1. Packages
  2. AWS Classic
  3. API Docs
  4. wafv2
  5. WebAcl

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

aws.wafv2.WebAcl

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

    Create WebAcl Resource

    new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
    @overload
    def WebAcl(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               association_config: Optional[WebAclAssociationConfigArgs] = None,
               captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
               custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
               default_action: Optional[WebAclDefaultActionArgs] = None,
               description: Optional[str] = None,
               name: Optional[str] = None,
               rules: Optional[Sequence[WebAclRuleArgs]] = None,
               scope: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None,
               token_domains: Optional[Sequence[str]] = None,
               visibility_config: Optional[WebAclVisibilityConfigArgs] = None)
    @overload
    def WebAcl(resource_name: str,
               args: WebAclArgs,
               opts: Optional[ResourceOptions] = None)
    func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
    public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
    public WebAcl(String name, WebAclArgs args)
    public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
    
    type: aws:wafv2:WebAcl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args WebAclArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    WebAcl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The WebAcl resource accepts the following input properties:

    DefaultAction Pulumi.Aws.WafV2.Inputs.WebAclDefaultAction

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    Scope string

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    VisibilityConfig Pulumi.Aws.WafV2.Inputs.WebAclVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    AssociationConfig Pulumi.Aws.WafV2.Inputs.WebAclAssociationConfig

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    CaptchaConfig Pulumi.Aws.WafV2.Inputs.WebAclCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    CustomResponseBodies List<Pulumi.Aws.WafV2.Inputs.WebAclCustomResponseBody>

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    Description string

    Friendly description of the WebACL.

    Name string

    Friendly name of the WebACL.

    Rules List<Pulumi.Aws.WafV2.Inputs.WebAclRule>

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    Tags Dictionary<string, string>

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TokenDomains List<string>

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    DefaultAction WebAclDefaultActionArgs

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    Scope string

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    VisibilityConfig WebAclVisibilityConfigArgs

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    AssociationConfig WebAclAssociationConfigArgs

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    CaptchaConfig WebAclCaptchaConfigArgs

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    CustomResponseBodies []WebAclCustomResponseBodyArgs

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    Description string

    Friendly description of the WebACL.

    Name string

    Friendly name of the WebACL.

    Rules []WebAclRuleArgs

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    Tags map[string]string

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TokenDomains []string

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    defaultAction WebAclDefaultAction

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    scope String

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    visibilityConfig WebAclVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    associationConfig WebAclAssociationConfig

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    captchaConfig WebAclCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    customResponseBodies List<WebAclCustomResponseBody>

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    description String

    Friendly description of the WebACL.

    name String

    Friendly name of the WebACL.

    rules List<WebAclRule>

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    tags Map<String,String>

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tokenDomains List<String>

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    defaultAction WebAclDefaultAction

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    scope string

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    visibilityConfig WebAclVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    associationConfig WebAclAssociationConfig

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    captchaConfig WebAclCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    customResponseBodies WebAclCustomResponseBody[]

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    description string

    Friendly description of the WebACL.

    name string

    Friendly name of the WebACL.

    rules WebAclRule[]

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    tags {[key: string]: string}

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tokenDomains string[]

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    default_action WebAclDefaultActionArgs

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    scope str

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    visibility_config WebAclVisibilityConfigArgs

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    association_config WebAclAssociationConfigArgs

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    captcha_config WebAclCaptchaConfigArgs

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    description str

    Friendly description of the WebACL.

    name str

    Friendly name of the WebACL.

    rules Sequence[WebAclRuleArgs]

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    tags Mapping[str, str]

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    token_domains Sequence[str]

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    defaultAction Property Map

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    scope String

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    visibilityConfig Property Map

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    associationConfig Property Map

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    captchaConfig Property Map

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    customResponseBodies List<Property Map>

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    description String

    Friendly description of the WebACL.

    name String

    Friendly name of the WebACL.

    rules List<Property Map>

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    tags Map<String>

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tokenDomains List<String>

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

    Arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    Capacity int

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    Id string

    The provider-assigned unique ID for this managed resource.

    LockToken string
    TagsAll Dictionary<string, string>

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    Capacity int

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    Id string

    The provider-assigned unique ID for this managed resource.

    LockToken string
    TagsAll map[string]string

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn String

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    capacity Integer

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    id String

    The provider-assigned unique ID for this managed resource.

    lockToken String
    tagsAll Map<String,String>

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    capacity number

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    id string

    The provider-assigned unique ID for this managed resource.

    lockToken string
    tagsAll {[key: string]: string}

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn str

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    capacity int

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    id str

    The provider-assigned unique ID for this managed resource.

    lock_token str
    tags_all Mapping[str, str]

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn String

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    capacity Number

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    id String

    The provider-assigned unique ID for this managed resource.

    lockToken String
    tagsAll Map<String>

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Look up Existing WebAcl Resource

    Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            association_config: Optional[WebAclAssociationConfigArgs] = None,
            capacity: Optional[int] = None,
            captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
            custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
            default_action: Optional[WebAclDefaultActionArgs] = None,
            description: Optional[str] = None,
            lock_token: Optional[str] = None,
            name: Optional[str] = None,
            rules: Optional[Sequence[WebAclRuleArgs]] = None,
            scope: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            token_domains: Optional[Sequence[str]] = None,
            visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAcl
    func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
    public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
    public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    AssociationConfig Pulumi.Aws.WafV2.Inputs.WebAclAssociationConfig

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    Capacity int

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    CaptchaConfig Pulumi.Aws.WafV2.Inputs.WebAclCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    CustomResponseBodies List<Pulumi.Aws.WafV2.Inputs.WebAclCustomResponseBody>

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    DefaultAction Pulumi.Aws.WafV2.Inputs.WebAclDefaultAction

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    Description string

    Friendly description of the WebACL.

    LockToken string
    Name string

    Friendly name of the WebACL.

    Rules List<Pulumi.Aws.WafV2.Inputs.WebAclRule>

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    Scope string

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    Tags Dictionary<string, string>

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll Dictionary<string, string>

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    TokenDomains List<string>

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    VisibilityConfig Pulumi.Aws.WafV2.Inputs.WebAclVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    Arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    AssociationConfig WebAclAssociationConfigArgs

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    Capacity int

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    CaptchaConfig WebAclCaptchaConfigArgs

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    CustomResponseBodies []WebAclCustomResponseBodyArgs

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    DefaultAction WebAclDefaultActionArgs

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    Description string

    Friendly description of the WebACL.

    LockToken string
    Name string

    Friendly name of the WebACL.

    Rules []WebAclRuleArgs

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    Scope string

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    Tags map[string]string

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll map[string]string

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    TokenDomains []string

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    VisibilityConfig WebAclVisibilityConfigArgs

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    arn String

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    associationConfig WebAclAssociationConfig

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    capacity Integer

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    captchaConfig WebAclCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    customResponseBodies List<WebAclCustomResponseBody>

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    defaultAction WebAclDefaultAction

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    description String

    Friendly description of the WebACL.

    lockToken String
    name String

    Friendly name of the WebACL.

    rules List<WebAclRule>

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    scope String

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    tags Map<String,String>

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String,String>

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    tokenDomains List<String>

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    visibilityConfig WebAclVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    associationConfig WebAclAssociationConfig

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    capacity number

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    captchaConfig WebAclCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    customResponseBodies WebAclCustomResponseBody[]

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    defaultAction WebAclDefaultAction

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    description string

    Friendly description of the WebACL.

    lockToken string
    name string

    Friendly name of the WebACL.

    rules WebAclRule[]

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    scope string

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    tags {[key: string]: string}

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll {[key: string]: string}

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    tokenDomains string[]

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    visibilityConfig WebAclVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    arn str

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    association_config WebAclAssociationConfigArgs

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    capacity int

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    captcha_config WebAclCaptchaConfigArgs

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    default_action WebAclDefaultActionArgs

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    description str

    Friendly description of the WebACL.

    lock_token str
    name str

    Friendly name of the WebACL.

    rules Sequence[WebAclRuleArgs]

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    scope str

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    tags Mapping[str, str]

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tags_all Mapping[str, str]

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    token_domains Sequence[str]

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    visibility_config WebAclVisibilityConfigArgs

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    arn String

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    associationConfig Property Map

    Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

    capacity Number

    Web ACL capacity units (WCUs) currently being used by this web ACL.

    captchaConfig Property Map

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    customResponseBodies List<Property Map>

    Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

    defaultAction Property Map

    Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

    description String

    Friendly description of the WebACL.

    lockToken String
    name String

    Friendly name of the WebACL.

    rules List<Property Map>

    Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

    scope String

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

    tags Map<String>

    Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String>

    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    tokenDomains List<String>

    Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

    visibilityConfig Property Map

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    Supporting Types

    Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

    WebAclAssociationConfig, WebAclAssociationConfigArgs

    RequestBodies List<Pulumi.Aws.WafV2.Inputs.WebAclAssociationConfigRequestBody>

    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    RequestBodies []WebAclAssociationConfigRequestBody

    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    requestBodies List<WebAclAssociationConfigRequestBody>

    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    requestBodies WebAclAssociationConfigRequestBody[]

    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    request_bodies Sequence[WebAclAssociationConfigRequestBody]

    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    requestBodies List<Property Map>

    Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

    WebAclAssociationConfigRequestBody, WebAclAssociationConfigRequestBodyArgs

    Cloudfronts List<Pulumi.Aws.WafV2.Inputs.WebAclAssociationConfigRequestBodyCloudfront>

    Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See cloudfront below for details.

    Cloudfronts []WebAclAssociationConfigRequestBodyCloudfront

    Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See cloudfront below for details.

    cloudfronts List<WebAclAssociationConfigRequestBodyCloudfront>

    Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See cloudfront below for details.

    cloudfronts WebAclAssociationConfigRequestBodyCloudfront[]

    Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See cloudfront below for details.

    cloudfronts Sequence[WebAclAssociationConfigRequestBodyCloudfront]

    Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See cloudfront below for details.

    cloudfronts List<Property Map>

    Customizes the request body that your protected CloudFront distributions forward to AWS WAF for inspection. See cloudfront below for details.

    WebAclAssociationConfigRequestBodyCloudfront, WebAclAssociationConfigRequestBodyCloudfrontArgs

    DefaultSizeInspectionLimit string

    Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    DefaultSizeInspectionLimit string

    Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    defaultSizeInspectionLimit String

    Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    defaultSizeInspectionLimit string

    Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    default_size_inspection_limit str

    Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    defaultSizeInspectionLimit String

    Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

    WebAclCaptchaConfig, WebAclCaptchaConfigArgs

    ImmunityTimeProperty Pulumi.Aws.WafV2.Inputs.WebAclCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunity_time_property WebAclCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunityTimeProperty Property Map

    Defines custom immunity time. See immunity_time_property below for details.

    WebAclCaptchaConfigImmunityTimeProperty, WebAclCaptchaConfigImmunityTimePropertyArgs

    ImmunityTime int

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    ImmunityTime int

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunityTime Integer

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunityTime number

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunity_time int

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunityTime Number

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    WebAclCustomResponseBody, WebAclCustomResponseBodyArgs

    Content string

    Payload of the custom response.

    ContentType string

    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

    Key string

    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    Content string

    Payload of the custom response.

    ContentType string

    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

    Key string

    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    content String

    Payload of the custom response.

    contentType String

    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

    key String

    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    content string

    Payload of the custom response.

    contentType string

    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

    key string

    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    content str

    Payload of the custom response.

    content_type str

    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

    key str

    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    content String

    Payload of the custom response.

    contentType String

    Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.

    key String

    Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

    WebAclDefaultAction, WebAclDefaultActionArgs

    Allow Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    Block Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    Allow WebAclDefaultActionAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    Block WebAclDefaultActionBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    allow WebAclDefaultActionAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block WebAclDefaultActionBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    allow WebAclDefaultActionAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block WebAclDefaultActionBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    allow WebAclDefaultActionAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block WebAclDefaultActionBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    allow Property Map

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block Property Map

    Specifies that AWS WAF should block requests by default. See block below for details.

    WebAclDefaultActionAllow, WebAclDefaultActionAllowArgs

    CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclDefaultActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclDefaultActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclDefaultActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclDefaultActionAllowCustomRequestHandling, WebAclDefaultActionAllowCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclDefaultActionAllowCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclDefaultActionAllowCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclDefaultActionAllowCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclDefaultActionAllowCustomRequestHandlingInsertHeader, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclDefaultActionBlock, WebAclDefaultActionBlockArgs

    CustomResponse Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    CustomResponse WebAclDefaultActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse WebAclDefaultActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse WebAclDefaultActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    custom_response WebAclDefaultActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse Property Map

    Defines a custom response for the web request. See custom_response below for details.

    WebAclDefaultActionBlockCustomResponse, WebAclDefaultActionBlockCustomResponseArgs

    ResponseCode int

    The HTTP status code to return to the client.

    CustomResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    ResponseHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclDefaultActionBlockCustomResponseResponseHeader>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    ResponseCode int

    The HTTP status code to return to the client.

    CustomResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    ResponseHeaders []WebAclDefaultActionBlockCustomResponseResponseHeader

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode Integer

    The HTTP status code to return to the client.

    customResponseBodyKey String

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode number

    The HTTP status code to return to the client.

    customResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders WebAclDefaultActionBlockCustomResponseResponseHeader[]

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    response_code int

    The HTTP status code to return to the client.

    custom_response_body_key str

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    response_headers Sequence[WebAclDefaultActionBlockCustomResponseResponseHeader]

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode Number

    The HTTP status code to return to the client.

    customResponseBodyKey String

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders List<Property Map>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    WebAclDefaultActionBlockCustomResponseResponseHeader, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRule, WebAclRuleArgs

    Name string

    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

    Priority int

    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

    Statement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatement

    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

    VisibilityConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    Action Pulumi.Aws.WafV2.Inputs.WebAclRuleAction

    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

    CaptchaConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    OverrideAction Pulumi.Aws.WafV2.Inputs.WebAclRuleOverrideAction

    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

    RuleLabels List<Pulumi.Aws.WafV2.Inputs.WebAclRuleRuleLabel>

    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    Name string

    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

    Priority int

    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

    Statement WebAclRuleStatement

    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

    VisibilityConfig WebAclRuleVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    Action WebAclRuleAction

    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

    CaptchaConfig WebAclRuleCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    OverrideAction WebAclRuleOverrideAction

    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

    RuleLabels []WebAclRuleRuleLabel

    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    name String

    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

    priority Integer

    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

    statement WebAclRuleStatement

    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

    visibilityConfig WebAclRuleVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    action WebAclRuleAction

    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

    captchaConfig WebAclRuleCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    overrideAction WebAclRuleOverrideAction

    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

    ruleLabels List<WebAclRuleRuleLabel>

    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    name string

    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

    priority number

    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

    statement WebAclRuleStatement

    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

    visibilityConfig WebAclRuleVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    action WebAclRuleAction

    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

    captchaConfig WebAclRuleCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    overrideAction WebAclRuleOverrideAction

    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

    ruleLabels WebAclRuleRuleLabel[]

    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    name str

    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

    priority int

    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

    statement WebAclRuleStatement

    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

    visibility_config WebAclRuleVisibilityConfig

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    action WebAclRuleAction

    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

    captcha_config WebAclRuleCaptchaConfig

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    override_action WebAclRuleOverrideAction

    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

    rule_labels Sequence[WebAclRuleRuleLabel]

    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    name String

    Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.

    priority Number

    If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.

    statement Property Map

    The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.

    visibilityConfig Property Map

    Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

    action Property Map

    Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.

    captchaConfig Property Map

    Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

    overrideAction Property Map

    Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.

    ruleLabels List<Property Map>

    Labels to apply to web requests that match the rule match statement. See rule_label below for details.

    WebAclRuleAction, WebAclRuleActionArgs

    Allow Pulumi.Aws.WafV2.Inputs.WebAclRuleActionAllow

    Instructs AWS WAF to allow the web request. See allow below for details.

    Block Pulumi.Aws.WafV2.Inputs.WebAclRuleActionBlock

    Instructs AWS WAF to block the web request. See block below for details.

    Captcha Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    Challenge Pulumi.Aws.WafV2.Inputs.WebAclRuleActionChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    Count Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    Allow WebAclRuleActionAllow

    Instructs AWS WAF to allow the web request. See allow below for details.

    Block WebAclRuleActionBlock

    Instructs AWS WAF to block the web request. See block below for details.

    Captcha WebAclRuleActionCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    Challenge WebAclRuleActionChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    Count WebAclRuleActionCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow WebAclRuleActionAllow

    Instructs AWS WAF to allow the web request. See allow below for details.

    block WebAclRuleActionBlock

    Instructs AWS WAF to block the web request. See block below for details.

    captcha WebAclRuleActionCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge WebAclRuleActionChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count WebAclRuleActionCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow WebAclRuleActionAllow

    Instructs AWS WAF to allow the web request. See allow below for details.

    block WebAclRuleActionBlock

    Instructs AWS WAF to block the web request. See block below for details.

    captcha WebAclRuleActionCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge WebAclRuleActionChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count WebAclRuleActionCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow WebAclRuleActionAllow

    Instructs AWS WAF to allow the web request. See allow below for details.

    block WebAclRuleActionBlock

    Instructs AWS WAF to block the web request. See block below for details.

    captcha WebAclRuleActionCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge WebAclRuleActionChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count WebAclRuleActionCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow Property Map

    Instructs AWS WAF to allow the web request. See allow below for details.

    block Property Map

    Instructs AWS WAF to block the web request. See block below for details.

    captcha Property Map

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge Property Map

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count Property Map

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    WebAclRuleActionAllow, WebAclRuleActionAllowArgs

    CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleActionAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionAllowCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleActionAllowCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleActionAllowCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleActionAllowCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleActionBlock, WebAclRuleActionBlockArgs

    CustomResponse Pulumi.Aws.WafV2.Inputs.WebAclRuleActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    CustomResponse WebAclRuleActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse WebAclRuleActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse WebAclRuleActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    custom_response WebAclRuleActionBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse Property Map

    Defines a custom response for the web request. See custom_response below for details.

    WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs

    ResponseCode int

    The HTTP status code to return to the client.

    CustomResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    ResponseHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionBlockCustomResponseResponseHeader>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    ResponseCode int

    The HTTP status code to return to the client.

    CustomResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    ResponseHeaders []WebAclRuleActionBlockCustomResponseResponseHeader

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode Integer

    The HTTP status code to return to the client.

    customResponseBodyKey String

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode number

    The HTTP status code to return to the client.

    customResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders WebAclRuleActionBlockCustomResponseResponseHeader[]

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    response_code int

    The HTTP status code to return to the client.

    custom_response_body_key str

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    response_headers Sequence[WebAclRuleActionBlockCustomResponseResponseHeader]

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode Number

    The HTTP status code to return to the client.

    customResponseBodyKey String

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders List<Property Map>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs

    CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleActionCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs

    CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleActionChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleActionChallengeCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleActionChallengeCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleActionChallengeCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleActionCount, WebAclRuleActionCountArgs

    CustomRequestHandling Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    CustomRequestHandling WebAclRuleActionCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleActionCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleActionCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleActionCountCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleActionCountCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleActionCountCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleActionCountCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs

    ImmunityTimeProperty Pulumi.Aws.WafV2.Inputs.WebAclRuleCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunity_time_property WebAclRuleCaptchaConfigImmunityTimeProperty

    Defines custom immunity time. See immunity_time_property below for details.

    immunityTimeProperty Property Map

    Defines custom immunity time. See immunity_time_property below for details.

    WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

    ImmunityTime int

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    ImmunityTime int

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunityTime Integer

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunityTime number

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunity_time int

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    immunityTime Number

    The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

    WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs

    Count Pulumi.Aws.WafV2.Inputs.WebAclRuleOverrideActionCount

    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

    None Pulumi.Aws.WafV2.Inputs.WebAclRuleOverrideActionNone

    Don't override the rule action setting. Configured as an empty block {}.

    Count WebAclRuleOverrideActionCount

    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

    None WebAclRuleOverrideActionNone

    Don't override the rule action setting. Configured as an empty block {}.

    count WebAclRuleOverrideActionCount

    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

    none WebAclRuleOverrideActionNone

    Don't override the rule action setting. Configured as an empty block {}.

    count WebAclRuleOverrideActionCount

    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

    none WebAclRuleOverrideActionNone

    Don't override the rule action setting. Configured as an empty block {}.

    count WebAclRuleOverrideActionCount

    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

    none WebAclRuleOverrideActionNone

    Don't override the rule action setting. Configured as an empty block {}.

    count Property Map

    Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.

    none Property Map

    Don't override the rule action setting. Configured as an empty block {}.

    WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs

    Name string

    Label string.

    Name string

    Label string.

    name String

    Label string.

    name string

    Label string.

    name str

    Label string.

    name String

    Label string.

    WebAclRuleStatement, WebAclRuleStatementArgs

    AndStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    ByteMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    GeoMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    LabelMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    ManagedRuleGroupStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatement

    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.

    NotStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    OrStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    RateBasedStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatement

    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

    RegexMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    RuleGroupReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatement

    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.

    SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    SqliMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    XssMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    AndStatement WebAclRuleStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    ByteMatchStatement WebAclRuleStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    GeoMatchStatement WebAclRuleStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    LabelMatchStatement WebAclRuleStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement

    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.

    NotStatement WebAclRuleStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    OrStatement WebAclRuleStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    RateBasedStatement WebAclRuleStatementRateBasedStatement

    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

    RegexMatchStatement WebAclRuleStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement

    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.

    SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    SqliMatchStatement WebAclRuleStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    XssMatchStatement WebAclRuleStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    andStatement WebAclRuleStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byteMatchStatement WebAclRuleStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geoMatchStatement WebAclRuleStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    labelMatchStatement WebAclRuleStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement

    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.

    notStatement WebAclRuleStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    orStatement WebAclRuleStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    rateBasedStatement WebAclRuleStatementRateBasedStatement

    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

    regexMatchStatement WebAclRuleStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement

    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.

    sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqliMatchStatement WebAclRuleStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xssMatchStatement WebAclRuleStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    andStatement WebAclRuleStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byteMatchStatement WebAclRuleStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geoMatchStatement WebAclRuleStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    labelMatchStatement WebAclRuleStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement

    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.

    notStatement WebAclRuleStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    orStatement WebAclRuleStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    rateBasedStatement WebAclRuleStatementRateBasedStatement

    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

    regexMatchStatement WebAclRuleStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement

    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.

    sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqliMatchStatement WebAclRuleStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xssMatchStatement WebAclRuleStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    and_statement WebAclRuleStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byte_match_statement WebAclRuleStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geo_match_statement WebAclRuleStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ip_set_reference_statement WebAclRuleStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    label_match_statement WebAclRuleStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    managed_rule_group_statement WebAclRuleStatementManagedRuleGroupStatement

    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.

    not_statement WebAclRuleStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    or_statement WebAclRuleStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    rate_based_statement WebAclRuleStatementRateBasedStatement

    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

    regex_match_statement WebAclRuleStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regex_pattern_set_reference_statement WebAclRuleStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    rule_group_reference_statement WebAclRuleStatementRuleGroupReferenceStatement

    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.

    size_constraint_statement WebAclRuleStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqli_match_statement WebAclRuleStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xss_match_statement WebAclRuleStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    andStatement Property Map

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byteMatchStatement Property Map

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geoMatchStatement Property Map

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ipSetReferenceStatement Property Map

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    labelMatchStatement Property Map

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    managedRuleGroupStatement Property Map

    Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.

    notStatement Property Map

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    orStatement Property Map

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    rateBasedStatement Property Map

    Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.

    regexMatchStatement Property Map

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regexPatternSetReferenceStatement Property Map

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    ruleGroupReferenceStatement Property Map

    Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.

    sizeConstraintStatement Property Map

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqliMatchStatement Property Map

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xssMatchStatement Property Map

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs

    Statements []WebAclRuleStatement

    The statements to combine.

    statements List<WebAclRuleStatement>

    The statements to combine.

    statements WebAclRuleStatement[]

    The statements to combine.

    statements Sequence[WebAclRuleStatement]

    The statements to combine.

    statements List<Property Map>

    The statements to combine.

    WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs

    PositionalConstraint string

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    SearchString string

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    TextTransformations List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementTextTransformation>

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    FieldToMatch Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    PositionalConstraint string

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    SearchString string

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    TextTransformations []WebAclRuleStatementByteMatchStatementTextTransformation

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positionalConstraint String

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    searchString String

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    textTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positionalConstraint string

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    searchString string

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    textTransformations WebAclRuleStatementByteMatchStatementTextTransformation[]

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positional_constraint str

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    search_string str

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    text_transformations Sequence[WebAclRuleStatementByteMatchStatementTextTransformation]

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    field_to_match WebAclRuleStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positionalConstraint String

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    searchString String

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    textTransformations List<Property Map>

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    fieldToMatch Property Map

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

    AllQueryArguments Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    Body Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    Cookies Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    Headers List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchHeader>

    Inspect the request headers. See headers below for details.

    JsonBody Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    Method Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    QueryString Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    SingleHeader Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    SingleQueryArgument Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    UriPath Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    Body WebAclRuleStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    Headers []WebAclRuleStatementByteMatchStatementFieldToMatchHeader

    Inspect the request headers. See headers below for details.

    JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    body WebAclRuleStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>

    Inspect the request headers. See headers below for details.

    jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    method WebAclRuleStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    body WebAclRuleStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    headers WebAclRuleStatementByteMatchStatementFieldToMatchHeader[]

    Inspect the request headers. See headers below for details.

    jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    method WebAclRuleStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    all_query_arguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    body WebAclRuleStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    headers Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeader]

    Inspect the request headers. See headers below for details.

    json_body WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    method WebAclRuleStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    query_string WebAclRuleStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    single_header WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    single_query_argument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    uri_path WebAclRuleStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    allQueryArguments Property Map

    Inspect all query arguments.

    body Property Map

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies Property Map

    Inspect the cookies in the web request. See cookies below for details.

    headers List<Property Map>

    Inspect the request headers. See headers below for details.

    jsonBody Property Map

    Inspect the request body as JSON. See json_body for details.

    method Property Map

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    queryString Property Map

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    singleHeader Property Map

    Inspect a single header. See single_header below for details.

    singleQueryArgument Property Map

    Inspect a single query argument. See single_query_argument below for details.

    uriPath Property Map

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

    OversizeHandling string

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    OversizeHandling string

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversizeHandling String

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversizeHandling string

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversize_handling str

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversizeHandling String

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    MatchScope string

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    OversizeHandling string

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    MatchPatterns []WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    MatchScope string

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    OversizeHandling string

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    matchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    matchScope String

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversizeHandling String

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    matchPatterns WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    matchScope string

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversizeHandling string

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    match_patterns Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern]

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    match_scope str

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversize_handling str

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    matchPatterns List<Property Map>

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    matchScope String

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversizeHandling String

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

    All Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    ExcludedCookies List<string>
    IncludedCookies List<string>
    All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    ExcludedCookies []string
    IncludedCookies []string
    all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excludedCookies List<String>
    includedCookies List<String>
    all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excludedCookies string[]
    includedCookies string[]
    all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excluded_cookies Sequence[str]
    included_cookies Sequence[str]
    all Property Map

    An empty configuration block that is used for inspecting all headers.

    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

    MatchPattern Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    MatchScope string

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    OversizeHandling string

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    MatchScope string

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    OversizeHandling string

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    matchScope String

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversizeHandling String

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    matchScope string

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversizeHandling string

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    match_scope str

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversize_handling str

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    matchPattern Property Map

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    matchScope String

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversizeHandling String

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

    All Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    ExcludedHeaders List<string>

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    IncludedHeaders List<string>

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    ExcludedHeaders []string

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    IncludedHeaders []string

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excludedHeaders List<String>

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    includedHeaders List<String>

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excludedHeaders string[]

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    includedHeaders string[]

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excluded_headers Sequence[str]

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    included_headers Sequence[str]

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all Property Map

    An empty configuration block that is used for inspecting all headers.

    excludedHeaders List<String>

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    includedHeaders List<String>

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    MatchScope string

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    InvalidFallbackBehavior string

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    OversizeHandling string

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    MatchScope string

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    InvalidFallbackBehavior string

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    OversizeHandling string

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    matchScope String

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    invalidFallbackBehavior String

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    oversizeHandling String

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    matchScope string

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    invalidFallbackBehavior string

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    oversizeHandling string

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    match_scope str

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    invalid_fallback_behavior str

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    oversize_handling str

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    matchPattern Property Map

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    matchScope String

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    invalidFallbackBehavior String

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    oversizeHandling String

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

    All Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    IncludedPaths List<string>
    All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    IncludedPaths []string
    all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    includedPaths List<String>
    all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    includedPaths string[]
    all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    included_paths Sequence[str]
    all Property Map

    An empty configuration block that is used for inspecting all headers.

    includedPaths List<String>

    WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

    Name string

    Name of the query header to inspect. This setting must be provided as lower case characters.

    Name string

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name String

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name string

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name str

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name String

    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

    Name string

    Name of the query header to inspect. This setting must be provided as lower case characters.

    Name string

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name String

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name string

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name str

    Name of the query header to inspect. This setting must be provided as lower case characters.

    name String

    Name of the query header to inspect. This setting must be provided as lower case characters.

    WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs

    Priority int

    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

    Type string

    Transformation to apply, please refer to the Text Transformation documentation for more details.

    Priority int

    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

    Type string

    Transformation to apply, please refer to the Text Transformation documentation for more details.

    priority Integer

    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

    type String

    Transformation to apply, please refer to the Text Transformation documentation for more details.

    priority number

    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

    type string

    Transformation to apply, please refer to the Text Transformation documentation for more details.

    priority int

    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

    type str

    Transformation to apply, please refer to the Text Transformation documentation for more details.

    priority Number

    Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.

    type String

    Transformation to apply, please refer to the Text Transformation documentation for more details.

    WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs

    CountryCodes List<string>

    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

    ForwardedIpConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementGeoMatchStatementForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    CountryCodes []string

    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

    ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    countryCodes List<String>

    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

    forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    countryCodes string[]

    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

    forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    country_codes Sequence[str]

    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

    forwarded_ip_config WebAclRuleStatementGeoMatchStatementForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    countryCodes List<String>

    Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.

    forwardedIpConfig Property Map

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

    WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

    FallbackBehavior string

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    HeaderName string

    Name of the HTTP header to use for the IP address.

    FallbackBehavior string

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    HeaderName string

    Name of the HTTP header to use for the IP address.

    fallbackBehavior String

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    headerName String

    Name of the HTTP header to use for the IP address.

    fallbackBehavior string

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    headerName string

    Name of the HTTP header to use for the IP address.

    fallback_behavior str

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    header_name str

    Name of the HTTP header to use for the IP address.

    fallbackBehavior String

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    headerName String

    Name of the HTTP header to use for the IP address.

    WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs

    Arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    IpSetForwardedIpConfig Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    Arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    arn String

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    arn string

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    arn str

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    ip_set_forwarded_ip_config WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    arn String

    The Amazon Resource Name (ARN) of the IP Set that this statement references.

    ipSetForwardedIpConfig Property Map

    Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

    WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

    FallbackBehavior string

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    HeaderName string

    Name of the HTTP header to use for the IP address.

    Position string

    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    FallbackBehavior string

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    HeaderName string

    Name of the HTTP header to use for the IP address.

    Position string

    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    fallbackBehavior String

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    headerName String

    Name of the HTTP header to use for the IP address.

    position String

    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    fallbackBehavior string

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    headerName string

    Name of the HTTP header to use for the IP address.

    position string

    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    fallback_behavior str

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    header_name str

    Name of the HTTP header to use for the IP address.

    position str

    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    fallbackBehavior String

    Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.

    headerName String

    Name of the HTTP header to use for the IP address.

    position String

    Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

    WebAclRuleStatementLabelMatchStatement, WebAclRuleStatementLabelMatchStatementArgs

    Key string

    String to match against.

    Scope string

    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    Key string

    String to match against.

    Scope string

    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    key String

    String to match against.

    scope String

    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    key string

    String to match against.

    scope string

    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    key str

    String to match against.

    scope str

    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    key String

    String to match against.

    scope String

    Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

    WebAclRuleStatementManagedRuleGroupStatement, WebAclRuleStatementManagedRuleGroupStatementArgs

    Name string

    Name of the managed rule group.

    VendorName string

    Name of the managed rule group vendor.

    ManagedRuleGroupConfigs List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>

    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details

    RuleActionOverrides List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.

    ScopeDownStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement

    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.

    Version string

    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    Name string

    Name of the managed rule group.

    VendorName string

    Name of the managed rule group vendor.

    ManagedRuleGroupConfigs []WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig

    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details

    RuleActionOverrides []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.

    ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement

    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.

    Version string

    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    name String

    Name of the managed rule group.

    vendorName String

    Name of the managed rule group vendor.

    managedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>

    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details

    ruleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.

    scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement

    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.

    version String

    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    name string

    Name of the managed rule group.

    vendorName string

    Name of the managed rule group vendor.

    managedRuleGroupConfigs WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig[]

    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details

    ruleActionOverrides WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride[]

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.

    scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement

    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.

    version string

    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    name str

    Name of the managed rule group.

    vendor_name str

    Name of the managed rule group vendor.

    managed_rule_group_configs Sequence[WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig]

    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details

    rule_action_overrides Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride]

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.

    scope_down_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement

    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.

    version str

    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    name String

    Name of the managed rule group.

    vendorName String

    Name of the managed rule group vendor.

    managedRuleGroupConfigs List<Property Map>

    Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details

    ruleActionOverrides List<Property Map>

    Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.

    scopeDownStatement Property Map

    Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.

    version String

    Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs

    AwsManagedRulesAtpRuleSet Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet

    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.

    AwsManagedRulesBotControlRuleSet Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet

    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details

    LoginPath string

    The path of the login endpoint for your application.

    PasswordField Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField

    Details about your login page password field. See password_field for more details.

    PayloadType string

    The payload type for your login endpoint, either JSON or form encoded.

    UsernameField Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField

    Details about your login page username field. See username_field for more details.

    AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet

    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.

    AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet

    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details

    LoginPath string

    The path of the login endpoint for your application.

    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField

    Details about your login page password field. See password_field for more details.

    PayloadType string

    The payload type for your login endpoint, either JSON or form encoded.

    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField

    Details about your login page username field. See username_field for more details.

    awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet

    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.

    awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet

    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details

    loginPath String

    The path of the login endpoint for your application.

    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField

    Details about your login page password field. See password_field for more details.

    payloadType String

    The payload type for your login endpoint, either JSON or form encoded.

    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField

    Details about your login page username field. See username_field for more details.

    awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet

    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.

    awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet

    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details

    loginPath string

    The path of the login endpoint for your application.

    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField

    Details about your login page password field. See password_field for more details.

    payloadType string

    The payload type for your login endpoint, either JSON or form encoded.

    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField

    Details about your login page username field. See username_field for more details.

    aws_managed_rules_atp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet

    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.

    aws_managed_rules_bot_control_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet

    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details

    login_path str

    The path of the login endpoint for your application.

    password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField

    Details about your login page password field. See password_field for more details.

    payload_type str

    The payload type for your login endpoint, either JSON or form encoded.

    username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField

    Details about your login page username field. See username_field for more details.

    awsManagedRulesAtpRuleSet Property Map

    Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.

    awsManagedRulesBotControlRuleSet Property Map

    Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details

    loginPath String

    The path of the login endpoint for your application.

    passwordField Property Map

    Details about your login page password field. See password_field for more details.

    payloadType String

    The payload type for your login endpoint, either JSON or form encoded.

    usernameField Property Map

    Details about your login page username field. See username_field for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs

    LoginPath string

    The path of the login endpoint for your application.

    EnableRegexInPath bool

    Whether or not to allow the use of regular expressions in the login page path.

    RequestInspection Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection

    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.

    ResponseInspection Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    LoginPath string

    The path of the login endpoint for your application.

    EnableRegexInPath bool

    Whether or not to allow the use of regular expressions in the login page path.

    RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection

    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.

    ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    loginPath String

    The path of the login endpoint for your application.

    enableRegexInPath Boolean

    Whether or not to allow the use of regular expressions in the login page path.

    requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection

    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.

    responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    loginPath string

    The path of the login endpoint for your application.

    enableRegexInPath boolean

    Whether or not to allow the use of regular expressions in the login page path.

    requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection

    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.

    responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    login_path str

    The path of the login endpoint for your application.

    enable_regex_in_path bool

    Whether or not to allow the use of regular expressions in the login page path.

    request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection

    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.

    response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    loginPath String

    The path of the login endpoint for your application.

    enableRegexInPath Boolean

    Whether or not to allow the use of regular expressions in the login page path.

    requestInspection Property Map

    The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.

    responseInspection Property Map

    The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs

    PasswordField Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField

    Details about your login page password field. See password_field for more details.

    PayloadType string

    The payload type for your login endpoint, either JSON or form encoded.

    UsernameField Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

    Details about your login page username field. See username_field for more details.

    PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField

    Details about your login page password field. See password_field for more details.

    PayloadType string

    The payload type for your login endpoint, either JSON or form encoded.

    UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

    Details about your login page username field. See username_field for more details.

    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField

    Details about your login page password field. See password_field for more details.

    payloadType String

    The payload type for your login endpoint, either JSON or form encoded.

    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

    Details about your login page username field. See username_field for more details.

    passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField

    Details about your login page password field. See password_field for more details.

    payloadType string

    The payload type for your login endpoint, either JSON or form encoded.

    usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

    Details about your login page username field. See username_field for more details.

    password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField

    Details about your login page password field. See password_field for more details.

    payload_type str

    The payload type for your login endpoint, either JSON or form encoded.

    username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

    Details about your login page username field. See username_field for more details.

    passwordField Property Map

    Details about your login page password field. See password_field for more details.

    payloadType String

    The payload type for your login endpoint, either JSON or form encoded.

    usernameField Property Map

    Details about your login page username field. See username_field for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs

    Identifier string

    The name of the password field.

    Identifier string

    The name of the password field.

    identifier String

    The name of the password field.

    identifier string

    The name of the password field.

    identifier str

    The name of the password field.

    identifier String

    The name of the password field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs

    Identifier string

    The name of the username field.

    Identifier string

    The name of the username field.

    identifier String

    The name of the username field.

    identifier string

    The name of the username field.

    identifier str

    The name of the username field.

    identifier String

    The name of the username field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs

    BodyContains Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains

    Configures inspection of the response body. See body_contains for more details.

    Header Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader

    Configures inspection of the response header.See header for more details.

    Json Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson

    Configures inspection of the response JSON. See json for more details.

    StatusCode Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

    Configures inspection of the response status code.See status_code for more details.

    BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains

    Configures inspection of the response body. See body_contains for more details.

    Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader

    Configures inspection of the response header.See header for more details.

    Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson

    Configures inspection of the response JSON. See json for more details.

    StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

    Configures inspection of the response status code.See status_code for more details.

    bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains

    Configures inspection of the response body. See body_contains for more details.

    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader

    Configures inspection of the response header.See header for more details.

    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson

    Configures inspection of the response JSON. See json for more details.

    statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

    Configures inspection of the response status code.See status_code for more details.

    bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains

    Configures inspection of the response body. See body_contains for more details.

    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader

    Configures inspection of the response header.See header for more details.

    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson

    Configures inspection of the response JSON. See json for more details.

    statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

    Configures inspection of the response status code.See status_code for more details.

    body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains

    Configures inspection of the response body. See body_contains for more details.

    header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader

    Configures inspection of the response header.See header for more details.

    json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson

    Configures inspection of the response JSON. See json for more details.

    status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

    Configures inspection of the response status code.See status_code for more details.

    bodyContains Property Map

    Configures inspection of the response body. See body_contains for more details.

    header Property Map

    Configures inspection of the response header.See header for more details.

    json Property Map

    Configures inspection of the response JSON. See json for more details.

    statusCode Property Map

    Configures inspection of the response status code.See status_code for more details.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs

    FailureStrings List<string>

    Strings in the body of the response that indicate a failed login attempt.

    SuccessStrings List<string>

    Strings in the body of the response that indicate a successful login attempt.

    FailureStrings []string

    Strings in the body of the response that indicate a failed login attempt.

    SuccessStrings []string

    Strings in the body of the response that indicate a successful login attempt.

    failureStrings List<String>

    Strings in the body of the response that indicate a failed login attempt.

    successStrings List<String>

    Strings in the body of the response that indicate a successful login attempt.

    failureStrings string[]

    Strings in the body of the response that indicate a failed login attempt.

    successStrings string[]

    Strings in the body of the response that indicate a successful login attempt.

    failure_strings Sequence[str]

    Strings in the body of the response that indicate a failed login attempt.

    success_strings Sequence[str]

    Strings in the body of the response that indicate a successful login attempt.

    failureStrings List<String>

    Strings in the body of the response that indicate a failed login attempt.

    successStrings List<String>

    Strings in the body of the response that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs

    FailureValues List<string>

    Values in the response header with the specified name that indicate a failed login attempt.

    Name string

    The name of the header to match against. The name must be an exact match, including case.

    SuccessValues List<string>

    Values in the response header with the specified name that indicate a successful login attempt.

    FailureValues []string

    Values in the response header with the specified name that indicate a failed login attempt.

    Name string

    The name of the header to match against. The name must be an exact match, including case.

    SuccessValues []string

    Values in the response header with the specified name that indicate a successful login attempt.

    failureValues List<String>

    Values in the response header with the specified name that indicate a failed login attempt.

    name String

    The name of the header to match against. The name must be an exact match, including case.

    successValues List<String>

    Values in the response header with the specified name that indicate a successful login attempt.

    failureValues string[]

    Values in the response header with the specified name that indicate a failed login attempt.

    name string

    The name of the header to match against. The name must be an exact match, including case.

    successValues string[]

    Values in the response header with the specified name that indicate a successful login attempt.

    failure_values Sequence[str]

    Values in the response header with the specified name that indicate a failed login attempt.

    name str

    The name of the header to match against. The name must be an exact match, including case.

    success_values Sequence[str]

    Values in the response header with the specified name that indicate a successful login attempt.

    failureValues List<String>

    Values in the response header with the specified name that indicate a failed login attempt.

    name String

    The name of the header to match against. The name must be an exact match, including case.

    successValues List<String>

    Values in the response header with the specified name that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs

    FailureValues List<string>

    Values in the response header with the specified name that indicate a failed login attempt.

    Identifier string

    The identifier for the value to match against in the JSON.

    SuccessValues List<string>

    Values in the response header with the specified name that indicate a successful login attempt.

    FailureValues []string

    Values in the response header with the specified name that indicate a failed login attempt.

    Identifier string

    The identifier for the value to match against in the JSON.

    SuccessValues []string

    Values in the response header with the specified name that indicate a successful login attempt.

    failureValues List<String>

    Values in the response header with the specified name that indicate a failed login attempt.

    identifier String

    The identifier for the value to match against in the JSON.

    successValues List<String>

    Values in the response header with the specified name that indicate a successful login attempt.

    failureValues string[]

    Values in the response header with the specified name that indicate a failed login attempt.

    identifier string

    The identifier for the value to match against in the JSON.

    successValues string[]

    Values in the response header with the specified name that indicate a successful login attempt.

    failure_values Sequence[str]

    Values in the response header with the specified name that indicate a failed login attempt.

    identifier str

    The identifier for the value to match against in the JSON.

    success_values Sequence[str]

    Values in the response header with the specified name that indicate a successful login attempt.

    failureValues List<String>

    Values in the response header with the specified name that indicate a failed login attempt.

    identifier String

    The identifier for the value to match against in the JSON.

    successValues List<String>

    Values in the response header with the specified name that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs

    FailureCodes List<int>

    Status codes in the response that indicate a failed login attempt.

    SuccessCodes List<int>

    Status codes in the response that indicate a successful login attempt.

    FailureCodes []int

    Status codes in the response that indicate a failed login attempt.

    SuccessCodes []int

    Status codes in the response that indicate a successful login attempt.

    failureCodes List<Integer>

    Status codes in the response that indicate a failed login attempt.

    successCodes List<Integer>

    Status codes in the response that indicate a successful login attempt.

    failureCodes number[]

    Status codes in the response that indicate a failed login attempt.

    successCodes number[]

    Status codes in the response that indicate a successful login attempt.

    failure_codes Sequence[int]

    Status codes in the response that indicate a failed login attempt.

    success_codes Sequence[int]

    Status codes in the response that indicate a successful login attempt.

    failureCodes List<Number>

    Status codes in the response that indicate a failed login attempt.

    successCodes List<Number>

    Status codes in the response that indicate a successful login attempt.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetArgs

    InspectionLevel string

    The inspection level to use for the Bot Control rule group.

    InspectionLevel string

    The inspection level to use for the Bot Control rule group.

    inspectionLevel String

    The inspection level to use for the Bot Control rule group.

    inspectionLevel string

    The inspection level to use for the Bot Control rule group.

    inspection_level str

    The inspection level to use for the Bot Control rule group.

    inspectionLevel String

    The inspection level to use for the Bot Control rule group.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldArgs

    Identifier string

    The name of the password field.

    Identifier string

    The name of the password field.

    identifier String

    The name of the password field.

    identifier string

    The name of the password field.

    identifier str

    The name of the password field.

    identifier String

    The name of the password field.

    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldArgs

    Identifier string

    The name of the username field.

    Identifier string

    The name of the username field.

    identifier String

    The name of the username field.

    identifier string

    The name of the username field.

    identifier str

    The name of the username field.

    identifier String

    The name of the username field.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs

    ActionToUse Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse

    Override action to use, in place of the configured action of the rule in the rule group. See action for details.

    Name string

    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse

    Override action to use, in place of the configured action of the rule in the rule group. See action for details.

    Name string

    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse

    Override action to use, in place of the configured action of the rule in the rule group. See action for details.

    name String

    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse

    Override action to use, in place of the configured action of the rule in the rule group. See action for details.

    name string

    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    action_to_use WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse

    Override action to use, in place of the configured action of the rule in the rule group. See action for details.

    name str

    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    actionToUse Property Map

    Override action to use, in place of the configured action of the rule in the rule group. See action for details.

    name String

    Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs

    Allow Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    Block Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    Captcha Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    Challenge Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    Count Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    Allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    Block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    Captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    Challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    Count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock

    Specifies that AWS WAF should block requests by default. See block below for details.

    captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    allow Property Map

    Specifies that AWS WAF should allow requests by default. See allow below for details.

    block Property Map

    Specifies that AWS WAF should block requests by default. See block below for details.

    captcha Property Map

    Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.

    challenge Property Map

    Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.

    count Property Map

    Instructs AWS WAF to count the web request and allow it. See count below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockArgs

    CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    custom_response WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse

    Defines a custom response for the web request. See custom_response below for details.

    customResponse Property Map

    Defines a custom response for the web request. See custom_response below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseArgs

    ResponseCode int

    The HTTP status code to return to the client.

    CustomResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    ResponseHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    ResponseCode int

    The HTTP status code to return to the client.

    CustomResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    ResponseHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode Integer

    The HTTP status code to return to the client.

    customResponseBodyKey String

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode number

    The HTTP status code to return to the client.

    customResponseBodyKey string

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader[]

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    response_code int

    The HTTP status code to return to the client.

    custom_response_body_key str

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    response_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader]

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    responseCode Number

    The HTTP status code to return to the client.

    customResponseBodyKey String

    References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.

    responseHeaders List<Property Map>

    The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs

    CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling

    Defines custom handling for the web request. See custom_request_handling below for details.

    customRequestHandling Property Map

    Defines custom handling for the web request. See custom_request_handling below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingArgs

    InsertHeaders List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader[]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader]

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    insertHeaders List<Property Map>

    The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

    WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    Name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    Value string

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    name string

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value string

    Value of the custom header.

    name str

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value str

    Value of the custom header.

    name String

    Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.

    value String

    Value of the custom header.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs

    AndStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    ByteMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    GeoMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    IpSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    LabelMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    NotStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    OrStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    RegexMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    RegexPatternSetReferenceStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    SizeConstraintStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    SqliMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    XssMatchStatement Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    AndStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    NotStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    OrStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    andStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    notStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    orStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    andStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    notStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    orStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    and_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byte_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geo_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ip_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    label_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    not_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    or_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    regex_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regex_pattern_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    size_constraint_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqli_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xss_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    andStatement Property Map

    Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.

    byteMatchStatement Property Map

    Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.

    geoMatchStatement Property Map

    Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.

    ipSetReferenceStatement Property Map

    Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.

    labelMatchStatement Property Map

    Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.

    notStatement Property Map

    Logical rule statement used to negate the results of another rule statement. See not_statement below for details.

    orStatement Property Map

    Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.

    regexMatchStatement Property Map

    Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.

    regexPatternSetReferenceStatement Property Map

    Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.

    sizeConstraintStatement Property Map

    Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.

    sqliMatchStatement Property Map

    An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.

    xssMatchStatement Property Map

    Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementArgs

    Statements []WebAclRuleStatement

    The statements to combine.

    statements List<WebAclRuleStatement>

    The statements to combine.

    statements WebAclRuleStatement[]

    The statements to combine.

    statements Sequence[WebAclRuleStatement]

    The statements to combine.

    statements List<Property Map>

    The statements to combine.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs

    PositionalConstraint string

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    SearchString string

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    TextTransformations List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    FieldToMatch Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    PositionalConstraint string

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    SearchString string

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positionalConstraint String

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    searchString String

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positionalConstraint string

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    searchString string

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation[]

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positional_constraint str

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    search_string str

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation]

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    positionalConstraint String

    Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.

    searchString String

    String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.

    textTransformations List<Property Map>

    Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.

    fieldToMatch Property Map

    Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

    AllQueryArguments Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    Body Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    Cookies Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    Headers List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>

    Inspect the request headers. See headers below for details.

    JsonBody Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    Method Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    QueryString Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    SingleHeader Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    SingleQueryArgument Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    UriPath Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader

    Inspect the request headers. See headers below for details.

    JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>

    Inspect the request headers. See headers below for details.

    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader[]

    Inspect the request headers. See headers below for details.

    jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments

    Inspect all query arguments.

    body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies

    Inspect the cookies in the web request. See cookies below for details.

    headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader]

    Inspect the request headers. See headers below for details.

    json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody

    Inspect the request body as JSON. See json_body for details.

    method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader

    Inspect a single header. See single_header below for details.

    single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument

    Inspect a single query argument. See single_query_argument below for details.

    uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    allQueryArguments Property Map

    Inspect all query arguments.

    body Property Map

    Inspect the request body, which immediately follows the request headers. See body below for details.

    cookies Property Map

    Inspect the cookies in the web request. See cookies below for details.

    headers List<Property Map>

    Inspect the request headers. See headers below for details.

    jsonBody Property Map

    Inspect the request body as JSON. See json_body for details.

    method Property Map

    Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.

    queryString Property Map

    Inspect the query string. This is the part of a URL that appears after a ? character, if any.

    singleHeader Property Map

    Inspect a single header. See single_header below for details.

    singleQueryArgument Property Map

    Inspect a single query argument. See single_query_argument below for details.

    uriPath Property Map

    Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

    OversizeHandling string

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    OversizeHandling string

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversizeHandling String

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversizeHandling string

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversize_handling str

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    oversizeHandling String

    What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

    MatchPatterns List<Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    MatchScope string

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    OversizeHandling string

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    MatchScope string

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    OversizeHandling string

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    matchScope String

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversizeHandling String

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    matchScope string

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversizeHandling string

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern]

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    match_scope str

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversize_handling str

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    matchPatterns List<Property Map>

    The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern

    matchScope String

    The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE

    oversizeHandling String

    What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

    all Property Map

    An empty configuration block that is used for inspecting all headers.

    excludedCookies List<String>
    includedCookies List<String>

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs

    MatchPattern Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    MatchScope string

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    OversizeHandling string

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    MatchScope string

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    OversizeHandling string

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    matchScope String

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversizeHandling String

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    matchScope string

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversizeHandling string

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    match_scope str

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversize_handling str

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    matchPattern Property Map

    The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:

    matchScope String

    The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.

    oversizeHandling String

    Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

    All Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    ExcludedHeaders List<string>

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    IncludedHeaders List<string>

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    ExcludedHeaders []string

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    IncludedHeaders []string

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excludedHeaders List<String>

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    includedHeaders List<String>

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excludedHeaders string[]

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    includedHeaders string[]

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll

    An empty configuration block that is used for inspecting all headers.

    excluded_headers Sequence[str]

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    included_headers Sequence[str]

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    all Property Map

    An empty configuration block that is used for inspecting all headers.

    excludedHeaders List<String>

    An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.

    includedHeaders List<String>

    An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

    WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs

    MatchPattern Pulumi.Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    MatchScope string

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    InvalidFallbackBehavior string

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    OversizeHandling string

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    MatchScope string

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    InvalidFallbackBehavior string

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.

    OversizeHandling string

    What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

    matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern

    The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.

    matchScope String

    The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.

    invalidFallbackBehavior String

    What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.