aws logo
AWS Classic v5.29.1, Feb 4 23

aws.wafv2.RuleGroup

Creates a WAFv2 Rule Group resource.

Example Usage

Simple

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafV2.RuleGroup("example", new()
    {
        Capacity = 2,
        Rules = new[]
        {
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Allow = null,
                },
                Name = "rule-1",
                Priority = 1,
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
                    {
                        CountryCodes = new[]
                        {
                            "US",
                            "NL",
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "friendly-rule-metric-name",
                    SampledRequestsEnabled = false,
                },
            },
        },
        Scope = "REGIONAL",
        VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
        {
            CloudwatchMetricsEnabled = false,
            MetricName = "friendly-metric-name",
            SampledRequestsEnabled = false,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafv2.NewRuleGroup(ctx, "example", &wafv2.RuleGroupArgs{
			Capacity: pulumi.Int(2),
			Rules: wafv2.RuleGroupRuleArray{
				&wafv2.RuleGroupRuleArgs{
					Action: &wafv2.RuleGroupRuleActionArgs{
						Allow: nil,
					},
					Name:     pulumi.String("rule-1"),
					Priority: pulumi.Int(1),
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
							CountryCodes: pulumi.StringArray{
								pulumi.String("US"),
								pulumi.String("NL"),
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("friendly-rule-metric-name"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
			},
			Scope: pulumi.String("REGIONAL"),
			VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
				CloudwatchMetricsEnabled: pulumi.Bool(false),
				MetricName:               pulumi.String("friendly-metric-name"),
				SampledRequestsEnabled:   pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new RuleGroup("example", RuleGroupArgs.builder()        
            .capacity(2)
            .rules(RuleGroupRuleArgs.builder()
                .action(RuleGroupRuleActionArgs.builder()
                    .allow()
                    .build())
                .name("rule-1")
                .priority(1)
                .statement(RuleGroupRuleStatementArgs.builder()
                    .geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
                        .countryCodes(                        
                            "US",
                            "NL")
                        .build())
                    .build())
                .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                    .cloudwatchMetricsEnabled(false)
                    .metricName("friendly-rule-metric-name")
                    .sampledRequestsEnabled(false)
                    .build())
                .build())
            .scope("REGIONAL")
            .visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.wafv2.RuleGroup("example",
    capacity=2,
    rules=[aws.wafv2.RuleGroupRuleArgs(
        action=aws.wafv2.RuleGroupRuleActionArgs(
            allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),
        ),
        name="rule-1",
        priority=1,
        statement=aws.wafv2.RuleGroupRuleStatementArgs(
            geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
                country_codes=[
                    "US",
                    "NL",
                ],
            ),
        ),
        visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
            cloudwatch_metrics_enabled=False,
            metric_name="friendly-rule-metric-name",
            sampled_requests_enabled=False,
        ),
    )],
    scope="REGIONAL",
    visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(
        cloudwatch_metrics_enabled=False,
        metric_name="friendly-metric-name",
        sampled_requests_enabled=False,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafv2.RuleGroup("example", {
    capacity: 2,
    rules: [{
        action: {
            allow: {},
        },
        name: "rule-1",
        priority: 1,
        statement: {
            geoMatchStatement: {
                countryCodes: [
                    "US",
                    "NL",
                ],
            },
        },
        visibilityConfig: {
            cloudwatchMetricsEnabled: false,
            metricName: "friendly-rule-metric-name",
            sampledRequestsEnabled: false,
        },
    }],
    scope: "REGIONAL",
    visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "friendly-metric-name",
        sampledRequestsEnabled: false,
    },
});
resources:
  example:
    type: aws:wafv2:RuleGroup
    properties:
      capacity: 2
      rules:
        - action:
            allow: {}
          name: rule-1
          priority: 1
          statement:
            geoMatchStatement:
              countryCodes:
                - US
                - NL
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      scope: REGIONAL
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

Complex

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var testIpSet = new Aws.WafV2.IpSet("testIpSet", new()
    {
        Scope = "REGIONAL",
        IpAddressVersion = "IPV4",
        Addresses = new[]
        {
            "1.1.1.1/32",
            "2.2.2.2/32",
        },
    });

    var testRegexPatternSet = new Aws.WafV2.RegexPatternSet("testRegexPatternSet", new()
    {
        Scope = "REGIONAL",
        RegularExpressions = new[]
        {
            new Aws.WafV2.Inputs.RegexPatternSetRegularExpressionArgs
            {
                RegexString = "one",
            },
        },
    });

    var example = new Aws.WafV2.RuleGroup("example", new()
    {
        Description = "An rule group containing all statements",
        Scope = "REGIONAL",
        Capacity = 500,
        Rules = new[]
        {
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-1",
                Priority = 1,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Block = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    NotStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementArgs
                    {
                        Statements = new[]
                        {
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementArgs
                            {
                                AndStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementArgs
                                {
                                    Statements = new[]
                                    {
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs
                                        {
                                            GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs
                                            {
                                                CountryCodes = new[]
                                                {
                                                    "US",
                                                },
                                            },
                                        },
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs
                                        {
                                            ByteMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs
                                            {
                                                PositionalConstraint = "CONTAINS",
                                                SearchString = "word",
                                                FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs
                                                {
                                                    AllQueryArguments = null,
                                                },
                                                TextTransformations = new[]
                                                {
                                                    new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs
                                                    {
                                                        Priority = 5,
                                                        Type = "CMD_LINE",
                                                    },
                                                    new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs
                                                    {
                                                        Priority = 2,
                                                        Type = "LOWERCASE",
                                                    },
                                                },
                                            },
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "rule-1",
                    SampledRequestsEnabled = false,
                },
            },
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-2",
                Priority = 2,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Count = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    OrStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementArgs
                    {
                        Statements = new[]
                        {
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs
                            {
                                RegexMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementArgs
                                {
                                    RegexString = "a-z?",
                                    FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchArgs
                                    {
                                        SingleHeader = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchSingleHeaderArgs
                                        {
                                            Name = "user-agent",
                                        },
                                    },
                                    TextTransformations = new[]
                                    {
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementTextTransformationArgs
                                        {
                                            Priority = 6,
                                            Type = "NONE",
                                        },
                                    },
                                },
                            },
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs
                            {
                                SqliMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs
                                {
                                    FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs
                                    {
                                        Body = null,
                                    },
                                    TextTransformations = new[]
                                    {
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs
                                        {
                                            Priority = 5,
                                            Type = "URL_DECODE",
                                        },
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs
                                        {
                                            Priority = 4,
                                            Type = "HTML_ENTITY_DECODE",
                                        },
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs
                                        {
                                            Priority = 3,
                                            Type = "COMPRESS_WHITE_SPACE",
                                        },
                                    },
                                },
                            },
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs
                            {
                                XssMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs
                                {
                                    FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs
                                    {
                                        Method = null,
                                    },
                                    TextTransformations = new[]
                                    {
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs
                                        {
                                            Priority = 2,
                                            Type = "NONE",
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "rule-2",
                    SampledRequestsEnabled = false,
                },
            },
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-3",
                Priority = 3,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Block = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    SizeConstraintStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementArgs
                    {
                        ComparisonOperator = "GT",
                        Size = 100,
                        FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs
                        {
                            SingleQueryArgument = new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs
                            {
                                Name = "username",
                            },
                        },
                        TextTransformations = new[]
                        {
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs
                            {
                                Priority = 5,
                                Type = "NONE",
                            },
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "rule-3",
                    SampledRequestsEnabled = false,
                },
            },
            new Aws.WafV2.Inputs.RuleGroupRuleArgs
            {
                Name = "rule-4",
                Priority = 4,
                Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
                {
                    Block = null,
                },
                Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
                {
                    OrStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementArgs
                    {
                        Statements = new[]
                        {
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs
                            {
                                IpSetReferenceStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs
                                {
                                    Arn = testIpSet.Arn,
                                },
                            },
                            new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs
                            {
                                RegexPatternSetReferenceStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs
                                {
                                    Arn = testRegexPatternSet.Arn,
                                    FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs
                                    {
                                        SingleHeader = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs
                                        {
                                            Name = "referer",
                                        },
                                    },
                                    TextTransformations = new[]
                                    {
                                        new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs
                                        {
                                            Priority = 2,
                                            Type = "NONE",
                                        },
                                    },
                                },
                            },
                        },
                    },
                },
                VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
                {
                    CloudwatchMetricsEnabled = false,
                    MetricName = "rule-4",
                    SampledRequestsEnabled = false,
                },
            },
        },
        VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
        {
            CloudwatchMetricsEnabled = false,
            MetricName = "friendly-metric-name",
            SampledRequestsEnabled = false,
        },
        Tags = 
        {
            { "Name", "example-and-statement" },
            { "Code", "123456" },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		testIpSet, err := wafv2.NewIpSet(ctx, "testIpSet", &wafv2.IpSetArgs{
			Scope:            pulumi.String("REGIONAL"),
			IpAddressVersion: pulumi.String("IPV4"),
			Addresses: pulumi.StringArray{
				pulumi.String("1.1.1.1/32"),
				pulumi.String("2.2.2.2/32"),
			},
		})
		if err != nil {
			return err
		}
		testRegexPatternSet, err := wafv2.NewRegexPatternSet(ctx, "testRegexPatternSet", &wafv2.RegexPatternSetArgs{
			Scope: pulumi.String("REGIONAL"),
			RegularExpressions: wafv2.RegexPatternSetRegularExpressionArray{
				&wafv2.RegexPatternSetRegularExpressionArgs{
					RegexString: pulumi.String("one"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = wafv2.NewRuleGroup(ctx, "example", &wafv2.RuleGroupArgs{
			Description: pulumi.String("An rule group containing all statements"),
			Scope:       pulumi.String("REGIONAL"),
			Capacity:    pulumi.Int(500),
			Rules: wafv2.RuleGroupRuleArray{
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-1"),
					Priority: pulumi.Int(1),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Block: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						NotStatement: &wafv2.RuleGroupRuleStatementNotStatementArgs{
							Statements: wafv2.RuleGroupRuleStatementNotStatementStatementArray{
								&wafv2.RuleGroupRuleStatementNotStatementStatementArgs{
									AndStatement: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementArgs{
										Statements: wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArray{
											&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs{
												GeoMatchStatement: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs{
													CountryCodes: pulumi.StringArray{
														pulumi.String("US"),
													},
												},
											},
											&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs{
												ByteMatchStatement: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs{
													PositionalConstraint: pulumi.String("CONTAINS"),
													SearchString:         pulumi.String("word"),
													FieldToMatch: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs{
														AllQueryArguments: nil,
													},
													TextTransformations: wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArray{
														&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs{
															Priority: pulumi.Int(5),
															Type:     pulumi.String("CMD_LINE"),
														},
														&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs{
															Priority: pulumi.Int(2),
															Type:     pulumi.String("LOWERCASE"),
														},
													},
												},
											},
										},
									},
								},
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("rule-1"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-2"),
					Priority: pulumi.Int(2),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Count: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						OrStatement: &wafv2.RuleGroupRuleStatementOrStatementArgs{
							Statements: wafv2.RuleGroupRuleStatementOrStatementStatementArray{
								&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{
									RegexMatchStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementArgs{
										RegexString: pulumi.String("a-z?"),
										FieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchArgs{
											SingleHeader: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchSingleHeaderArgs{
												Name: pulumi.String("user-agent"),
											},
										},
										TextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementTextTransformationArray{
											&wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementTextTransformationArgs{
												Priority: pulumi.Int(6),
												Type:     pulumi.String("NONE"),
											},
										},
									},
								},
								&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{
									SqliMatchStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs{
										FieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs{
											Body: nil,
										},
										TextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArray{
											&wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs{
												Priority: pulumi.Int(5),
												Type:     pulumi.String("URL_DECODE"),
											},
											&wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs{
												Priority: pulumi.Int(4),
												Type:     pulumi.String("HTML_ENTITY_DECODE"),
											},
											&wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs{
												Priority: pulumi.Int(3),
												Type:     pulumi.String("COMPRESS_WHITE_SPACE"),
											},
										},
									},
								},
								&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{
									XssMatchStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs{
										FieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs{
											Method: nil,
										},
										TextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArray{
											&wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs{
												Priority: pulumi.Int(2),
												Type:     pulumi.String("NONE"),
											},
										},
									},
								},
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("rule-2"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-3"),
					Priority: pulumi.Int(3),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Block: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						SizeConstraintStatement: &wafv2.RuleGroupRuleStatementSizeConstraintStatementArgs{
							ComparisonOperator: pulumi.String("GT"),
							Size:               pulumi.Int(100),
							FieldToMatch: &wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs{
								SingleQueryArgument: &wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs{
									Name: pulumi.String("username"),
								},
							},
							TextTransformations: wafv2.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArray{
								&wafv2.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs{
									Priority: pulumi.Int(5),
									Type:     pulumi.String("NONE"),
								},
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("rule-3"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
				&wafv2.RuleGroupRuleArgs{
					Name:     pulumi.String("rule-4"),
					Priority: pulumi.Int(4),
					Action: &wafv2.RuleGroupRuleActionArgs{
						Block: nil,
					},
					Statement: &wafv2.RuleGroupRuleStatementArgs{
						OrStatement: &wafv2.RuleGroupRuleStatementOrStatementArgs{
							Statements: wafv2.RuleGroupRuleStatementOrStatementStatementArray{
								&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{
									IpSetReferenceStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs{
										Arn: testIpSet.Arn,
									},
								},
								&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{
									RegexPatternSetReferenceStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs{
										Arn: testRegexPatternSet.Arn,
										FieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs{
											SingleHeader: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs{
												Name: pulumi.String("referer"),
											},
										},
										TextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArray{
											&wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs{
												Priority: pulumi.Int(2),
												Type:     pulumi.String("NONE"),
											},
										},
									},
								},
							},
						},
					},
					VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
						CloudwatchMetricsEnabled: pulumi.Bool(false),
						MetricName:               pulumi.String("rule-4"),
						SampledRequestsEnabled:   pulumi.Bool(false),
					},
				},
			},
			VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
				CloudwatchMetricsEnabled: pulumi.Bool(false),
				MetricName:               pulumi.String("friendly-metric-name"),
				SampledRequestsEnabled:   pulumi.Bool(false),
			},
			Tags: pulumi.StringMap{
				"Name": pulumi.String("example-and-statement"),
				"Code": pulumi.String("123456"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.IpSet;
import com.pulumi.aws.wafv2.IpSetArgs;
import com.pulumi.aws.wafv2.RegexPatternSet;
import com.pulumi.aws.wafv2.RegexPatternSetArgs;
import com.pulumi.aws.wafv2.inputs.RegexPatternSetRegularExpressionArgs;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementNotStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionCountArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementOrStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementSizeConstraintStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testIpSet = new IpSet("testIpSet", IpSetArgs.builder()        
            .scope("REGIONAL")
            .ipAddressVersion("IPV4")
            .addresses(            
                "1.1.1.1/32",
                "2.2.2.2/32")
            .build());

        var testRegexPatternSet = new RegexPatternSet("testRegexPatternSet", RegexPatternSetArgs.builder()        
            .scope("REGIONAL")
            .regularExpressions(RegexPatternSetRegularExpressionArgs.builder()
                .regexString("one")
                .build())
            .build());

        var example = new RuleGroup("example", RuleGroupArgs.builder()        
            .description("An rule group containing all statements")
            .scope("REGIONAL")
            .capacity(500)
            .rules(            
                RuleGroupRuleArgs.builder()
                    .name("rule-1")
                    .priority(1)
                    .action(RuleGroupRuleActionArgs.builder()
                        .block()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .notStatement(RuleGroupRuleStatementNotStatementArgs.builder()
                            .statements(RuleGroupRuleStatementNotStatementStatementArgs.builder()
                                .andStatement(RuleGroupRuleStatementNotStatementStatementAndStatementArgs.builder()
                                    .statements(                                    
                                        RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs.builder()
                                            .geoMatchStatement(RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs.builder()
                                                .countryCodes("US")
                                                .build())
                                            .build(),
                                        RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs.builder()
                                            .byteMatchStatement(RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs.builder()
                                                .positionalConstraint("CONTAINS")
                                                .searchString("word")
                                                .fieldToMatch(RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs.builder()
                                                    .allQueryArguments()
                                                    .build())
                                                .textTransformations(                                                
                                                    RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs.builder()
                                                        .priority(5)
                                                        .type("CMD_LINE")
                                                        .build(),
                                                    RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs.builder()
                                                        .priority(2)
                                                        .type("LOWERCASE")
                                                        .build())
                                                .build())
                                            .build())
                                    .build())
                                .build())
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("rule-1")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build(),
                RuleGroupRuleArgs.builder()
                    .name("rule-2")
                    .priority(2)
                    .action(RuleGroupRuleActionArgs.builder()
                        .count()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .orStatement(RuleGroupRuleStatementOrStatementArgs.builder()
                            .statements(                            
                                RuleGroupRuleStatementOrStatementStatementArgs.builder()
                                    .regexMatchStatement(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementArgs.builder()
                                        .regexString("a-z?")
                                        .fieldToMatch(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchArgs.builder()
                                            .singleHeader(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchSingleHeaderArgs.builder()
                                                .name("user-agent")
                                                .build())
                                            .build())
                                        .textTransformations(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementTextTransformationArgs.builder()
                                            .priority(6)
                                            .type("NONE")
                                            .build())
                                        .build())
                                    .build(),
                                RuleGroupRuleStatementOrStatementStatementArgs.builder()
                                    .sqliMatchStatement(RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs.builder()
                                        .fieldToMatch(RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs.builder()
                                            .body()
                                            .build())
                                        .textTransformations(                                        
                                            RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs.builder()
                                                .priority(5)
                                                .type("URL_DECODE")
                                                .build(),
                                            RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs.builder()
                                                .priority(4)
                                                .type("HTML_ENTITY_DECODE")
                                                .build(),
                                            RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs.builder()
                                                .priority(3)
                                                .type("COMPRESS_WHITE_SPACE")
                                                .build())
                                        .build())
                                    .build(),
                                RuleGroupRuleStatementOrStatementStatementArgs.builder()
                                    .xssMatchStatement(RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs.builder()
                                        .fieldToMatch(RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs.builder()
                                            .method()
                                            .build())
                                        .textTransformations(RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs.builder()
                                            .priority(2)
                                            .type("NONE")
                                            .build())
                                        .build())
                                    .build())
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("rule-2")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build(),
                RuleGroupRuleArgs.builder()
                    .name("rule-3")
                    .priority(3)
                    .action(RuleGroupRuleActionArgs.builder()
                        .block()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .sizeConstraintStatement(RuleGroupRuleStatementSizeConstraintStatementArgs.builder()
                            .comparisonOperator("GT")
                            .size(100)
                            .fieldToMatch(RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs.builder()
                                .singleQueryArgument(RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs.builder()
                                    .name("username")
                                    .build())
                                .build())
                            .textTransformations(RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs.builder()
                                .priority(5)
                                .type("NONE")
                                .build())
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("rule-3")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build(),
                RuleGroupRuleArgs.builder()
                    .name("rule-4")
                    .priority(4)
                    .action(RuleGroupRuleActionArgs.builder()
                        .block()
                        .build())
                    .statement(RuleGroupRuleStatementArgs.builder()
                        .orStatement(RuleGroupRuleStatementOrStatementArgs.builder()
                            .statements(                            
                                RuleGroupRuleStatementOrStatementStatementArgs.builder()
                                    .ipSetReferenceStatement(RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs.builder()
                                        .arn(testIpSet.arn())
                                        .build())
                                    .build(),
                                RuleGroupRuleStatementOrStatementStatementArgs.builder()
                                    .regexPatternSetReferenceStatement(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs.builder()
                                        .arn(testRegexPatternSet.arn())
                                        .fieldToMatch(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs.builder()
                                            .singleHeader(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs.builder()
                                                .name("referer")
                                                .build())
                                            .build())
                                        .textTransformations(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs.builder()
                                            .priority(2)
                                            .type("NONE")
                                            .build())
                                        .build())
                                    .build())
                            .build())
                        .build())
                    .visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
                        .cloudwatchMetricsEnabled(false)
                        .metricName("rule-4")
                        .sampledRequestsEnabled(false)
                        .build())
                    .build())
            .visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .tags(Map.ofEntries(
                Map.entry("Name", "example-and-statement"),
                Map.entry("Code", "123456")
            ))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

test_ip_set = aws.wafv2.IpSet("testIpSet",
    scope="REGIONAL",
    ip_address_version="IPV4",
    addresses=[
        "1.1.1.1/32",
        "2.2.2.2/32",
    ])
test_regex_pattern_set = aws.wafv2.RegexPatternSet("testRegexPatternSet",
    scope="REGIONAL",
    regular_expressions=[aws.wafv2.RegexPatternSetRegularExpressionArgs(
        regex_string="one",
    )])
example = aws.wafv2.RuleGroup("example",
    description="An rule group containing all statements",
    scope="REGIONAL",
    capacity=500,
    rules=[
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-1",
            priority=1,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                block=aws.wafv2.RuleGroupRuleActionBlockArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                not_statement=aws.wafv2.RuleGroupRuleStatementNotStatementArgs(
                    statements=[aws.wafv2.RuleGroupRuleStatementNotStatementStatementArgs(
                        and_statement=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementArgs(
                            statements=[
                                aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs(
                                    geo_match_statement=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs(
                                        country_codes=["US"],
                                    ),
                                ),
                                aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs(
                                    byte_match_statement=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs(
                                        positional_constraint="CONTAINS",
                                        search_string="word",
                                        field_to_match=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs(
                                            all_query_arguments=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArgumentsArgs(),
                                        ),
                                        text_transformations=[
                                            aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs(
                                                priority=5,
                                                type="CMD_LINE",
                                            ),
                                            aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs(
                                                priority=2,
                                                type="LOWERCASE",
                                            ),
                                        ],
                                    ),
                                ),
                            ],
                        ),
                    )],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="rule-1",
                sampled_requests_enabled=False,
            ),
        ),
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-2",
            priority=2,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                count=aws.wafv2.RuleGroupRuleActionCountArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                or_statement=aws.wafv2.RuleGroupRuleStatementOrStatementArgs(
                    statements=[
                        aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(
                            regex_match_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementArgs(
                                regex_string="a-z?",
                                field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchArgs(
                                    single_header=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchSingleHeaderArgs(
                                        name="user-agent",
                                    ),
                                ),
                                text_transformations=[aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexMatchStatementTextTransformationArgs(
                                    priority=6,
                                    type="NONE",
                                )],
                            ),
                        ),
                        aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(
                            sqli_match_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs(
                                field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs(
                                    body=aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBodyArgs(),
                                ),
                                text_transformations=[
                                    aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs(
                                        priority=5,
                                        type="URL_DECODE",
                                    ),
                                    aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs(
                                        priority=4,
                                        type="HTML_ENTITY_DECODE",
                                    ),
                                    aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs(
                                        priority=3,
                                        type="COMPRESS_WHITE_SPACE",
                                    ),
                                ],
                            ),
                        ),
                        aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(
                            xss_match_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs(
                                field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs(
                                    method=aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethodArgs(),
                                ),
                                text_transformations=[aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs(
                                    priority=2,
                                    type="NONE",
                                )],
                            ),
                        ),
                    ],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="rule-2",
                sampled_requests_enabled=False,
            ),
        ),
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-3",
            priority=3,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                block=aws.wafv2.RuleGroupRuleActionBlockArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                size_constraint_statement=aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementArgs(
                    comparison_operator="GT",
                    size=100,
                    field_to_match=aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs(
                        single_query_argument=aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs(
                            name="username",
                        ),
                    ),
                    text_transformations=[aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs(
                        priority=5,
                        type="NONE",
                    )],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="rule-3",
                sampled_requests_enabled=False,
            ),
        ),
        aws.wafv2.RuleGroupRuleArgs(
            name="rule-4",
            priority=4,
            action=aws.wafv2.RuleGroupRuleActionArgs(
                block=aws.wafv2.RuleGroupRuleActionBlockArgs(),
            ),
            statement=aws.wafv2.RuleGroupRuleStatementArgs(
                or_statement=aws.wafv2.RuleGroupRuleStatementOrStatementArgs(
                    statements=[
                        aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(
                            ip_set_reference_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs(
                                arn=test_ip_set.arn,
                            ),
                        ),
                        aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(
                            regex_pattern_set_reference_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs(
                                arn=test_regex_pattern_set.arn,
                                field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs(
                                    single_header=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs(
                                        name="referer",
                                    ),
                                ),
                                text_transformations=[aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs(
                                    priority=2,
                                    type="NONE",
                                )],
                            ),
                        ),
                    ],
                ),
            ),
            visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=False,
                metric_name="rule-4",
                sampled_requests_enabled=False,
            ),
        ),
    ],
    visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(
        cloudwatch_metrics_enabled=False,
        metric_name="friendly-metric-name",
        sampled_requests_enabled=False,
    ),
    tags={
        "Name": "example-and-statement",
        "Code": "123456",
    })
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const testIpSet = new aws.wafv2.IpSet("testIpSet", {
    scope: "REGIONAL",
    ipAddressVersion: "IPV4",
    addresses: [
        "1.1.1.1/32",
        "2.2.2.2/32",
    ],
});
const testRegexPatternSet = new aws.wafv2.RegexPatternSet("testRegexPatternSet", {
    scope: "REGIONAL",
    regularExpressions: [{
        regexString: "one",
    }],
});
const example = new aws.wafv2.RuleGroup("example", {
    description: "An rule group containing all statements",
    scope: "REGIONAL",
    capacity: 500,
    rules: [
        {
            name: "rule-1",
            priority: 1,
            action: {
                block: {},
            },
            statement: {
                notStatement: {
                    statements: [{
                        andStatement: {
                            statements: [
                                {
                                    geoMatchStatement: {
                                        countryCodes: ["US"],
                                    },
                                },
                                {
                                    byteMatchStatement: {
                                        positionalConstraint: "CONTAINS",
                                        searchString: "word",
                                        fieldToMatch: {
                                            allQueryArguments: {},
                                        },
                                        textTransformations: [
                                            {
                                                priority: 5,
                                                type: "CMD_LINE",
                                            },
                                            {
                                                priority: 2,
                                                type: "LOWERCASE",
                                            },
                                        ],
                                    },
                                },
                            ],
                        },
                    }],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "rule-1",
                sampledRequestsEnabled: false,
            },
        },
        {
            name: "rule-2",
            priority: 2,
            action: {
                count: {},
            },
            statement: {
                orStatement: {
                    statements: [
                        {
                            regexMatchStatement: {
                                regexString: "a-z?",
                                fieldToMatch: {
                                    singleHeader: {
                                        name: "user-agent",
                                    },
                                },
                                textTransformations: [{
                                    priority: 6,
                                    type: "NONE",
                                }],
                            },
                        },
                        {
                            sqliMatchStatement: {
                                fieldToMatch: {
                                    body: {},
                                },
                                textTransformations: [
                                    {
                                        priority: 5,
                                        type: "URL_DECODE",
                                    },
                                    {
                                        priority: 4,
                                        type: "HTML_ENTITY_DECODE",
                                    },
                                    {
                                        priority: 3,
                                        type: "COMPRESS_WHITE_SPACE",
                                    },
                                ],
                            },
                        },
                        {
                            xssMatchStatement: {
                                fieldToMatch: {
                                    method: {},
                                },
                                textTransformations: [{
                                    priority: 2,
                                    type: "NONE",
                                }],
                            },
                        },
                    ],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "rule-2",
                sampledRequestsEnabled: false,
            },
        },
        {
            name: "rule-3",
            priority: 3,
            action: {
                block: {},
            },
            statement: {
                sizeConstraintStatement: {
                    comparisonOperator: "GT",
                    size: 100,
                    fieldToMatch: {
                        singleQueryArgument: {
                            name: "username",
                        },
                    },
                    textTransformations: [{
                        priority: 5,
                        type: "NONE",
                    }],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "rule-3",
                sampledRequestsEnabled: false,
            },
        },
        {
            name: "rule-4",
            priority: 4,
            action: {
                block: {},
            },
            statement: {
                orStatement: {
                    statements: [
                        {
                            ipSetReferenceStatement: {
                                arn: testIpSet.arn,
                            },
                        },
                        {
                            regexPatternSetReferenceStatement: {
                                arn: testRegexPatternSet.arn,
                                fieldToMatch: {
                                    singleHeader: {
                                        name: "referer",
                                    },
                                },
                                textTransformations: [{
                                    priority: 2,
                                    type: "NONE",
                                }],
                            },
                        },
                    ],
                },
            },
            visibilityConfig: {
                cloudwatchMetricsEnabled: false,
                metricName: "rule-4",
                sampledRequestsEnabled: false,
            },
        },
    ],
    visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "friendly-metric-name",
        sampledRequestsEnabled: false,
    },
    tags: {
        Name: "example-and-statement",
        Code: "123456",
    },
});
resources:
  testIpSet:
    type: aws:wafv2:IpSet
    properties:
      scope: REGIONAL
      ipAddressVersion: IPV4
      addresses:
        - 1.1.1.1/32
        - 2.2.2.2/32
  testRegexPatternSet:
    type: aws:wafv2:RegexPatternSet
    properties:
      scope: REGIONAL
      regularExpressions:
        - regexString: one
  example:
    type: aws:wafv2:RuleGroup
    properties:
      description: An rule group containing all statements
      scope: REGIONAL
      capacity: 500
      rules:
        - name: rule-1
          priority: 1
          action:
            block: {}
          statement:
            notStatement:
              statements:
                - andStatement:
                    statements:
                      - geoMatchStatement:
                          countryCodes:
                            - US
                      - byteMatchStatement:
                          positionalConstraint: CONTAINS
                          searchString: word
                          fieldToMatch:
                            allQueryArguments: {}
                          textTransformations:
                            - priority: 5
                              type: CMD_LINE
                            - priority: 2
                              type: LOWERCASE
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: rule-1
            sampledRequestsEnabled: false
        - name: rule-2
          priority: 2
          action:
            count: {}
          statement:
            orStatement:
              statements:
                - regexMatchStatement:
                    regexString: a-z?
                    fieldToMatch:
                      singleHeader:
                        name: user-agent
                    textTransformations:
                      - priority: 6
                        type: NONE
                - sqliMatchStatement:
                    fieldToMatch:
                      body: {}
                    textTransformations:
                      - priority: 5
                        type: URL_DECODE
                      - priority: 4
                        type: HTML_ENTITY_DECODE
                      - priority: 3
                        type: COMPRESS_WHITE_SPACE
                - xssMatchStatement:
                    fieldToMatch:
                      method: {}
                    textTransformations:
                      - priority: 2
                        type: NONE
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: rule-2
            sampledRequestsEnabled: false
        - name: rule-3
          priority: 3
          action:
            block: {}
          statement:
            sizeConstraintStatement:
              comparisonOperator: GT
              size: 100
              fieldToMatch:
                singleQueryArgument:
                  name: username
              textTransformations:
                - priority: 5
                  type: NONE
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: rule-3
            sampledRequestsEnabled: false
        - name: rule-4
          priority: 4
          action:
            block: {}
          statement:
            orStatement:
              statements:
                - ipSetReferenceStatement:
                    arn: ${testIpSet.arn}
                - regexPatternSetReferenceStatement:
                    arn: ${testRegexPatternSet.arn}
                    fieldToMatch:
                      singleHeader:
                        name: referer
                    textTransformations:
                      - priority: 2
                        type: NONE
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: rule-4
            sampledRequestsEnabled: false
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false
      tags:
        Name: example-and-statement
        Code: '123456'

Create RuleGroup Resource

new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);
@overload
def RuleGroup(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              capacity: Optional[int] = None,
              custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
              description: Optional[str] = None,
              name: Optional[str] = None,
              rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
              scope: Optional[str] = None,
              tags: Optional[Mapping[str, str]] = None,
              visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None)
@overload
def RuleGroup(resource_name: str,
              args: RuleGroupArgs,
              opts: Optional[ResourceOptions] = None)
func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)
public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)
public RuleGroup(String name, RuleGroupArgs args)
public RuleGroup(String name, RuleGroupArgs args, CustomResourceOptions options)
type: aws:wafv2:RuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args RuleGroupArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

RuleGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RuleGroup resource accepts the following input properties:

Capacity int

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

VisibilityConfig Pulumi.Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

CustomResponseBodies List<Pulumi.Aws.WafV2.Inputs.RuleGroupCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

Description string

A friendly description of the rule group.

Name string

A friendly name of the rule group.

Rules List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleArgs>

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

Tags Dictionary<string, string>

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Capacity int

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

VisibilityConfig RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

CustomResponseBodies []RuleGroupCustomResponseBodyArgs

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

Description string

A friendly description of the rule group.

Name string

A friendly name of the rule group.

Rules []RuleGroupRuleArgs

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

Tags map[string]string

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity Integer

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibilityConfig RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

customResponseBodies List<RuleGroupCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description String

A friendly description of the rule group.

name String

A friendly name of the rule group.

rules List<RuleGroupRuleArgs>

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

tags Map<String,String>

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity number

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibilityConfig RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

customResponseBodies RuleGroupCustomResponseBodyArgs[]

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description string

A friendly description of the rule group.

name string

A friendly name of the rule group.

rules RuleGroupRuleArgs[]

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

tags {[key: string]: string}

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity int

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

scope str

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibility_config RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

custom_response_bodies Sequence[RuleGroupCustomResponseBodyArgs]

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description str

A friendly description of the rule group.

name str

A friendly name of the rule group.

rules Sequence[RuleGroupRuleArgs]

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

tags Mapping[str, str]

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

capacity Number

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

visibilityConfig Property Map

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

customResponseBodies List<Property Map>

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description String

A friendly description of the rule group.

name String

A friendly name of the rule group.

rules List<Property Map>

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

tags Map<String>

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Id string

The provider-assigned unique ID for this managed resource.

LockToken string
TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Id string

The provider-assigned unique ID for this managed resource.

LockToken string
TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

id String

The provider-assigned unique ID for this managed resource.

lockToken String
tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

id string

The provider-assigned unique ID for this managed resource.

lockToken string
tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

The Amazon Resource Name (ARN) of the IP Set that this statement references.

id str

The provider-assigned unique ID for this managed resource.

lock_token str
tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

id String

The provider-assigned unique ID for this managed resource.

lockToken String
tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing RuleGroup Resource

Get an existing RuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RuleGroupState, opts?: CustomResourceOptions): RuleGroup
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        capacity: Optional[int] = None,
        custom_response_bodies: Optional[Sequence[RuleGroupCustomResponseBodyArgs]] = None,
        description: Optional[str] = None,
        lock_token: Optional[str] = None,
        name: Optional[str] = None,
        rules: Optional[Sequence[RuleGroupRuleArgs]] = None,
        scope: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        visibility_config: Optional[RuleGroupVisibilityConfigArgs] = None) -> RuleGroup
func GetRuleGroup(ctx *Context, name string, id IDInput, state *RuleGroupState, opts ...ResourceOption) (*RuleGroup, error)
public static RuleGroup Get(string name, Input<string> id, RuleGroupState? state, CustomResourceOptions? opts = null)
public static RuleGroup get(String name, Output<String> id, RuleGroupState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Capacity int

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

CustomResponseBodies List<Pulumi.Aws.WafV2.Inputs.RuleGroupCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

Description string

A friendly description of the rule group.

LockToken string
Name string

A friendly name of the rule group.

Rules List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleArgs>

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

Tags Dictionary<string, string>

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VisibilityConfig Pulumi.Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Capacity int

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

CustomResponseBodies []RuleGroupCustomResponseBodyArgs

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

Description string

A friendly description of the rule group.

LockToken string
Name string

A friendly name of the rule group.

Rules []RuleGroupRuleArgs

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

Scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

Tags map[string]string

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VisibilityConfig RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity Integer

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

customResponseBodies List<RuleGroupCustomResponseBodyArgs>

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description String

A friendly description of the rule group.

lockToken String
name String

A friendly name of the rule group.

rules List<RuleGroupRuleArgs>

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags Map<String,String>

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

visibilityConfig RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity number

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

customResponseBodies RuleGroupCustomResponseBodyArgs[]

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description string

A friendly description of the rule group.

lockToken string
name string

A friendly name of the rule group.

rules RuleGroupRuleArgs[]

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

scope string

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags {[key: string]: string}

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

visibilityConfig RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn str

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity int

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

custom_response_bodies Sequence[RuleGroupCustomResponseBodyArgs]

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description str

A friendly description of the rule group.

lock_token str
name str

A friendly name of the rule group.

rules Sequence[RuleGroupRuleArgs]

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

scope str

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags Mapping[str, str]

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

visibility_config RuleGroupVisibilityConfigArgs

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

capacity Number

The web ACL capacity units (WCUs) required for this rule group. See here for general information and here for capacity specific information.

customResponseBodies List<Property Map>

Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.

description String

A friendly description of the rule group.

lockToken String
name String

A friendly name of the rule group.

rules List<Property Map>

The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.

scope String

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

tags Map<String>

An array of key:value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

visibilityConfig Property Map

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

Supporting Types

RuleGroupCustomResponseBody

Content string

The payload of the custom response.

ContentType string

The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

Key string

A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

Content string

The payload of the custom response.

ContentType string

The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

Key string

A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content String

The payload of the custom response.

contentType String

The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key String

A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content string

The payload of the custom response.

contentType string

The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key string

A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content str

The payload of the custom response.

content_type str

The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key str

A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

content String

The payload of the custom response.

contentType String

The type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

key String

A unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the Custom Response block.

RuleGroupRule

Action Pulumi.Aws.WafV2.Inputs.RuleGroupRuleAction

The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.

Name string

A friendly name of the rule.

Priority int

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

Statement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.

VisibilityConfig Pulumi.Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

RuleLabels List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleRuleLabel>

Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

Action RuleGroupRuleAction

The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.

Name string

A friendly name of the rule.

Priority int

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

Statement RuleGroupRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.

VisibilityConfig RuleGroupRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

RuleLabels []RuleGroupRuleRuleLabel

Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action RuleGroupRuleAction

The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.

name String

A friendly name of the rule.

priority Integer

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement RuleGroupRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.

visibilityConfig RuleGroupRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

ruleLabels List<RuleGroupRuleRuleLabel>

Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action RuleGroupRuleAction

The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.

name string

A friendly name of the rule.

priority number

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement RuleGroupRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.

visibilityConfig RuleGroupRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

ruleLabels RuleGroupRuleRuleLabel[]

Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action RuleGroupRuleAction

The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.

name str

A friendly name of the rule.

priority int

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement RuleGroupRuleStatement

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.

visibility_config RuleGroupRuleVisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

rule_labels Sequence[RuleGroupRuleRuleLabel]

Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

action Property Map

The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the aws.wafv2.WebAcl level can override the rule action setting. See Action below for details.

name String

A friendly name of the rule.

priority Number

If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

statement Property Map

The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See Statement below for details.

visibilityConfig Property Map

Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.

ruleLabels List<Property Map>

Labels to apply to web requests that match the rule match statement. See Rule Label below for details.

RuleGroupRuleAction

Allow Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionAllow

Instructs AWS WAF to allow the web request. See Allow below for details.

Block Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionBlock

Instructs AWS WAF to block the web request. See Block below for details.

Captcha Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionCaptcha

Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.

Count Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionCount

Instructs AWS WAF to count the web request and allow it. See Count below for details.

Allow RuleGroupRuleActionAllow

Instructs AWS WAF to allow the web request. See Allow below for details.

Block RuleGroupRuleActionBlock

Instructs AWS WAF to block the web request. See Block below for details.

Captcha RuleGroupRuleActionCaptcha

Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.

Count RuleGroupRuleActionCount

Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow RuleGroupRuleActionAllow

Instructs AWS WAF to allow the web request. See Allow below for details.

block RuleGroupRuleActionBlock

Instructs AWS WAF to block the web request. See Block below for details.

captcha RuleGroupRuleActionCaptcha

Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.

count RuleGroupRuleActionCount

Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow RuleGroupRuleActionAllow

Instructs AWS WAF to allow the web request. See Allow below for details.

block RuleGroupRuleActionBlock

Instructs AWS WAF to block the web request. See Block below for details.

captcha RuleGroupRuleActionCaptcha

Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.

count RuleGroupRuleActionCount

Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow RuleGroupRuleActionAllow

Instructs AWS WAF to allow the web request. See Allow below for details.

block RuleGroupRuleActionBlock

Instructs AWS WAF to block the web request. See Block below for details.

captcha RuleGroupRuleActionCaptcha

Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.

count RuleGroupRuleActionCount

Instructs AWS WAF to count the web request and allow it. See Count below for details.

allow Property Map

Instructs AWS WAF to allow the web request. See Allow below for details.

block Property Map

Instructs AWS WAF to block the web request. See Block below for details.

captcha Property Map

Instructs AWS WAF to run a CAPTCHA check against the web request. See Captcha below for details.

count Property Map

Instructs AWS WAF to count the web request and allow it. See Count below for details.

RuleGroupRuleActionAllow

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionAllowCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionAllowCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

name string

A friendly name of the rule group.

value string

The value of the custom header.

name str

A friendly name of the rule group.

value str

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

RuleGroupRuleActionBlock

CustomResponse Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionBlockCustomResponse

Defines a custom response for the web request. See Custom Response below for details.

CustomResponse RuleGroupRuleActionBlockCustomResponse

Defines a custom response for the web request. See Custom Response below for details.

customResponse RuleGroupRuleActionBlockCustomResponse

Defines a custom response for the web request. See Custom Response below for details.

customResponse RuleGroupRuleActionBlockCustomResponse

Defines a custom response for the web request. See Custom Response below for details.

custom_response RuleGroupRuleActionBlockCustomResponse

Defines a custom response for the web request. See Custom Response below for details.

customResponse Property Map

Defines a custom response for the web request. See Custom Response below for details.

RuleGroupRuleActionBlockCustomResponse

ResponseCode int

The HTTP status code to return to the client.

CustomResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

ResponseHeaders List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionBlockCustomResponseResponseHeader>

The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

ResponseCode int

The HTTP status code to return to the client.

CustomResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

ResponseHeaders []RuleGroupRuleActionBlockCustomResponseResponseHeader

The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

responseCode Integer

The HTTP status code to return to the client.

customResponseBodyKey String

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders List<RuleGroupRuleActionBlockCustomResponseResponseHeader>

The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

responseCode number

The HTTP status code to return to the client.

customResponseBodyKey string

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders RuleGroupRuleActionBlockCustomResponseResponseHeader[]

The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

response_code int

The HTTP status code to return to the client.

custom_response_body_key str

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

response_headers Sequence[RuleGroupRuleActionBlockCustomResponseResponseHeader]

The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

responseCode Number

The HTTP status code to return to the client.

customResponseBodyKey String

References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

responseHeaders List<Property Map>

The response_header blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.

RuleGroupRuleActionBlockCustomResponseResponseHeader

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

name string

A friendly name of the rule group.

value string

The value of the custom header.

name str

A friendly name of the rule group.

value str

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

RuleGroupRuleActionCaptcha

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionCaptchaCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionCaptchaCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionCaptchaCustomRequestHandlingInsertHeader

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

name string

A friendly name of the rule group.

value string

The value of the custom header.

name str

A friendly name of the rule group.

value str

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

RuleGroupRuleActionCount

CustomRequestHandling Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

CustomRequestHandling RuleGroupRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling RuleGroupRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

custom_request_handling RuleGroupRuleActionCountCustomRequestHandling

Defines custom handling for the web request. See Custom Request Handling below for details.

customRequestHandling Property Map

Defines custom handling for the web request. See Custom Request Handling below for details.

RuleGroupRuleActionCountCustomRequestHandling

InsertHeaders List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleActionCountCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

InsertHeaders []RuleGroupRuleActionCountCustomRequestHandlingInsertHeader

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<RuleGroupRuleActionCountCustomRequestHandlingInsertHeader>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders RuleGroupRuleActionCountCustomRequestHandlingInsertHeader[]

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insert_headers Sequence[RuleGroupRuleActionCountCustomRequestHandlingInsertHeader]

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

insertHeaders List<Property Map>

The insert_header blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.

RuleGroupRuleActionCountCustomRequestHandlingInsertHeader

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

Name string

A friendly name of the rule group.

Value string

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

name string

A friendly name of the rule group.

value string

The value of the custom header.

name str

A friendly name of the rule group.

value str

The value of the custom header.

name String

A friendly name of the rule group.

value String

The value of the custom header.

RuleGroupRuleRuleLabel

Name string

The label string.

Name string

The label string.

name String

The label string.

name string

The label string.

name str

The label string.

name String

The label string.

RuleGroupRuleStatement

AndStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

NotStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

OrStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

RateBasedStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementRateBasedStatement

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

AndStatement RuleGroupRuleStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

ByteMatchStatement RuleGroupRuleStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

GeoMatchStatement RuleGroupRuleStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

IpSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement RuleGroupRuleStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

NotStatement RuleGroupRuleStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

OrStatement RuleGroupRuleStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

RateBasedStatement RuleGroupRuleStatementRateBasedStatement

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.

RegexMatchStatement RuleGroupRuleStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

RegexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

SqliMatchStatement RuleGroupRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

XssMatchStatement RuleGroupRuleStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byteMatchStatement RuleGroupRuleStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement RuleGroupRuleStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement RuleGroupRuleStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

notStatement RuleGroupRuleStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

orStatement RuleGroupRuleStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

rateBasedStatement RuleGroupRuleStatementRateBasedStatement

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.

regexMatchStatement RuleGroupRuleStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement RuleGroupRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement RuleGroupRuleStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byteMatchStatement RuleGroupRuleStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement RuleGroupRuleStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement RuleGroupRuleStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement RuleGroupRuleStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

notStatement RuleGroupRuleStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

orStatement RuleGroupRuleStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

rateBasedStatement RuleGroupRuleStatementRateBasedStatement

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.

regexMatchStatement RuleGroupRuleStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement RuleGroupRuleStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement RuleGroupRuleStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement RuleGroupRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement RuleGroupRuleStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

and_statement RuleGroupRuleStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byte_match_statement RuleGroupRuleStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geo_match_statement RuleGroupRuleStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ip_set_reference_statement RuleGroupRuleStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement RuleGroupRuleStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

not_statement RuleGroupRuleStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

or_statement RuleGroupRuleStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

rate_based_statement RuleGroupRuleStatementRateBasedStatement

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.

regex_match_statement RuleGroupRuleStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regex_pattern_set_reference_statement RuleGroupRuleStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

size_constraint_statement RuleGroupRuleStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqli_match_statement RuleGroupRuleStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xss_match_statement RuleGroupRuleStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement Property Map

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byteMatchStatement Property Map

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement Property Map

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement Property Map

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

notStatement Property Map

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

orStatement Property Map

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

rateBasedStatement Property Map

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See Rate Based Statement below for details.

regexMatchStatement Property Map

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement Property Map

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement Property Map

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement Property Map

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

RuleGroupRuleStatementAndStatement

Statements List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatement>

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

Statements []RuleGroupRuleStatementAndStatementStatement

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements List<RuleGroupRuleStatementAndStatementStatement>

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements RuleGroupRuleStatementAndStatementStatement[]

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements Sequence[RuleGroupRuleStatementAndStatementStatement]

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements List<Property Map>

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

RuleGroupRuleStatementAndStatementStatement

AndStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

NotStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

OrStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

AndStatement RuleGroupRuleStatementAndStatementStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

ByteMatchStatement RuleGroupRuleStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

GeoMatchStatement RuleGroupRuleStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

IpSetReferenceStatement RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement RuleGroupRuleStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

NotStatement RuleGroupRuleStatementAndStatementStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

OrStatement RuleGroupRuleStatementAndStatementStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

RegexMatchStatement RuleGroupRuleStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

RegexPatternSetReferenceStatement RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

SqliMatchStatement RuleGroupRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

XssMatchStatement RuleGroupRuleStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementAndStatementStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byteMatchStatement RuleGroupRuleStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement RuleGroupRuleStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement RuleGroupRuleStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

notStatement RuleGroupRuleStatementAndStatementStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

orStatement RuleGroupRuleStatementAndStatementStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

regexMatchStatement RuleGroupRuleStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement RuleGroupRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement RuleGroupRuleStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement RuleGroupRuleStatementAndStatementStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byteMatchStatement RuleGroupRuleStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement RuleGroupRuleStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement RuleGroupRuleStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

notStatement RuleGroupRuleStatementAndStatementStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

orStatement RuleGroupRuleStatementAndStatementStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

regexMatchStatement RuleGroupRuleStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement RuleGroupRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement RuleGroupRuleStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

and_statement RuleGroupRuleStatementAndStatementStatementAndStatement

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byte_match_statement RuleGroupRuleStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geo_match_statement RuleGroupRuleStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ip_set_reference_statement RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement RuleGroupRuleStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

not_statement RuleGroupRuleStatementAndStatementStatementNotStatement

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

or_statement RuleGroupRuleStatementAndStatementStatementOrStatement

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

regex_match_statement RuleGroupRuleStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regex_pattern_set_reference_statement RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

size_constraint_statement RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqli_match_statement RuleGroupRuleStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xss_match_statement RuleGroupRuleStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

andStatement Property Map

A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.

byteMatchStatement Property Map

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement Property Map

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement Property Map

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

notStatement Property Map

A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.

orStatement Property Map

A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.

regexMatchStatement Property Map

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement Property Map

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement Property Map

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement Property Map

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

RuleGroupRuleStatementAndStatementStatementAndStatement

Statements List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatement>

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

Statements []RuleGroupRuleStatementAndStatementStatementAndStatementStatement

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements List<RuleGroupRuleStatementAndStatementStatementAndStatementStatement>

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements RuleGroupRuleStatementAndStatementStatementAndStatementStatement[]

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatement]

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

statements List<Property Map>

The statements to combine with AND logic. You can use any statements that can be nested. See Statement above for details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatement

ByteMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

GeoMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

RegexMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

SqliMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

XssMatchStatement Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

ByteMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

GeoMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

IpSetReferenceStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

LabelMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

RegexMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

RegexPatternSetReferenceStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

SizeConstraintStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

SqliMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

XssMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

byteMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

regexMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

byteMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

regexMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

byte_match_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geo_match_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ip_set_reference_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

label_match_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

regex_match_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regex_pattern_set_reference_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

size_constraint_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqli_match_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xss_match_statement RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

byteMatchStatement Property Map

A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.

geoMatchStatement Property Map

A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.

ipSetReferenceStatement Property Map

A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.

labelMatchStatement Property Map

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See Label Match Statement below for details.

regexMatchStatement Property Map

A rule statement used to search web request components for a match against a single regular expression. See Regex Match Statement below for details.

regexPatternSetReferenceStatement Property Map

A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.

sizeConstraintStatement Property Map

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.

sqliMatchStatement Property Map

An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.

xssMatchStatement Property Map

A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement

PositionalConstraint string

The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

SearchString string

A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

TextTransformations List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

FieldToMatch Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

PositionalConstraint string

The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

SearchString string

A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

TextTransformations []RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

FieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint String

The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

searchString String

A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

textTransformations List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint string

The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

searchString string

A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

textTransformations RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation[]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positional_constraint str

The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

search_string str

A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

text_transformations Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

field_to_match RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

positionalConstraint String

The area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

searchString String

A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

textTransformations List<Property Map>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch Property Map

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch

AllQueryArguments Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

Cookies Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

Headers List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader>

Inspect the request headers. See Headers below for details.

JsonBody Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

Method Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

SingleQueryArgument Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

UriPath Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

Cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

Headers []RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader

Inspect the request headers. See Headers below for details.

JsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

Method RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

SingleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

UriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader>

Inspect the request headers. See Headers below for details.

jsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

singleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader[]

Inspect the request headers. See Headers below for details.

jsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

singleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader]

Inspect the request headers. See Headers below for details.

json_body RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

query_string RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

single_header RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

single_query_argument RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uri_path RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map

Inspect all query arguments.

body Property Map

Inspect the request body, which immediately follows the request headers.

cookies Property Map

Inspect the cookies in the web request. See Cookies below for details.

headers List<Property Map>

Inspect the request headers. See Headers below for details.

jsonBody Property Map

Inspect the request body as JSON. See JSON Body for details.

method Property Map

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString Property Map

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader Property Map

Inspect a single header. See Single Header below for details.

singleQueryArgument Property Map

Inspect a single query argument. See Single Query Argument below for details.

uriPath Property Map

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies

MatchPatterns List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

match_scope str

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversize_handling str

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern

all Property Map

An empty configuration block that is used for inspecting all headers.

excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader

MatchPattern Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

MatchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

MatchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope String

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

match_scope str

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversize_handling str

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope String

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern

All Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

ExcludedHeaders List<string>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

IncludedHeaders List<string>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

ExcludedHeaders []string

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

IncludedHeaders []string

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excludedHeaders List<String>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders List<String>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excludedHeaders string[]

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders string[]

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excluded_headers Sequence[str]

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

included_headers Sequence[str]

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map

An empty configuration block that is used for inspecting all headers.

excludedHeaders List<String>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders List<String>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody

MatchPattern Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

MatchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

InvalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

OversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

MatchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

InvalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

OversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope String

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior String

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling String

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

match_scope str

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalid_fallback_behavior str

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversize_handling str

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope String

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior String

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling String

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

all Property Map

An empty configuration block that is used for inspecting all headers.

includedPaths List<String>

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name str

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name str

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation

Priority int

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

Type string

The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

Type string

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type String

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type string

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type str

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type String

The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement

CountryCodes List<string>

An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

ForwardedIpConfig Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

CountryCodes []string

An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

ForwardedIpConfig RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes List<String>

An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwardedIpConfig RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes string[]

An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwardedIpConfig RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

country_codes Sequence[str]

An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwarded_ip_config RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

countryCodes List<String>

An array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

forwardedIpConfig Property Map

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig

FallbackBehavior string

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

The name of the HTTP header to use for the IP address.

FallbackBehavior string

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

The name of the HTTP header to use for the IP address.

fallbackBehavior String

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

The name of the HTTP header to use for the IP address.

fallbackBehavior string

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName string

The name of the HTTP header to use for the IP address.

fallback_behavior str

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

header_name str

The name of the HTTP header to use for the IP address.

fallbackBehavior String

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

The name of the HTTP header to use for the IP address.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

IpSetForwardedIpConfig Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

Arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

IpSetForwardedIpConfig RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ipSetForwardedIpConfig RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn string

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ipSetForwardedIpConfig RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn str

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ip_set_forwarded_ip_config RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

arn String

The Amazon Resource Name (ARN) of the IP Set that this statement references.

ipSetForwardedIpConfig Property Map

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig

FallbackBehavior string

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

The name of the HTTP header to use for the IP address.

Position string

The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

FallbackBehavior string

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

HeaderName string

The name of the HTTP header to use for the IP address.

Position string

The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

The name of the HTTP header to use for the IP address.

position String

The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior string

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName string

The name of the HTTP header to use for the IP address.

position string

The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallback_behavior str

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

header_name str

The name of the HTTP header to use for the IP address.

position str

The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

headerName String

The name of the HTTP header to use for the IP address.

position String

The position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementLabelMatchStatement

Key string

The string to match against.

Scope string

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

Key string

The string to match against.

Scope string

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String

The string to match against.

scope String

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key string

The string to match against.

scope string

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key str

The string to match against.

scope str

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String

The string to match against.

scope String

Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatement

RegexString string

The string representing the regular expression. Minimum of 1 and maximum of 512 characters.

TextTransformations List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

FieldToMatch Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RegexString string

The string representing the regular expression. Minimum of 1 and maximum of 512 characters.

TextTransformations []RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

FieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString String

The string representing the regular expression. Minimum of 1 and maximum of 512 characters.

textTransformations List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString string

The string representing the regular expression. Minimum of 1 and maximum of 512 characters.

textTransformations RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation[]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regex_string str

The string representing the regular expression. Minimum of 1 and maximum of 512 characters.

text_transformations Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

field_to_match RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

regexString String

The string representing the regular expression. Minimum of 1 and maximum of 512 characters.

textTransformations List<Property Map>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch Property Map

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch

AllQueryArguments Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

Cookies Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

Headers List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader>

Inspect the request headers. See Headers below for details.

JsonBody Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

Method Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

SingleQueryArgument Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

UriPath Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

Cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

Headers []RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader

Inspect the request headers. See Headers below for details.

JsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

Method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

SingleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

UriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader>

Inspect the request headers. See Headers below for details.

jsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

singleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader[]

Inspect the request headers. See Headers below for details.

jsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

singleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader]

Inspect the request headers. See Headers below for details.

json_body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

query_string RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

single_header RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

single_query_argument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uri_path RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map

Inspect all query arguments.

body Property Map

Inspect the request body, which immediately follows the request headers.

cookies Property Map

Inspect the cookies in the web request. See Cookies below for details.

headers List<Property Map>

Inspect the request headers. See Headers below for details.

jsonBody Property Map

Inspect the request body as JSON. See JSON Body for details.

method Property Map

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString Property Map

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader Property Map

Inspect a single header. See Single Header below for details.

singleQueryArgument Property Map

Inspect a single query argument. See Single Query Argument below for details.

uriPath Property Map

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchBody

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookies

MatchPatterns List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookiesMatchPattern

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

match_scope str

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversize_handling str

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchCookiesMatchPattern

all Property Map

An empty configuration block that is used for inspecting all headers.

excludedCookies List<String>
includedCookies List<String>

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeader

MatchPattern Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

MatchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

MatchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope String

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope string

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPattern

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

match_scope str

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversize_handling str

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map

The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

matchScope String

The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPattern

All Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

ExcludedHeaders List<string>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

IncludedHeaders List<string>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

ExcludedHeaders []string

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

IncludedHeaders []string

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excludedHeaders List<String>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders List<String>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excludedHeaders string[]

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders string[]

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll

An empty configuration block that is used for inspecting all headers.

excluded_headers Sequence[str]

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

included_headers Sequence[str]

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map

An empty configuration block that is used for inspecting all headers.

excludedHeaders List<String>

An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

includedHeaders List<String>

An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBody

MatchPattern Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

MatchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

InvalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

OversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

MatchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

InvalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

OversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope String

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior String

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling String

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope string

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior string

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling string

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

match_scope str

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalid_fallback_behavior str

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversize_handling str

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map

The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

matchScope String

The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

invalidFallbackBehavior String

What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

oversizeHandling String

What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern

all Property Map

An empty configuration block that is used for inspecting all headers.

includedPaths List<String>

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleHeader

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name str

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatchSingleQueryArgument

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

Name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

name string

The name of the query header to inspect. This setting must be provided as lower case characters.

name str

The name of the query header to inspect. This setting must be provided as lower case characters.

name String

The name of the query header to inspect. This setting must be provided as lower case characters.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexMatchStatementTextTransformation

Priority int

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

Type string

The transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

Type string

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type String

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority number

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type string

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority int

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type str

The transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number

The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

type String

The transformation to apply, please refer to the Text Transformation documentation for more details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement

Arn string

The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.

TextTransformations List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

FieldToMatch Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

Arn string

The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.

TextTransformations []RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

FieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn String

The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.

textTransformations List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn string

The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.

textTransformations RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation[]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn str

The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.

text_transformations Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation]

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

field_to_match RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

arn String

The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.

textTransformations List<Property Map>

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See Text Transformation below for details.

fieldToMatch Property Map

The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch

AllQueryArguments Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

Cookies Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

Headers List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchHeader>

Inspect the request headers. See Headers below for details.

JsonBody Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

Method Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

SingleQueryArgument Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

UriPath Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

Body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

Cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

Headers []RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchHeader

Inspect the request headers. See Headers below for details.

JsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

Method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

QueryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

SingleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

SingleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

UriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchHeader>

Inspect the request headers. See Headers below for details.

jsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

singleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]

Inspect the request headers. See Headers below for details.

jsonBody RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

singleQueryArgument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uriPath RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments

Inspect all query arguments.

body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody

Inspect the request body, which immediately follows the request headers.

cookies RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookies

Inspect the cookies in the web request. See Cookies below for details.

headers Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchHeader]

Inspect the request headers. See Headers below for details.

json_body RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody

Inspect the request body as JSON. See JSON Body for details.

method RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

query_string RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

single_header RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader

Inspect a single header. See Single Header below for details.

single_query_argument RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument

Inspect a single query argument. See Single Query Argument below for details.

uri_path RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map

Inspect all query arguments.

body Property Map

Inspect the request body, which immediately follows the request headers.

cookies Property Map

Inspect the cookies in the web request. See Cookies below for details.

headers List<Property Map>

Inspect the request headers. See Headers below for details.

jsonBody Property Map

Inspect the request body as JSON. See JSON Body for details.

method Property Map

Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

queryString Property Map

Inspect the query string. This is the part of a URL that appears after a ? character, if any.

singleHeader Property Map

Inspect a single header. See Single Header below for details.

singleQueryArgument Property Map

Inspect a single query argument. See Single Query Argument below for details.

uriPath Property Map

Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String

Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookies

MatchPatterns List<Pulumi.Aws.WafV2.Inputs.RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

MatchPatterns []RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

MatchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

OversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope string

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling string

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

match_patterns Sequence[RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

match_scope str

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversize_handling str

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

matchPatterns List<Property Map>

The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

matchScope String

The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

oversizeHandling String

What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH

RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern