1. Packages
  2. AWS Classic
  3. API Docs
  4. waf
  5. WebAcl

Try AWS Native preview for resources not in the classic version.

AWS Classic v5.41.0 published on Monday, May 15, 2023 by Pulumi

aws.waf.WebAcl

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v5.41.0 published on Monday, May 15, 2023 by Pulumi

    Provides a WAF Web ACL Resource

    Example Usage

    This example blocks requests coming from

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var ipset = new Aws.Waf.IpSet("ipset", new()
        {
            IpSetDescriptors = new[]
            {
                new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs
                {
                    Type = "IPV4",
                    Value = "192.0.7.0/24",
                },
            },
        });
    
        var wafrule = new Aws.Waf.Rule("wafrule", new()
        {
            MetricName = "tfWAFRule",
            Predicates = new[]
            {
                new Aws.Waf.Inputs.RulePredicateArgs
                {
                    DataId = ipset.Id,
                    Negated = false,
                    Type = "IPMatch",
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                ipset,
            },
        });
    
        var wafAcl = new Aws.Waf.WebAcl("wafAcl", new()
        {
            MetricName = "tfWebACL",
            DefaultAction = new Aws.Waf.Inputs.WebAclDefaultActionArgs
            {
                Type = "ALLOW",
            },
            Rules = new[]
            {
                new Aws.Waf.Inputs.WebAclRuleArgs
                {
                    Action = new Aws.Waf.Inputs.WebAclRuleActionArgs
                    {
                        Type = "BLOCK",
                    },
                    Priority = 1,
                    RuleId = wafrule.Id,
                    Type = "REGULAR",
                },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                ipset,
                wafrule,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/waf"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		ipset, err := waf.NewIpSet(ctx, "ipset", &waf.IpSetArgs{
    			IpSetDescriptors: waf.IpSetIpSetDescriptorArray{
    				&waf.IpSetIpSetDescriptorArgs{
    					Type:  pulumi.String("IPV4"),
    					Value: pulumi.String("192.0.7.0/24"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		wafrule, err := waf.NewRule(ctx, "wafrule", &waf.RuleArgs{
    			MetricName: pulumi.String("tfWAFRule"),
    			Predicates: waf.RulePredicateArray{
    				&waf.RulePredicateArgs{
    					DataId:  ipset.ID(),
    					Negated: pulumi.Bool(false),
    					Type:    pulumi.String("IPMatch"),
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			ipset,
    		}))
    		if err != nil {
    			return err
    		}
    		_, err = waf.NewWebAcl(ctx, "wafAcl", &waf.WebAclArgs{
    			MetricName: pulumi.String("tfWebACL"),
    			DefaultAction: &waf.WebAclDefaultActionArgs{
    				Type: pulumi.String("ALLOW"),
    			},
    			Rules: waf.WebAclRuleArray{
    				&waf.WebAclRuleArgs{
    					Action: &waf.WebAclRuleActionArgs{
    						Type: pulumi.String("BLOCK"),
    					},
    					Priority: pulumi.Int(1),
    					RuleId:   wafrule.ID(),
    					Type:     pulumi.String("REGULAR"),
    				},
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			ipset,
    			wafrule,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.waf.IpSet;
    import com.pulumi.aws.waf.IpSetArgs;
    import com.pulumi.aws.waf.inputs.IpSetIpSetDescriptorArgs;
    import com.pulumi.aws.waf.Rule;
    import com.pulumi.aws.waf.RuleArgs;
    import com.pulumi.aws.waf.inputs.RulePredicateArgs;
    import com.pulumi.aws.waf.WebAcl;
    import com.pulumi.aws.waf.WebAclArgs;
    import com.pulumi.aws.waf.inputs.WebAclDefaultActionArgs;
    import com.pulumi.aws.waf.inputs.WebAclRuleArgs;
    import com.pulumi.aws.waf.inputs.WebAclRuleActionArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ipset = new IpSet("ipset", IpSetArgs.builder()        
                .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()
                    .type("IPV4")
                    .value("192.0.7.0/24")
                    .build())
                .build());
    
            var wafrule = new Rule("wafrule", RuleArgs.builder()        
                .metricName("tfWAFRule")
                .predicates(RulePredicateArgs.builder()
                    .dataId(ipset.id())
                    .negated(false)
                    .type("IPMatch")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(ipset)
                    .build());
    
            var wafAcl = new WebAcl("wafAcl", WebAclArgs.builder()        
                .metricName("tfWebACL")
                .defaultAction(WebAclDefaultActionArgs.builder()
                    .type("ALLOW")
                    .build())
                .rules(WebAclRuleArgs.builder()
                    .action(WebAclRuleActionArgs.builder()
                        .type("BLOCK")
                        .build())
                    .priority(1)
                    .ruleId(wafrule.id())
                    .type("REGULAR")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(                
                        ipset,
                        wafrule)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    ipset = aws.waf.IpSet("ipset", ip_set_descriptors=[aws.waf.IpSetIpSetDescriptorArgs(
        type="IPV4",
        value="192.0.7.0/24",
    )])
    wafrule = aws.waf.Rule("wafrule",
        metric_name="tfWAFRule",
        predicates=[aws.waf.RulePredicateArgs(
            data_id=ipset.id,
            negated=False,
            type="IPMatch",
        )],
        opts=pulumi.ResourceOptions(depends_on=[ipset]))
    waf_acl = aws.waf.WebAcl("wafAcl",
        metric_name="tfWebACL",
        default_action=aws.waf.WebAclDefaultActionArgs(
            type="ALLOW",
        ),
        rules=[aws.waf.WebAclRuleArgs(
            action=aws.waf.WebAclRuleActionArgs(
                type="BLOCK",
            ),
            priority=1,
            rule_id=wafrule.id,
            type="REGULAR",
        )],
        opts=pulumi.ResourceOptions(depends_on=[
                ipset,
                wafrule,
            ]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const ipset = new aws.waf.IpSet("ipset", {ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }]});
    const wafrule = new aws.waf.Rule("wafrule", {
        metricName: "tfWAFRule",
        predicates: [{
            dataId: ipset.id,
            negated: false,
            type: "IPMatch",
        }],
    }, {
        dependsOn: [ipset],
    });
    const wafAcl = new aws.waf.WebAcl("wafAcl", {
        metricName: "tfWebACL",
        defaultAction: {
            type: "ALLOW",
        },
        rules: [{
            action: {
                type: "BLOCK",
            },
            priority: 1,
            ruleId: wafrule.id,
            type: "REGULAR",
        }],
    }, {
        dependsOn: [
            ipset,
            wafrule,
        ],
    });
    
    resources:
      ipset:
        type: aws:waf:IpSet
        properties:
          ipSetDescriptors:
            - type: IPV4
              value: 192.0.7.0/24
      wafrule:
        type: aws:waf:Rule
        properties:
          metricName: tfWAFRule
          predicates:
            - dataId: ${ipset.id}
              negated: false
              type: IPMatch
        options:
          dependson:
            - ${ipset}
      wafAcl:
        type: aws:waf:WebAcl
        properties:
          metricName: tfWebACL
          defaultAction:
            type: ALLOW
          rules:
            - action:
                type: BLOCK
              priority: 1
              ruleId: ${wafrule.id}
              type: REGULAR
        options:
          dependson:
            - ${ipset}
            - ${wafrule}
    

    Logging

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Waf.WebAcl("example", new()
        {
            LoggingConfiguration = new Aws.Waf.Inputs.WebAclLoggingConfigurationArgs
            {
                LogDestination = aws_kinesis_firehose_delivery_stream.Example.Arn,
                RedactedFields = new Aws.Waf.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs
                {
                    FieldToMatches = new[]
                    {
                        new Aws.Waf.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                        {
                            Type = "URI",
                        },
                        new Aws.Waf.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                        {
                            Data = "referer",
                            Type = "HEADER",
                        },
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/waf"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := waf.NewWebAcl(ctx, "example", &waf.WebAclArgs{
    			LoggingConfiguration: &waf.WebAclLoggingConfigurationArgs{
    				LogDestination: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),
    				RedactedFields: &waf.WebAclLoggingConfigurationRedactedFieldsArgs{
    					FieldToMatches: waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{
    						&waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
    							Type: pulumi.String("URI"),
    						},
    						&waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
    							Data: pulumi.String("referer"),
    							Type: pulumi.String("HEADER"),
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.waf.WebAcl;
    import com.pulumi.aws.waf.WebAclArgs;
    import com.pulumi.aws.waf.inputs.WebAclLoggingConfigurationArgs;
    import com.pulumi.aws.waf.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new WebAcl("example", WebAclArgs.builder()        
                .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()
                    .logDestination(aws_kinesis_firehose_delivery_stream.example().arn())
                    .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()
                        .fieldToMatches(                    
                            WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                                .type("URI")
                                .build(),
                            WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                                .data("referer")
                                .type("HEADER")
                                .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.waf.WebAcl("example", logging_configuration=aws.waf.WebAclLoggingConfigurationArgs(
        log_destination=aws_kinesis_firehose_delivery_stream["example"]["arn"],
        redacted_fields=aws.waf.WebAclLoggingConfigurationRedactedFieldsArgs(
            field_to_matches=[
                aws.waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(
                    type="URI",
                ),
                aws.waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(
                    data="referer",
                    type="HEADER",
                ),
            ],
        ),
    ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.waf.WebAcl("example", {loggingConfiguration: {
        logDestination: aws_kinesis_firehose_delivery_stream.example.arn,
        redactedFields: {
            fieldToMatches: [
                {
                    type: "URI",
                },
                {
                    data: "referer",
                    type: "HEADER",
                },
            ],
        },
    }});
    
    resources:
      example:
        type: aws:waf:WebAcl
        properties:
          loggingConfiguration:
            logDestination: ${aws_kinesis_firehose_delivery_stream.example.arn}
            redactedFields:
              fieldToMatches:
                - type: URI
                - data: referer
                  type: HEADER
    

    Create WebAcl Resource

    new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
    @overload
    def WebAcl(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               default_action: Optional[WebAclDefaultActionArgs] = None,
               logging_configuration: Optional[WebAclLoggingConfigurationArgs] = None,
               metric_name: Optional[str] = None,
               name: Optional[str] = None,
               rules: Optional[Sequence[WebAclRuleArgs]] = None,
               tags: Optional[Mapping[str, str]] = None)
    @overload
    def WebAcl(resource_name: str,
               args: WebAclArgs,
               opts: Optional[ResourceOptions] = None)
    func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
    public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
    public WebAcl(String name, WebAclArgs args)
    public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
    
    type: aws:waf:WebAcl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    WebAcl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The WebAcl resource accepts the following input properties:

    DefaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    MetricName string

    The name or description for the Amazon CloudWatch metric of this web ACL.

    LoggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    Name string

    The name or description of the web ACL.

    Rules List<WebAclRuleArgs>

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    Tags Dictionary<string, string>

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    DefaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    MetricName string

    The name or description for the Amazon CloudWatch metric of this web ACL.

    LoggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    Name string

    The name or description of the web ACL.

    Rules []WebAclRuleArgs

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    Tags map[string]string

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    defaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    metricName String

    The name or description for the Amazon CloudWatch metric of this web ACL.

    loggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    name String

    The name or description of the web ACL.

    rules List<WebAclRuleArgs>

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags Map<String,String>

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    defaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    metricName string

    The name or description for the Amazon CloudWatch metric of this web ACL.

    loggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    name string

    The name or description of the web ACL.

    rules WebAclRuleArgs[]

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags {[key: string]: string}

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    default_action WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    metric_name str

    The name or description for the Amazon CloudWatch metric of this web ACL.

    logging_configuration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    name str

    The name or description of the web ACL.

    rules Sequence[WebAclRuleArgs]

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags Mapping[str, str]

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    defaultAction Property Map

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    metricName String

    The name or description for the Amazon CloudWatch metric of this web ACL.

    loggingConfiguration Property Map

    Configuration block to enable WAF logging. Detailed below.

    name String

    The name or description of the web ACL.

    rules List<Property Map>

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags Map<String>

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

    Arn string

    The ARN of the WAF WebACL.

    Id string

    The provider-assigned unique ID for this managed resource.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Arn string

    The ARN of the WAF WebACL.

    Id string

    The provider-assigned unique ID for this managed resource.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn String

    The ARN of the WAF WebACL.

    id String

    The provider-assigned unique ID for this managed resource.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn string

    The ARN of the WAF WebACL.

    id string

    The provider-assigned unique ID for this managed resource.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn str

    The ARN of the WAF WebACL.

    id str

    The provider-assigned unique ID for this managed resource.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn String

    The ARN of the WAF WebACL.

    id String

    The provider-assigned unique ID for this managed resource.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Look up Existing WebAcl Resource

    Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            default_action: Optional[WebAclDefaultActionArgs] = None,
            logging_configuration: Optional[WebAclLoggingConfigurationArgs] = None,
            metric_name: Optional[str] = None,
            name: Optional[str] = None,
            rules: Optional[Sequence[WebAclRuleArgs]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None) -> WebAcl
    func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
    public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
    public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string

    The ARN of the WAF WebACL.

    DefaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    LoggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    MetricName string

    The name or description for the Amazon CloudWatch metric of this web ACL.

    Name string

    The name or description of the web ACL.

    Rules List<WebAclRuleArgs>

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    Tags Dictionary<string, string>

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Arn string

    The ARN of the WAF WebACL.

    DefaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    LoggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    MetricName string

    The name or description for the Amazon CloudWatch metric of this web ACL.

    Name string

    The name or description of the web ACL.

    Rules []WebAclRuleArgs

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    Tags map[string]string

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn String

    The ARN of the WAF WebACL.

    defaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    loggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    metricName String

    The name or description for the Amazon CloudWatch metric of this web ACL.

    name String

    The name or description of the web ACL.

    rules List<WebAclRuleArgs>

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags Map<String,String>

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn string

    The ARN of the WAF WebACL.

    defaultAction WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    loggingConfiguration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    metricName string

    The name or description for the Amazon CloudWatch metric of this web ACL.

    name string

    The name or description of the web ACL.

    rules WebAclRuleArgs[]

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags {[key: string]: string}

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn str

    The ARN of the WAF WebACL.

    default_action WebAclDefaultActionArgs

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    logging_configuration WebAclLoggingConfigurationArgs

    Configuration block to enable WAF logging. Detailed below.

    metric_name str

    The name or description for the Amazon CloudWatch metric of this web ACL.

    name str

    The name or description of the web ACL.

    rules Sequence[WebAclRuleArgs]

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags Mapping[str, str]

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    arn String

    The ARN of the WAF WebACL.

    defaultAction Property Map

    Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

    loggingConfiguration Property Map

    Configuration block to enable WAF logging. Detailed below.

    metricName String

    The name or description for the Amazon CloudWatch metric of this web ACL.

    name String

    The name or description of the web ACL.

    rules List<Property Map>

    Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

    tags Map<String>

    Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Supporting Types

    WebAclDefaultAction

    Type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    Type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type String

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type str

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type String

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    WebAclLoggingConfiguration

    LogDestination string

    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

    RedactedFields WebAclLoggingConfigurationRedactedFields

    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    LogDestination string

    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

    RedactedFields WebAclLoggingConfigurationRedactedFields

    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    logDestination String

    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

    redactedFields WebAclLoggingConfigurationRedactedFields

    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    logDestination string

    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

    redactedFields WebAclLoggingConfigurationRedactedFields

    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    log_destination str

    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

    redacted_fields WebAclLoggingConfigurationRedactedFields

    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    logDestination String

    Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

    redactedFields Property Map

    Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    WebAclLoggingConfigurationRedactedFields

    FieldToMatches List<WebAclLoggingConfigurationRedactedFieldsFieldToMatch>

    Set of configuration blocks for fields to redact. Detailed below.

    FieldToMatches []WebAclLoggingConfigurationRedactedFieldsFieldToMatch

    Set of configuration blocks for fields to redact. Detailed below.

    fieldToMatches List<WebAclLoggingConfigurationRedactedFieldsFieldToMatch>

    Set of configuration blocks for fields to redact. Detailed below.

    fieldToMatches WebAclLoggingConfigurationRedactedFieldsFieldToMatch[]

    Set of configuration blocks for fields to redact. Detailed below.

    field_to_matches Sequence[WebAclLoggingConfigurationRedactedFieldsFieldToMatch]

    Set of configuration blocks for fields to redact. Detailed below.

    fieldToMatches List<Property Map>

    Set of configuration blocks for fields to redact. Detailed below.

    WebAclLoggingConfigurationRedactedFieldsFieldToMatch

    Type string

    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD

    Data string

    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    Type string

    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD

    Data string

    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    type String

    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD

    data String

    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    type string

    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD

    data string

    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    type str

    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD

    data str

    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    type String

    The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD

    data String

    When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    WebAclRule

    Priority int

    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

    RuleId string

    ID of the associated WAF (Global) rule (e.g., aws.waf.Rule). WAF (Regional) rules cannot be used.

    Action WebAclRuleAction

    The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.

    OverrideAction WebAclRuleOverrideAction

    Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.

    Type string

    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    Priority int

    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

    RuleId string

    ID of the associated WAF (Global) rule (e.g., aws.waf.Rule). WAF (Regional) rules cannot be used.

    Action WebAclRuleAction

    The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.

    OverrideAction WebAclRuleOverrideAction

    Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.

    Type string

    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    priority Integer

    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

    ruleId String

    ID of the associated WAF (Global) rule (e.g., aws.waf.Rule). WAF (Regional) rules cannot be used.

    action WebAclRuleAction

    The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.

    overrideAction WebAclRuleOverrideAction

    Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.

    type String

    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    priority number

    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

    ruleId string

    ID of the associated WAF (Global) rule (e.g., aws.waf.Rule). WAF (Regional) rules cannot be used.

    action WebAclRuleAction

    The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.

    overrideAction WebAclRuleOverrideAction

    Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.

    type string

    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    priority int

    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

    rule_id str

    ID of the associated WAF (Global) rule (e.g., aws.waf.Rule). WAF (Regional) rules cannot be used.

    action WebAclRuleAction

    The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.

    override_action WebAclRuleOverrideAction

    Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.

    type str

    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    priority Number

    Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

    ruleId String

    ID of the associated WAF (Global) rule (e.g., aws.waf.Rule). WAF (Regional) rules cannot be used.

    action Property Map

    The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.

    overrideAction Property Map

    Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.

    type String

    The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

    WebAclRuleAction

    Type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    Type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type String

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type str

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type String

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    WebAclRuleOverrideAction

    Type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    Type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type String

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type string

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type str

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    type String

    Specifies how you want AWS WAF to respond to requests that don't match the criteria in any of the rules. e.g., ALLOW or BLOCK

    Import

    WAF Web ACL can be imported using the id, e.g.,

     $ pulumi import aws:waf/webAcl:WebAcl main 0c8e583e-18f3-4c13-9e2a-67c4805d2f94
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v5.41.0 published on Monday, May 15, 2023 by Pulumi