed resource.
LabelNamespace string
Arn string
Capacity int
Id string
The provider-assigned unique ID for this managed resource.
LabelNamespace string
arn string
capacity number
id string
The provider-assigned unique ID for this managed resource.
labelNamespace string
arn str
capacity int
id str
The provider-assigned unique ID for this managed resource.
label_namespace str

Supporting Types

WebACLAllowAction

WebACLAndStatement

WebACLBlockAction

WebACLBodyParsingFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
EvaluateAsString
EVALUATE_AS_STRING
WebACLBodyParsingFallbackBehaviorMatch
MATCH
WebACLBodyParsingFallbackBehaviorNoMatch
NO_MATCH
WebACLBodyParsingFallbackBehaviorEvaluateAsString
EVALUATE_AS_STRING
Match
MATCH
NoMatch
NO_MATCH
EvaluateAsString
EVALUATE_AS_STRING
MATCH
MATCH
NO_MATCH
NO_MATCH
EVALUATE_AS_STRING
EVALUATE_AS_STRING

WebACLByteMatchStatement

WebACLCaptchaAction

WebACLCaptchaConfig

WebACLCountAction

WebACLCustomHTTPHeader

Name string
Value string
Name string
Value string
name string
value string
name str
value str

WebACLCustomRequestHandling

InsertHeaders []WebACLCustomHTTPHeader
Collection of HTTP headers.
insertHeaders WebACLCustomHTTPHeader[]
Collection of HTTP headers.
insert_headers Sequence[WebACLCustomHTTPHeader]
Collection of HTTP headers.

WebACLCustomResponse

ResponseCode int
CustomResponseBodyKey string
Custom response body key.
ResponseHeaders []WebACLCustomHTTPHeader
Collection of HTTP headers.
responseCode number
customResponseBodyKey string
Custom response body key.
responseHeaders WebACLCustomHTTPHeader[]
Collection of HTTP headers.
response_code int
custom_response_body_key str
Custom response body key.
response_headers Sequence[WebACLCustomHTTPHeader]
Collection of HTTP headers.

WebACLDefaultAction

WebACLExcludedRule

Name string
Name string
name string
name str

WebACLFieldToMatch

AllQueryArguments object
All query arguments of a web request.
Body object
The body of a web request. This immediately follows the request headers.
JsonBody Pulumi.AwsNative.WAFv2.Inputs.WebACLJsonBody
Method object
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
QueryString object
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
SingleHeader Pulumi.AwsNative.WAFv2.Inputs.WebACLFieldToMatchSingleHeaderProperties
SingleQueryArgument Pulumi.AwsNative.WAFv2.Inputs.WebACLFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
UriPath object
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
AllQueryArguments interface{}
All query arguments of a web request.
Body interface{}
The body of a web request. This immediately follows the request headers.
JsonBody WebACLJsonBody
Method interface{}
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
QueryString interface{}
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebACLFieldToMatchSingleHeaderProperties
SingleQueryArgument WebACLFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
UriPath interface{}
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
allQueryArguments any
All query arguments of a web request.
body any
The body of a web request. This immediately follows the request headers.
jsonBody WebACLJsonBody
method any
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
queryString any
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
singleHeader WebACLFieldToMatchSingleHeaderProperties
singleQueryArgument WebACLFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
uriPath any
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
all_query_arguments Any
All query arguments of a web request.
body Any
The body of a web request. This immediately follows the request headers.
json_body WebACLJsonBody
method Any
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
query_string Any
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
single_header WebACLFieldToMatchSingleHeaderProperties
single_query_argument WebACLFieldToMatchSingleQueryArgumentProperties
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn’t case sensitive.
uri_path Any
The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebACLFieldToMatchSingleHeaderProperties

Name string
Name string
name string
name str

WebACLFieldToMatchSingleQueryArgumentProperties

Name string
Name string
name string
name str

WebACLForwardedIPConfiguration

WebACLForwardedIPConfigurationFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
WebACLForwardedIPConfigurationFallbackBehaviorMatch
MATCH
WebACLForwardedIPConfigurationFallbackBehaviorNoMatch
NO_MATCH
Match
MATCH
NoMatch
NO_MATCH
MATCH
MATCH
NO_MATCH
NO_MATCH

WebACLGeoMatchStatement

WebACLIPSetForwardedIPConfiguration

WebACLIPSetForwardedIPConfigurationFallbackBehavior

Match
MATCH
NoMatch
NO_MATCH
WebACLIPSetForwardedIPConfigurationFallbackBehaviorMatch
MATCH
WebACLIPSetForwardedIPConfigurationFallbackBehaviorNoMatch
NO_MATCH
Match
MATCH
NoMatch
NO_MATCH
MATCH
MATCH
NO_MATCH
NO_MATCH

WebACLIPSetForwardedIPConfigurationPosition

First
FIRST
Last
LAST
Any
ANY
WebACLIPSetForwardedIPConfigurationPositionFirst
FIRST
WebACLIPSetForwardedIPConfigurationPositionLast
LAST
WebACLIPSetForwardedIPConfigurationPositionAny
ANY
First
FIRST
Last
LAST
Any
ANY
FIRST
FIRST
LAST
LAST
ANY
ANY

WebACLIPSetReferenceStatement

WebACLImmunityTimeProperty

immunityTime number

WebACLJsonBody

WebACLJsonMatchPattern

All object
Inspect all parts of the web request’s JSON body.
IncludedPaths List<string>
All interface{}
Inspect all parts of the web request’s JSON body.
IncludedPaths []string
all any
Inspect all parts of the web request’s JSON body.
includedPaths string[]
all Any
Inspect all parts of the web request’s JSON body.
included_paths Sequence[str]

WebACLJsonMatchScope

All
ALL
Key
KEY
Value
VALUE
WebACLJsonMatchScopeAll
ALL
WebACLJsonMatchScopeKey
KEY
WebACLJsonMatchScopeValue
VALUE
All
ALL
Key
KEY
Value
VALUE
ALL
ALL
KEY
KEY
VALUE
VALUE

WebACLLabel

Name string
Name string
name string
name str

WebACLLabelMatchScope

Label
LABEL
Namespace
NAMESPACE
WebACLLabelMatchScopeLabel
LABEL
WebACLLabelMatchScopeNamespace
NAMESPACE
Label
LABEL
Namespace
NAMESPACE
LABEL
LABEL
NAMESPACE
NAMESPACE

WebACLLabelMatchStatement

WebACLManagedRuleGroupStatement

WebACLNotStatement

WebACLOrStatement

WebACLOverrideAction

Count object
Count traffic towards application.
None object
Keep the RuleGroup or ManagedRuleGroup behavior as is.
Count interface{}
Count traffic towards application.
None interface{}
Keep the RuleGroup or ManagedRuleGroup behavior as is.
count any
Count traffic towards application.
none any
Keep the RuleGroup or ManagedRuleGroup behavior as is.
count Any
Count traffic towards application.
none Any
Keep the RuleGroup or ManagedRuleGroup behavior as is.

WebACLPositionalConstraint

Exactly
EXACTLY
StartsWith
STARTS_WITH
EndsWith
ENDS_WITH
Contains
CONTAINS
ContainsWord
CONTAINS_WORD
WebACLPositionalConstraintExactly
EXACTLY
WebACLPositionalConstraintStartsWith
STARTS_WITH
WebACLPositionalConstraintEndsWith
ENDS_WITH
WebACLPositionalConstraintContains
CONTAINS
WebACLPositionalConstraintContainsWord
CONTAINS_WORD
Exactly
EXACTLY
StartsWith
STARTS_WITH
EndsWith
ENDS_WITH
Contains
CONTAINS
ContainsWord
CONTAINS_WORD
EXACTLY
EXACTLY
STARTS_WITH
STARTS_WITH
ENDS_WITH
ENDS_WITH
CONTAINS
CONTAINS
CONTAINS_WORD
CONTAINS_WORD

WebACLRateBasedStatement

WebACLRateBasedStatementAggregateKeyType

Ip
IP
ForwardedIp
FORWARDED_IP
WebACLRateBasedStatementAggregateKeyTypeIp
IP
WebACLRateBasedStatementAggregateKeyTypeForwardedIp
FORWARDED_IP
Ip
IP
ForwardedIp
FORWARDED_IP
IP
IP
FORWARDED_IP
FORWARDED_IP

WebACLRegexMatchStatement

WebACLRegexPatternSetReferenceStatement

WebACLRule

WebACLRuleAction

WebACLRuleGroupReferenceStatement

WebACLScope

Cloudfront
CLOUDFRONT
Regional
REGIONAL
WebACLScopeCloudfront
CLOUDFRONT
WebACLScopeRegional
REGIONAL
Cloudfront
CLOUDFRONT
Regional
REGIONAL
CLOUDFRONT
CLOUDFRONT
REGIONAL
REGIONAL

WebACLSizeConstraintStatement

WebACLSizeConstraintStatementComparisonOperator

Eq
EQ
Ne
NE
Le
LE
Lt
LT
Ge
GE
Gt
GT
WebACLSizeConstraintStatementComparisonOperatorEq
EQ
WebACLSizeConstraintStatementComparisonOperatorNe
NE
WebACLSizeConstraintStatementComparisonOperatorLe
LE
WebACLSizeConstraintStatementComparisonOperatorLt
LT
WebACLSizeConstraintStatementComparisonOperatorGe
GE
WebACLSizeConstraintStatementComparisonOperatorGt
GT
Eq
EQ
Ne
NE
Le
LE
Lt
LT
Ge
GE
Gt
GT
EQ
EQ
NE
NE
LE
LE
LT
LT
GE
GE
GT
GT

WebACLSqliMatchStatement

WebACLStatement

AndStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLAndStatement
ByteMatchStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLByteMatchStatement
GeoMatchStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLGeoMatchStatement
IPSetReferenceStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLIPSetReferenceStatement
LabelMatchStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLLabelMatchStatement
ManagedRuleGroupStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLManagedRuleGroupStatement
NotStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLNotStatement
OrStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLOrStatement
RateBasedStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLRateBasedStatement
RegexMatchStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLRegexMatchStatement
RegexPatternSetReferenceStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLRegexPatternSetReferenceStatement
RuleGroupReferenceStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLRuleGroupReferenceStatement
SizeConstraintStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLSizeConstraintStatement
SqliMatchStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLSqliMatchStatement
XssMatchStatement Pulumi.AwsNative.WAFv2.Inputs.WebACLXssMatchStatement

WebACLTag

Key string
Value string
Key string
Value string
key string
value string
key str
value str

WebACLTextTransformation

WebACLTextTransformationType

None
NONE
CompressWhiteSpace
COMPRESS_WHITE_SPACE
HtmlEntityDecode
HTML_ENTITY_DECODE
Lowercase
LOWERCASE
CmdLine
CMD_LINE
UrlDecode
URL_DECODE
Base64Decode
BASE64_DECODE
HexDecode
HEX_DECODE
Md5
MD5
ReplaceComments
REPLACE_COMMENTS
EscapeSeqDecode
ESCAPE_SEQ_DECODE
SqlHexDecode
SQL_HEX_DECODE
CssDecode
CSS_DECODE
JsDecode
JS_DECODE
NormalizePath
NORMALIZE_PATH
NormalizePathWin
NORMALIZE_PATH_WIN
RemoveNulls
REMOVE_NULLS
ReplaceNulls
REPLACE_NULLS
Base64DecodeExt
BASE64_DECODE_EXT
UrlDecodeUni
URL_DECODE_UNI
Utf8ToUnicode
UTF8_TO_UNICODE
WebACLTextTransformationTypeNone
NONE
WebACLTextTransformationTypeCompressWhiteSpace
COMPRESS_WHITE_SPACE
WebACLTextTransformationTypeHtmlEntityDecode
HTML_ENTITY_DECODE
WebACLTextTransformationTypeLowercase
LOWERCASE
WebACLTextTransformationTypeCmdLine
CMD_LINE
WebACLTextTransformationTypeUrlDecode
URL_DECODE
WebACLTextTransformationTypeBase64Decode
BASE64_DECODE
WebACLTextTransformationTypeHexDecode
HEX_DECODE
WebACLTextTransformationTypeMd5
MD5
WebACLTextTransformationTypeReplaceComments
REPLACE_COMMENTS
WebACLTextTransformationTypeEscapeSeqDecode
ESCAPE_SEQ_DECODE
WebACLTextTransformationTypeSqlHexDecode
SQL_HEX_DECODE
WebACLTextTransformationTypeCssDecode
CSS_DECODE
WebACLTextTransformationTypeJsDecode
JS_DECODE
WebACLTextTransformationTypeNormalizePath
NORMALIZE_PATH
WebACLTextTransformationTypeNormalizePathWin
NORMALIZE_PATH_WIN
WebACLTextTransformationTypeRemoveNulls
REMOVE_NULLS
WebACLTextTransformationTypeReplaceNulls
REPLACE_NULLS
WebACLTextTransformationTypeBase64DecodeExt
BASE64_DECODE_EXT
WebACLTextTransformationTypeUrlDecodeUni
URL_DECODE_UNI
WebACLTextTransformationTypeUtf8ToUnicode
UTF8_TO_UNICODE
None
NONE
CompressWhiteSpace
COMPRESS_WHITE_SPACE
HtmlEntityDecode
HTML_ENTITY_DECODE
Lowercase
LOWERCASE
CmdLine
CMD_LINE
UrlDecode
URL_DECODE
Base64Decode
BASE64_DECODE
HexDecode
HEX_DECODE
Md5
MD5
ReplaceComments
REPLACE_COMMENTS
EscapeSeqDecode
ESCAPE_SEQ_DECODE
SqlHexDecode
SQL_HEX_DECODE
CssDecode
CSS_DECODE
JsDecode
JS_DECODE
NormalizePath
NORMALIZE_PATH
NormalizePathWin
NORMALIZE_PATH_WIN
RemoveNulls
REMOVE_NULLS
ReplaceNulls
REPLACE_NULLS
Base64DecodeExt
BASE64_DECODE_EXT
UrlDecodeUni
URL_DECODE_UNI
Utf8ToUnicode
UTF8_TO_UNICODE
NONE
NONE
COMPRESS_WHITE_SPACE
COMPRESS_WHITE_SPACE
HTML_ENTITY_DECODE
HTML_ENTITY_DECODE
LOWERCASE
LOWERCASE
CMD_LINE
CMD_LINE
URL_DECODE
URL_DECODE
BASE64_DECODE
BASE64_DECODE
HEX_DECODE
HEX_DECODE
MD5
MD5
REPLACE_COMMENTS
REPLACE_COMMENTS
ESCAPE_SEQ_DECODE
ESCAPE_SEQ_DECODE
SQL_HEX_DECODE
SQL_HEX_DECODE
CSS_DECODE
CSS_DECODE
JS_DECODE
JS_DECODE
NORMALIZE_PATH
NORMALIZE_PATH
NORMALIZE_PATH_WIN
NORMALIZE_PATH_WIN
REMOVE_NULLS
REMOVE_NULLS
REPLACE_NULLS
REPLACE_NULLS
BASE64_DECODE_EXT
BASE64_DECODE_EXT
URL_DECODE_UNI
URL_DECODE_UNI
UTF8_TO_UNICODE
UTF8_TO_UNICODE

WebACLVisibilityConfig

WebACLXssMatchStatement

Package Details

Repository
https://github.com/pulumi/pulumi-aws-native
License
Apache-2.0