Docs
Packages
aws.wafv2.WebAcl
Explore with Pulumi AI
Creates a WAFv2 Web ACL resource.
Note: In
field_to_matchblocks, e.g., inbyte_match_statement, thebodyblock includes an optional argumentoversize_handling. AWS indicates this argument will be required starting February 2023. To avoid configurations breaking when that change happens, treat theoversize_handlingargument as required as soon as possible.
Example Usage
Managed Rule
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var atp_example = new Aws.WafV2.WebAcl("atp-example", new()
{
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
Description = "Example of a managed ATP rule.",
Rules = new[]
{
new Aws.WafV2.Inputs.WebAclRuleArgs
{
Name = "atp-rule-1",
OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs
{
Count = null,
},
Priority = 1,
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs
{
ManagedRuleGroupConfigs = new[]
{
new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs
{
AwsManagedRulesAtpRuleSet = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs
{
LoginPath = "/api/1/signin",
RequestInspection = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs
{
PasswordField = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs
{
Identifier = "/password",
},
PayloadType = "JSON",
UsernameField = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs
{
Identifier = "/email",
},
},
ResponseInspection = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs
{
StatusCode = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs
{
FailureCodes = new[]
{
403,
},
SuccessCodes = new[]
{
200,
},
},
},
},
},
},
Name = "AWSManagedRulesATPRuleSet",
VendorName = "AWS",
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-rule-metric-name",
SampledRequestsEnabled = false,
},
},
},
Scope = "CLOUDFRONT",
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-metric-name",
SampledRequestsEnabled = false,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAcl(ctx, "atp-example", &wafv2.WebAclArgs{
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: nil,
},
Description: pulumi.String("Example of a managed ATP rule."),
Rules: wafv2.WebAclRuleArray{
&wafv2.WebAclRuleArgs{
Name: pulumi.String("atp-rule-1"),
OverrideAction: &wafv2.WebAclRuleOverrideActionArgs{
Count: nil,
},
Priority: pulumi.Int(1),
Statement: &wafv2.WebAclRuleStatementArgs{
ManagedRuleGroupStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{
ManagedRuleGroupConfigs: wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArray{
&wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs{
AwsManagedRulesAtpRuleSet: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs{
LoginPath: pulumi.String("/api/1/signin"),
RequestInspection: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs{
PasswordField: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs{
Identifier: pulumi.String("/password"),
},
PayloadType: pulumi.String("JSON"),
UsernameField: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs{
Identifier: pulumi.String("/email"),
},
},
ResponseInspection: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs{
StatusCode: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs{
FailureCodes: pulumi.IntArray{
pulumi.Int(403),
},
SuccessCodes: pulumi.IntArray{
pulumi.Int(200),
},
},
},
},
},
},
Name: pulumi.String("AWSManagedRulesATPRuleSet"),
VendorName: pulumi.String("AWS"),
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-rule-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
},
},
Scope: pulumi.String("CLOUDFRONT"),
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionCountArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAcl("example", WebAclArgs.builder()
.defaultAction(WebAclDefaultActionArgs.builder()
.allow()
.build())
.description("Example of a managed rule.")
.rules(WebAclRuleArgs.builder()
.name("rule-1")
.overrideAction(WebAclRuleOverrideActionArgs.builder()
.count()
.build())
.priority(1)
.statement(WebAclRuleStatementArgs.builder()
.managedRuleGroupStatement(WebAclRuleStatementManagedRuleGroupStatementArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.ruleActionOverride(
%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.scopeDownStatement(WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs.builder()
.countryCodes(
"US",
"NL")
.build())
.build())
.vendorName("AWS")
.build())
.build())
.tokenDomains(
"mywebsite.com",
"myotherwebsite.com")
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build())
.scope("REGIONAL")
.tags(Map.ofEntries(
Map.entry("Tag1", "Value1"),
Map.entry("Tag2", "Value2")
))
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
atp_example = aws.wafv2.WebAcl("atp-example",
default_action=aws.wafv2.WebAclDefaultActionArgs(
allow=aws.wafv2.WebAclDefaultActionAllowArgs(),
),
description="Example of a managed ATP rule.",
rules=[aws.wafv2.WebAclRuleArgs(
name="atp-rule-1",
override_action=aws.wafv2.WebAclRuleOverrideActionArgs(
count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),
),
priority=1,
statement=aws.wafv2.WebAclRuleStatementArgs(
managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(
managed_rule_group_configs=[aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs(
aws_managed_rules_atp_rule_set=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs(
login_path="/api/1/signin",
request_inspection=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs(
password_field=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs(
identifier="/password",
),
payload_type="JSON",
username_field=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs(
identifier="/email",
),
),
response_inspection=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs(
status_code=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs(
failure_codes=[403],
success_codes=[200],
),
),
),
)],
name="AWSManagedRulesATPRuleSet",
vendor_name="AWS",
),
),
visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-rule-metric-name",
sampled_requests_enabled=False,
),
)],
scope="CLOUDFRONT",
visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-metric-name",
sampled_requests_enabled=False,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const atp_example = new aws.wafv2.WebAcl("atp-example", {
defaultAction: {
allow: {},
},
description: "Example of a managed ATP rule.",
rules: [{
name: "atp-rule-1",
overrideAction: {
count: {},
},
priority: 1,
statement: {
managedRuleGroupStatement: {
managedRuleGroupConfigs: [{
awsManagedRulesAtpRuleSet: {
loginPath: "/api/1/signin",
requestInspection: {
passwordField: {
identifier: "/password",
},
payloadType: "JSON",
usernameField: {
identifier: "/email",
},
},
responseInspection: {
statusCode: {
failureCodes: [403],
successCodes: [200],
},
},
},
}],
name: "AWSManagedRulesATPRuleSet",
vendorName: "AWS",
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-rule-metric-name",
sampledRequestsEnabled: false,
},
}],
scope: "CLOUDFRONT",
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-metric-name",
sampledRequestsEnabled: false,
},
});
resources:
example:
type: aws:wafv2:WebAcl
properties:
defaultAction:
allow: {}
description: Example of a managed rule.
rules:
- name: rule-1
overrideAction:
count: {}
priority: 1
statement:
managedRuleGroupStatement:
name: AWSManagedRulesCommonRuleSet
ruleActionOverride:
- actionToUse:
count: {}
name: SizeRestrictions_QUERYSTRING
- actionToUse:
count: {}
name: NoUserAgent_HEADER
scopeDownStatement:
geoMatchStatement:
countryCodes:
- US
- NL
vendorName: AWS
tokenDomains:
- mywebsite.com
- myotherwebsite.com
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
scope: REGIONAL
tags:
Tag1: Value1
Tag2: Value2
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-metric-name
sampledRequestsEnabled: false
Account Takeover Protection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAcl("example", new()
{
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
Description = "Example of a Cloudfront rate based statement.",
Rules = new[]
{
new Aws.WafV2.Inputs.WebAclRuleArgs
{
Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs
{
Block = null,
},
Name = "rule-1",
Priority = 1,
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
RateBasedStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementArgs
{
AggregateKeyType = "IP",
Limit = 10000,
ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"US",
"NL",
},
},
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-rule-metric-name",
SampledRequestsEnabled = false,
},
},
},
Scope = "CLOUDFRONT",
Tags =
{
{ "Tag1", "Value1" },
{ "Tag2", "Value2" },
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-metric-name",
SampledRequestsEnabled = false,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: nil,
},
Description: pulumi.String("Example of a Cloudfront rate based statement."),
Rules: wafv2.WebAclRuleArray{
&wafv2.WebAclRuleArgs{
Action: &wafv2.WebAclRuleActionArgs{
Block: nil,
},
Name: pulumi.String("rule-1"),
Priority: pulumi.Int(1),
Statement: &wafv2.WebAclRuleStatementArgs{
RateBasedStatement: &wafv2.WebAclRuleStatementRateBasedStatementArgs{
AggregateKeyType: pulumi.String("IP"),
Limit: pulumi.Int(10000),
ScopeDownStatement: &wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs{
GeoMatchStatement: &wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("US"),
pulumi.String("NL"),
},
},
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-rule-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
},
},
Scope: pulumi.String("CLOUDFRONT"),
Tags: pulumi.StringMap{
"Tag1": pulumi.String("Value1"),
"Tag2": pulumi.String("Value2"),
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionCountArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var atp_example = new WebAcl("atp-example", WebAclArgs.builder()
.defaultAction(WebAclDefaultActionArgs.builder()
.allow()
.build())
.description("Example of a managed ATP rule.")
.rules(WebAclRuleArgs.builder()
.name("atp-rule-1")
.overrideAction(WebAclRuleOverrideActionArgs.builder()
.count()
.build())
.priority(1)
.statement(WebAclRuleStatementArgs.builder()
.managedRuleGroupStatement(WebAclRuleStatementManagedRuleGroupStatementArgs.builder()
.managedRuleGroupConfigs(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs.builder()
.awsManagedRulesAtpRuleSet(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs.builder()
.loginPath("/api/1/signin")
.requestInspection(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs.builder()
.passwordField(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs.builder()
.identifier("/password")
.build())
.payloadType("JSON")
.usernameField(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs.builder()
.identifier("/email")
.build())
.build())
.responseInspection(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs.builder()
.statusCode(WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs.builder()
.failureCodes("403")
.successCodes("200")
.build())
.build())
.build())
.build())
.name("AWSManagedRulesATPRuleSet")
.vendorName("AWS")
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build())
.scope("CLOUDFRONT")
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAcl("example",
default_action=aws.wafv2.WebAclDefaultActionArgs(
allow=aws.wafv2.WebAclDefaultActionAllowArgs(),
),
description="Example of a Cloudfront rate based statement.",
rules=[aws.wafv2.WebAclRuleArgs(
action=aws.wafv2.WebAclRuleActionArgs(
block=aws.wafv2.WebAclRuleActionBlockArgs(),
),
name="rule-1",
priority=1,
statement=aws.wafv2.WebAclRuleStatementArgs(
rate_based_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementArgs(
aggregate_key_type="IP",
limit=10000,
scope_down_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs(
geo_match_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs(
country_codes=[
"US",
"NL",
],
),
),
),
),
visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-rule-metric-name",
sampled_requests_enabled=False,
),
)],
scope="CLOUDFRONT",
tags={
"Tag1": "Value1",
"Tag2": "Value2",
},
visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-metric-name",
sampled_requests_enabled=False,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAcl("example", {
defaultAction: {
allow: {},
},
description: "Example of a Cloudfront rate based statement.",
rules: [{
action: {
block: {},
},
name: "rule-1",
priority: 1,
statement: {
rateBasedStatement: {
aggregateKeyType: "IP",
limit: 10000,
scopeDownStatement: {
geoMatchStatement: {
countryCodes: [
"US",
"NL",
],
},
},
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-rule-metric-name",
sampledRequestsEnabled: false,
},
}],
scope: "CLOUDFRONT",
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-metric-name",
sampledRequestsEnabled: false,
},
});
resources:
atp-example:
type: aws:wafv2:WebAcl
properties:
defaultAction:
allow: {}
description: Example of a managed ATP rule.
rules:
- name: atp-rule-1
overrideAction:
count: {}
priority: 1
statement:
managedRuleGroupStatement:
managedRuleGroupConfigs:
- awsManagedRulesAtpRuleSet:
loginPath: /api/1/signin
requestInspection:
passwordField:
identifier: /password
payloadType: JSON
usernameField:
identifier: /email
responseInspection:
statusCode:
failureCodes:
- '403'
successCodes:
- '200'
name: AWSManagedRulesATPRuleSet
vendorName: AWS
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
scope: CLOUDFRONT
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-metric-name
sampledRequestsEnabled: false
Rate Based
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.RuleGroup("example", new()
{
Capacity = 10,
Scope = "REGIONAL",
Rules = new[]
{
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "rule-1",
Priority = 1,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Count = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"NL",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-rule-metric-name",
SampledRequestsEnabled = false,
},
},
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "rule-to-exclude-a",
Priority = 10,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Allow = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"US",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-rule-metric-name",
SampledRequestsEnabled = false,
},
},
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "rule-to-exclude-b",
Priority = 15,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Allow = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"GB",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-rule-metric-name",
SampledRequestsEnabled = false,
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-metric-name",
SampledRequestsEnabled = false,
},
});
var test = new Aws.WafV2.WebAcl("test", new()
{
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Block = null,
},
Rules = new[]
{
new Aws.WafV2.Inputs.WebAclRuleArgs
{
Name = "rule-1",
Priority = 1,
OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs
{
Count = null,
},
Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs
{
RuleGroupReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs
{
Arn = example.Arn,
ExcludedRules = new[]
{
new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs
{
Name = "rule-to-exclude-b",
},
new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs
{
Name = "rule-to-exclude-a",
},
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-rule-metric-name",
SampledRequestsEnabled = false,
},
},
},
Tags =
{
{ "Tag1", "Value1" },
{ "Tag2", "Value2" },
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "friendly-metric-name",
SampledRequestsEnabled = false,
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := wafv2.NewRuleGroup(ctx, "example", &wafv2.RuleGroupArgs{
Capacity: pulumi.Int(10),
Scope: pulumi.String("REGIONAL"),
Rules: wafv2.RuleGroupRuleArray{
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("rule-1"),
Priority: pulumi.Int(1),
Action: &wafv2.RuleGroupRuleActionArgs{
Count: nil,
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("NL"),
},
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-rule-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
},
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("rule-to-exclude-a"),
Priority: pulumi.Int(10),
Action: &wafv2.RuleGroupRuleActionArgs{
Allow: nil,
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("US"),
},
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-rule-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
},
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("rule-to-exclude-b"),
Priority: pulumi.Int(15),
Action: &wafv2.RuleGroupRuleActionArgs{
Allow: nil,
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("GB"),
},
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-rule-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
},
},
VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAcl(ctx, "test", &wafv2.WebAclArgs{
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Block: nil,
},
Rules: wafv2.WebAclRuleArray{
&wafv2.WebAclRuleArgs{
Name: pulumi.String("rule-1"),
Priority: pulumi.Int(1),
OverrideAction: &wafv2.WebAclRuleOverrideActionArgs{
Count: nil,
},
Statement: &wafv2.WebAclRuleStatementArgs{
RuleGroupReferenceStatement: &wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs{
Arn: example.Arn,
ExcludedRules: wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArray{
&wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{
Name: pulumi.String("rule-to-exclude-b"),
},
&wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{
Name: pulumi.String("rule-to-exclude-a"),
},
},
},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-rule-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
},
},
Tags: pulumi.StringMap{
"Tag1": pulumi.String("Value1"),
"Tag2": pulumi.String("Value2"),
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("friendly-metric-name"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAcl("example", WebAclArgs.builder()
.defaultAction(WebAclDefaultActionArgs.builder()
.allow()
.build())
.description("Example of a Cloudfront rate based statement.")
.rules(WebAclRuleArgs.builder()
.action(WebAclRuleActionArgs.builder()
.block()
.build())
.name("rule-1")
.priority(1)
.statement(WebAclRuleStatementArgs.builder()
.rateBasedStatement(WebAclRuleStatementRateBasedStatementArgs.builder()
.aggregateKeyType("IP")
.limit(10000)
.scopeDownStatement(WebAclRuleStatementRateBasedStatementScopeDownStatementArgs.builder()
.geoMatchStatement(WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs.builder()
.countryCodes(
"US",
"NL")
.build())
.build())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build())
.scope("CLOUDFRONT")
.tags(Map.ofEntries(
Map.entry("Tag1", "Value1"),
Map.entry("Tag2", "Value2")
))
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.wafv2.RuleGroup("example",
capacity=10,
scope="REGIONAL",
rules=[
aws.wafv2.RuleGroupRuleArgs(
name="rule-1",
priority=1,
action=aws.wafv2.RuleGroupRuleActionArgs(
count=aws.wafv2.RuleGroupRuleActionCountArgs(),
),
statement=aws.wafv2.RuleGroupRuleStatementArgs(
geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
country_codes=["NL"],
),
),
visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-rule-metric-name",
sampled_requests_enabled=False,
),
),
aws.wafv2.RuleGroupRuleArgs(
name="rule-to-exclude-a",
priority=10,
action=aws.wafv2.RuleGroupRuleActionArgs(
allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),
),
statement=aws.wafv2.RuleGroupRuleStatementArgs(
geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
country_codes=["US"],
),
),
visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-rule-metric-name",
sampled_requests_enabled=False,
),
),
aws.wafv2.RuleGroupRuleArgs(
name="rule-to-exclude-b",
priority=15,
action=aws.wafv2.RuleGroupRuleActionArgs(
allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),
),
statement=aws.wafv2.RuleGroupRuleStatementArgs(
geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(
country_codes=["GB"],
),
),
visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-rule-metric-name",
sampled_requests_enabled=False,
),
),
],
visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-metric-name",
sampled_requests_enabled=False,
))
test = aws.wafv2.WebAcl("test",
scope="REGIONAL",
default_action=aws.wafv2.WebAclDefaultActionArgs(
block=aws.wafv2.WebAclDefaultActionBlockArgs(),
),
rules=[aws.wafv2.WebAclRuleArgs(
name="rule-1",
priority=1,
override_action=aws.wafv2.WebAclRuleOverrideActionArgs(
count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),
),
statement=aws.wafv2.WebAclRuleStatementArgs(
rule_group_reference_statement=aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(
arn=example.arn,
excluded_rules=[
aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(
name="rule-to-exclude-b",
),
aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(
name="rule-to-exclude-a",
),
],
),
),
visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-rule-metric-name",
sampled_requests_enabled=False,
),
)],
tags={
"Tag1": "Value1",
"Tag2": "Value2",
},
visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(
cloudwatch_metrics_enabled=False,
metric_name="friendly-metric-name",
sampled_requests_enabled=False,
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.RuleGroup("example", {
capacity: 10,
scope: "REGIONAL",
rules: [
{
name: "rule-1",
priority: 1,
action: {
count: {},
},
statement: {
geoMatchStatement: {
countryCodes: ["NL"],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-rule-metric-name",
sampledRequestsEnabled: false,
},
},
{
name: "rule-to-exclude-a",
priority: 10,
action: {
allow: {},
},
statement: {
geoMatchStatement: {
countryCodes: ["US"],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-rule-metric-name",
sampledRequestsEnabled: false,
},
},
{
name: "rule-to-exclude-b",
priority: 15,
action: {
allow: {},
},
statement: {
geoMatchStatement: {
countryCodes: ["GB"],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-rule-metric-name",
sampledRequestsEnabled: false,
},
},
],
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-metric-name",
sampledRequestsEnabled: false,
},
});
const test = new aws.wafv2.WebAcl("test", {
scope: "REGIONAL",
defaultAction: {
block: {},
},
rules: [{
name: "rule-1",
priority: 1,
overrideAction: {
count: {},
},
statement: {
ruleGroupReferenceStatement: {
arn: example.arn,
excludedRules: [
{
name: "rule-to-exclude-b",
},
{
name: "rule-to-exclude-a",
},
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-rule-metric-name",
sampledRequestsEnabled: false,
},
}],
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "friendly-metric-name",
sampledRequestsEnabled: false,
},
});
resources:
example:
type: aws:wafv2:WebAcl
properties:
defaultAction:
allow: {}
description: Example of a Cloudfront rate based statement.
rules:
- action:
block: {}
name: rule-1
priority: 1
statement:
rateBasedStatement:
aggregateKeyType: IP
limit: 10000
scopeDownStatement:
geoMatchStatement:
countryCodes:
- US
- NL
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
scope: CLOUDFRONT
tags:
Tag1: Value1
Tag2: Value2
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-metric-name
sampledRequestsEnabled: false
Rule Group Reference
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionCountArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionCountArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new RuleGroup("example", RuleGroupArgs.builder()
.capacity(10)
.scope("REGIONAL")
.rules(
RuleGroupRuleArgs.builder()
.name("rule-1")
.priority(1)
.action(RuleGroupRuleActionArgs.builder()
.count()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("NL")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build(),
RuleGroupRuleArgs.builder()
.name("rule-to-exclude-a")
.priority(10)
.action(RuleGroupRuleActionArgs.builder()
.allow()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("US")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build(),
RuleGroupRuleArgs.builder()
.name("rule-to-exclude-b")
.priority(15)
.action(RuleGroupRuleActionArgs.builder()
.allow()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
.countryCodes("GB")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build())
.visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.build());
var test = new WebAcl("test", WebAclArgs.builder()
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.block()
.build())
.rules(WebAclRuleArgs.builder()
.name("rule-1")
.priority(1)
.overrideAction(WebAclRuleOverrideActionArgs.builder()
.count()
.build())
.statement(WebAclRuleStatementArgs.builder()
.ruleGroupReferenceStatement(WebAclRuleStatementRuleGroupReferenceStatementArgs.builder()
.arn(example.arn())
.excludedRules(
WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs.builder()
.name("rule-to-exclude-b")
.build(),
WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs.builder()
.name("rule-to-exclude-a")
.build())
.build())
.build())
.visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build())
.tags(Map.ofEntries(
Map.entry("Tag1", "Value1"),
Map.entry("Tag2", "Value2")
))
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.build());
}
}
Coming soon!
Coming soon!
resources:
example:
type: aws:wafv2:RuleGroup
properties:
capacity: 10
scope: REGIONAL
rules:
- name: rule-1
priority: 1
action:
count: {}
statement:
geoMatchStatement:
countryCodes:
- NL
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
- name: rule-to-exclude-a
priority: 10
action:
allow: {}
statement:
geoMatchStatement:
countryCodes:
- US
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
- name: rule-to-exclude-b
priority: 15
action:
allow: {}
statement:
geoMatchStatement:
countryCodes:
- GB
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-metric-name
sampledRequestsEnabled: false
test:
type: aws:wafv2:WebAcl
properties:
scope: REGIONAL
defaultAction:
block: {}
rules:
- name: rule-1
priority: 1
overrideAction:
count: {}
statement:
ruleGroupReferenceStatement:
arn: ${example.arn}
excludedRules:
- name: rule-to-exclude-b
- name: rule-to-exclude-a
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-rule-metric-name
sampledRequestsEnabled: false
tags:
Tag1: Value1
Tag2: Value2
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: friendly-metric-name
sampledRequestsEnabled: false
Create WebAcl Resource
new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);@overload
def WebAcl(resource_name: str,
opts: Optional[ResourceOptions] = None,
captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
default_action: Optional[WebAclDefaultActionArgs] = None,
description: Optional[str] = None,
name: Optional[str] = None,
rules: Optional[Sequence[WebAclRuleArgs]] = None,
scope: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
token_domains: Optional[Sequence[str]] = None,
visibility_config: Optional[WebAclVisibilityConfigArgs] = None)
@overload
def WebAcl(resource_name: str,
args: WebAclArgs,
opts: Optional[ResourceOptions] = None)func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
public WebAcl(String name, WebAclArgs args)
public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
WebAcl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The WebAcl resource accepts the following input properties:
- Default
Action Pulumi.Aws. Waf V2. Inputs. Web Acl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- Scope string
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- Visibility
Config Pulumi.Aws. Waf V2. Inputs. Web Acl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- Captcha
Config Pulumi.Aws. Waf V2. Inputs. Web Acl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Custom
Response List<Pulumi.Bodies Aws. Waf V2. Inputs. Web Acl Custom Response Body Args> Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- Description string
Friendly description of the WebACL.
- Name string
Friendly name of the WebACL.
- Rules
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Args> Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- Dictionary<string, string>
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Token
Domains List<string> Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- Default
Action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- Scope string
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- Visibility
Config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- Captcha
Config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Custom
Response []WebBodies Acl Custom Response Body Args Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- Description string
Friendly description of the WebACL.
- Name string
Friendly name of the WebACL.
- Rules
[]Web
Acl Rule Args Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- map[string]string
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Token
Domains []string Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default
Action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- scope String
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- visibility
Config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- captcha
Config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom
Response List<WebBodies Acl Custom Response Body Args> Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- description String
Friendly description of the WebACL.
- name String
Friendly name of the WebACL.
- rules
List<Web
Acl Rule Args> Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- Map<String,String>
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- token
Domains List<String> Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default
Action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- scope string
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- visibility
Config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- captcha
Config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom
Response WebBodies Acl Custom Response Body Args[] Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- description string
Friendly description of the WebACL.
- name string
Friendly name of the WebACL.
- rules
Web
Acl Rule Args[] Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- {[key: string]: string}
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- token
Domains string[] Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default_
action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- scope str
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- visibility_
config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- captcha_
config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom_
response_ Sequence[Webbodies Acl Custom Response Body Args] Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- description str
Friendly description of the WebACL.
- name str
Friendly name of the WebACL.
- rules
Sequence[Web
Acl Rule Args] Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- Mapping[str, str]
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- token_
domains Sequence[str] Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- default
Action Property Map Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- scope String
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- visibility
Config Property Map Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- captcha
Config Property Map Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom
Response List<Property Map>Bodies Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- description String
Friendly description of the WebACL.
- name String
Friendly name of the WebACL.
- rules List<Property Map>
Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- Map<String>
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- token
Domains List<String> Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:
- Arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Capacity int
Web ACL capacity units (WCUs) currently being used by this web ACL.
- Id string
The provider-assigned unique ID for this managed resource.
- Lock
Token string - Dictionary<string, string>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Capacity int
Web ACL capacity units (WCUs) currently being used by this web ACL.
- Id string
The provider-assigned unique ID for this managed resource.
- Lock
Token string - map[string]string
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity Integer
Web ACL capacity units (WCUs) currently being used by this web ACL.
- id String
The provider-assigned unique ID for this managed resource.
- lock
Token String - Map<String,String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity number
Web ACL capacity units (WCUs) currently being used by this web ACL.
- id string
The provider-assigned unique ID for this managed resource.
- lock
Token string - {[key: string]: string}
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity int
Web ACL capacity units (WCUs) currently being used by this web ACL.
- id str
The provider-assigned unique ID for this managed resource.
- lock_
token str - Mapping[str, str]
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity Number
Web ACL capacity units (WCUs) currently being used by this web ACL.
- id String
The provider-assigned unique ID for this managed resource.
- lock
Token String - Map<String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing WebAcl Resource
Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
capacity: Optional[int] = None,
captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
default_action: Optional[WebAclDefaultActionArgs] = None,
description: Optional[str] = None,
lock_token: Optional[str] = None,
name: Optional[str] = None,
rules: Optional[Sequence[WebAclRuleArgs]] = None,
scope: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
token_domains: Optional[Sequence[str]] = None,
visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAclfunc GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Capacity int
Web ACL capacity units (WCUs) currently being used by this web ACL.
- Captcha
Config Pulumi.Aws. Waf V2. Inputs. Web Acl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Custom
Response List<Pulumi.Bodies Aws. Waf V2. Inputs. Web Acl Custom Response Body Args> Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- Default
Action Pulumi.Aws. Waf V2. Inputs. Web Acl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- Description string
Friendly description of the WebACL.
- Lock
Token string - Name string
Friendly name of the WebACL.
- Rules
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Args> Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- Scope string
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- Dictionary<string, string>
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- Token
Domains List<string> Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- Visibility
Config Pulumi.Aws. Waf V2. Inputs. Web Acl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.
- Arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Capacity int
Web ACL capacity units (WCUs) currently being used by this web ACL.
- Captcha
Config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Custom
Response []WebBodies Acl Custom Response Body Args Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- Default
Action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- Description string
Friendly description of the WebACL.
- Lock
Token string - Name string
Friendly name of the WebACL.
- Rules
[]Web
Acl Rule Args Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- Scope string
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- map[string]string
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- Token
Domains []string Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- Visibility
Config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.
- arn String
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity Integer
Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha
Config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom
Response List<WebBodies Acl Custom Response Body Args> Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- default
Action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- description String
Friendly description of the WebACL.
- lock
Token String - name String
Friendly name of the WebACL.
- rules
List<Web
Acl Rule Args> Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- scope String
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- Map<String,String>
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- token
Domains List<String> Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility
Config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.
- arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity number
Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha
Config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom
Response WebBodies Acl Custom Response Body Args[] Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- default
Action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- description string
Friendly description of the WebACL.
- lock
Token string - name string
Friendly name of the WebACL.
- rules
Web
Acl Rule Args[] Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- scope string
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- {[key: string]: string}
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- token
Domains string[] Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility
Config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.
- arn str
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity int
Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha_
config WebAcl Captcha Config Args Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom_
response_ Sequence[Webbodies Acl Custom Response Body Args] Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- default_
action WebAcl Default Action Args Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- description str
Friendly description of the WebACL.
- lock_
token str - name str
Friendly name of the WebACL.
- rules
Sequence[Web
Acl Rule Args] Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- scope str
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- Mapping[str, str]
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- token_
domains Sequence[str] Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility_
config WebAcl Visibility Config Args Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.
- arn String
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- capacity Number
Web ACL capacity units (WCUs) currently being used by this web ACL.
- captcha
Config Property Map Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- custom
Response List<Property Map>Bodies Defines custom response bodies that can be referenced by
custom_responseactions. Seecustom_response_bodybelow for details.- default
Action Property Map Action to perform if none of the
rulescontained in the WebACL match. Seedefault_ actionbelow for details.- description String
Friendly description of the WebACL.
- lock
Token String - name String
Friendly name of the WebACL.
- rules List<Property Map>
Rule blocks used to identify the web requests that you want to
allow,block, orcount. Seerulebelow for details.- scope String
Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are
CLOUDFRONTorREGIONAL. To work with CloudFront, you must also specify the regionus-east-1(N. Virginia) on the AWS provider.- Map<String>
Map of key-value pairs to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- token
Domains List<String> Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
- visibility
Config Property Map Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.
Supporting Types
Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.
WebAclCaptchaConfig
- Immunity
Time Pulumi.Property Aws. Waf V2. Inputs. Web Acl Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- Immunity
Time WebProperty Acl Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time WebProperty Acl Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time WebProperty Acl Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity_
time_ Webproperty Acl Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time Property MapProperty Defines custom immunity time. See Immunity Time Property below for details.
WebAclCaptchaConfigImmunityTimeProperty
- Immunity
Time int The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- Immunity
Time int The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Integer The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time number The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity_
time int The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Number The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
WebAclCustomResponseBody
- Content string
Payload of the custom response.
- Content
Type string Type of content in the payload that you are defining in the
contentargument. Valid values areTEXT_PLAIN,TEXT_HTML, orAPPLICATION_JSON.- Key string
Unique key identifying the custom response body. This is referenced by the
custom_response_body_keyargument in thecustom_responseblock.
- Content string
Payload of the custom response.
- Content
Type string Type of content in the payload that you are defining in the
contentargument. Valid values areTEXT_PLAIN,TEXT_HTML, orAPPLICATION_JSON.- Key string
Unique key identifying the custom response body. This is referenced by the
custom_response_body_keyargument in thecustom_responseblock.
- content String
Payload of the custom response.
- content
Type String Type of content in the payload that you are defining in the
contentargument. Valid values areTEXT_PLAIN,TEXT_HTML, orAPPLICATION_JSON.- key String
Unique key identifying the custom response body. This is referenced by the
custom_response_body_keyargument in thecustom_responseblock.
- content string
Payload of the custom response.
- content
Type string Type of content in the payload that you are defining in the
contentargument. Valid values areTEXT_PLAIN,TEXT_HTML, orAPPLICATION_JSON.- key string
Unique key identifying the custom response body. This is referenced by the
custom_response_body_keyargument in thecustom_responseblock.
- content str
Payload of the custom response.
- content_
type str Type of content in the payload that you are defining in the
contentargument. Valid values areTEXT_PLAIN,TEXT_HTML, orAPPLICATION_JSON.- key str
Unique key identifying the custom response body. This is referenced by the
custom_response_body_keyargument in thecustom_responseblock.
- content String
Payload of the custom response.
- content
Type String Type of content in the payload that you are defining in the
contentargument. Valid values areTEXT_PLAIN,TEXT_HTML, orAPPLICATION_JSON.- key String
Unique key identifying the custom response body. This is referenced by the
custom_response_body_keyargument in thecustom_responseblock.
WebAclDefaultAction
- Allow
Pulumi.
Aws. Waf V2. Inputs. Web Acl Default Action Allow Specifies that AWS WAF should allow requests by default. See
allowbelow for details.- Block
Pulumi.
Aws. Waf V2. Inputs. Web Acl Default Action Block Specifies that AWS WAF should block requests by default. See
blockbelow for details.
- Allow
Web
Acl Default Action Allow Specifies that AWS WAF should allow requests by default. See
allowbelow for details.- Block
Web
Acl Default Action Block Specifies that AWS WAF should block requests by default. See
blockbelow for details.
- allow
Web
Acl Default Action Allow Specifies that AWS WAF should allow requests by default. See
allowbelow for details.- block
Web
Acl Default Action Block Specifies that AWS WAF should block requests by default. See
blockbelow for details.
- allow
Web
Acl Default Action Allow Specifies that AWS WAF should allow requests by default. See
allowbelow for details.- block
Web
Acl Default Action Block Specifies that AWS WAF should block requests by default. See
blockbelow for details.
- allow
Web
Acl Default Action Allow Specifies that AWS WAF should allow requests by default. See
allowbelow for details.- block
Web
Acl Default Action Block Specifies that AWS WAF should block requests by default. See
blockbelow for details.
- allow Property Map
Specifies that AWS WAF should allow requests by default. See
allowbelow for details.- block Property Map
Specifies that AWS WAF should block requests by default. See
blockbelow for details.
WebAclDefaultActionAllow
- Custom
Request Pulumi.Handling Aws. Waf V2. Inputs. Web Acl Default Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- Custom
Request WebHandling Acl Default Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Default Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Default Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom_
request_ Webhandling Acl Default Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request Property MapHandling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
WebAclDefaultActionAllowCustomRequestHandling
- Insert
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Default Action Allow Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- Insert
Headers []WebAcl Default Action Allow Custom Request Handling Insert Header The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<WebAcl Default Action Allow Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers WebAcl Default Action Allow Custom Request Handling Insert Header[] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert_
headers Sequence[WebAcl Default Action Allow Custom Request Handling Insert Header] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<Property Map> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
WebAclDefaultActionAllowCustomRequestHandlingInsertHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclDefaultActionBlock
- Custom
Response Pulumi.Aws. Waf V2. Inputs. Web Acl Default Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- Custom
Response WebAcl Default Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom
Response WebAcl Default Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom
Response WebAcl Default Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom_
response WebAcl Default Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom
Response Property Map Defines a custom response for the web request. See
custom_responsebelow for details.
WebAclDefaultActionBlockCustomResponse
- Response
Code int The HTTP status code to return to the client.
- Custom
Response stringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- Response
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Default Action Block Custom Response Response Header> The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- Response
Code int The HTTP status code to return to the client.
- Custom
Response stringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- Response
Headers []WebAcl Default Action Block Custom Response Response Header The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response
Code Integer The HTTP status code to return to the client.
- custom
Response StringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response
Headers List<WebAcl Default Action Block Custom Response Response Header> The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response
Code number The HTTP status code to return to the client.
- custom
Response stringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response
Headers WebAcl Default Action Block Custom Response Response Header[] The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response_
code int The HTTP status code to return to the client.
- custom_
response_ strbody_ key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response_
headers Sequence[WebAcl Default Action Block Custom Response Response Header] The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response
Code Number The HTTP status code to return to the client.
- custom
Response StringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response
Headers List<Property Map> The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
WebAclDefaultActionBlockCustomResponseResponseHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclRule
- Name string
Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.- Priority int
If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rulesin order based on the value ofpriority. AWS WAF processes rules with lower priority first.- Statement
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement The AWS WAF processing statement for the rule, for example
byte_match_statementorgeo_match_statement. Seestatementbelow for details.- Visibility
Config Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Visibility Config Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- Action
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Action Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
actionbelow for details.- Captcha
Config Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Captcha Config Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Override
Action Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Override Action Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statementandmanaged_rule_group_statement. Seeoverride_actionbelow for details.- Rule
Labels List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Rule Label> Labels to apply to web requests that match the rule match statement. See
rule_labelbelow for details.
- Name string
Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.- Priority int
If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rulesin order based on the value ofpriority. AWS WAF processes rules with lower priority first.- Statement
Web
Acl Rule Statement The AWS WAF processing statement for the rule, for example
byte_match_statementorgeo_match_statement. Seestatementbelow for details.- Visibility
Config WebAcl Rule Visibility Config Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- Action
Web
Acl Rule Action Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
actionbelow for details.- Captcha
Config WebAcl Rule Captcha Config Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- Override
Action WebAcl Rule Override Action Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statementandmanaged_rule_group_statement. Seeoverride_actionbelow for details.- Rule
Labels []WebAcl Rule Rule Label Labels to apply to web requests that match the rule match statement. See
rule_labelbelow for details.
- name String
Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.- priority Integer
If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rulesin order based on the value ofpriority. AWS WAF processes rules with lower priority first.- statement
Web
Acl Rule Statement The AWS WAF processing statement for the rule, for example
byte_match_statementorgeo_match_statement. Seestatementbelow for details.- visibility
Config WebAcl Rule Visibility Config Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- action
Web
Acl Rule Action Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
actionbelow for details.- captcha
Config WebAcl Rule Captcha Config Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- override
Action WebAcl Rule Override Action Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statementandmanaged_rule_group_statement. Seeoverride_actionbelow for details.- rule
Labels List<WebAcl Rule Rule Label> Labels to apply to web requests that match the rule match statement. See
rule_labelbelow for details.
- name string
Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.- priority number
If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rulesin order based on the value ofpriority. AWS WAF processes rules with lower priority first.- statement
Web
Acl Rule Statement The AWS WAF processing statement for the rule, for example
byte_match_statementorgeo_match_statement. Seestatementbelow for details.- visibility
Config WebAcl Rule Visibility Config Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- action
Web
Acl Rule Action Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
actionbelow for details.- captcha
Config WebAcl Rule Captcha Config Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- override
Action WebAcl Rule Override Action Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statementandmanaged_rule_group_statement. Seeoverride_actionbelow for details.- rule
Labels WebAcl Rule Rule Label[] Labels to apply to web requests that match the rule match statement. See
rule_labelbelow for details.
- name str
Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.- priority int
If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rulesin order based on the value ofpriority. AWS WAF processes rules with lower priority first.- statement
Web
Acl Rule Statement The AWS WAF processing statement for the rule, for example
byte_match_statementorgeo_match_statement. Seestatementbelow for details.- visibility_
config WebAcl Rule Visibility Config Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- action
Web
Acl Rule Action Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
actionbelow for details.- captcha_
config WebAcl Rule Captcha Config Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- override_
action WebAcl Rule Override Action Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statementandmanaged_rule_group_statement. Seeoverride_actionbelow for details.- rule_
labels Sequence[WebAcl Rule Rule Label] Labels to apply to web requests that match the rule match statement. See
rule_labelbelow for details.
- name String
Friendly name of the rule. NOTE: The provider assumes that rules with names matching this pattern,
^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.- priority Number
If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the
rulesin order based on the value ofpriority. AWS WAF processes rules with lower priority first.- statement Property Map
The AWS WAF processing statement for the rule, for example
byte_match_statementorgeo_match_statement. Seestatementbelow for details.- visibility
Config Property Map Defines and enables Amazon CloudWatch metrics and web request sample collection. See
visibility_configbelow for details.- action Property Map
Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See
actionbelow for details.- captcha
Config Property Map Specifies how AWS WAF should handle CAPTCHA evaluations. See Captcha Configuration below for details.
- override
Action Property Map Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like
rule_group_reference_statementandmanaged_rule_group_statement. Seeoverride_actionbelow for details.- rule
Labels List<Property Map> Labels to apply to web requests that match the rule match statement. See
rule_labelbelow for details.
WebAclRuleAction
- Allow
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Action Allow Instructs AWS WAF to allow the web request. See
allowbelow for details.- Block
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Action Block Instructs AWS WAF to block the web request. See
blockbelow for details.- Captcha
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Action Captcha Instructs AWS WAF to run a Captcha check against the web request. See
captchabelow for details.- Challenge
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Action Challenge Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challengebelow for details.- Count
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Action Count Instructs AWS WAF to count the web request and allow it. See
countbelow for details.
- Allow
Web
Acl Rule Action Allow Instructs AWS WAF to allow the web request. See
allowbelow for details.- Block
Web
Acl Rule Action Block Instructs AWS WAF to block the web request. See
blockbelow for details.- Captcha
Web
Acl Rule Action Captcha Instructs AWS WAF to run a Captcha check against the web request. See
captchabelow for details.- Challenge
Web
Acl Rule Action Challenge Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challengebelow for details.- Count
Web
Acl Rule Action Count Instructs AWS WAF to count the web request and allow it. See
countbelow for details.
- allow
Web
Acl Rule Action Allow Instructs AWS WAF to allow the web request. See
allowbelow for details.- block
Web
Acl Rule Action Block Instructs AWS WAF to block the web request. See
blockbelow for details.- captcha
Web
Acl Rule Action Captcha Instructs AWS WAF to run a Captcha check against the web request. See
captchabelow for details.- challenge
Web
Acl Rule Action Challenge Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challengebelow for details.- count
Web
Acl Rule Action Count Instructs AWS WAF to count the web request and allow it. See
countbelow for details.
- allow
Web
Acl Rule Action Allow Instructs AWS WAF to allow the web request. See
allowbelow for details.- block
Web
Acl Rule Action Block Instructs AWS WAF to block the web request. See
blockbelow for details.- captcha
Web
Acl Rule Action Captcha Instructs AWS WAF to run a Captcha check against the web request. See
captchabelow for details.- challenge
Web
Acl Rule Action Challenge Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challengebelow for details.- count
Web
Acl Rule Action Count Instructs AWS WAF to count the web request and allow it. See
countbelow for details.
- allow
Web
Acl Rule Action Allow Instructs AWS WAF to allow the web request. See
allowbelow for details.- block
Web
Acl Rule Action Block Instructs AWS WAF to block the web request. See
blockbelow for details.- captcha
Web
Acl Rule Action Captcha Instructs AWS WAF to run a Captcha check against the web request. See
captchabelow for details.- challenge
Web
Acl Rule Action Challenge Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challengebelow for details.- count
Web
Acl Rule Action Count Instructs AWS WAF to count the web request and allow it. See
countbelow for details.
- allow Property Map
Instructs AWS WAF to allow the web request. See
allowbelow for details.- block Property Map
Instructs AWS WAF to block the web request. See
blockbelow for details.- captcha Property Map
Instructs AWS WAF to run a Captcha check against the web request. See
captchabelow for details.- challenge Property Map
Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See
challengebelow for details.- count Property Map
Instructs AWS WAF to count the web request and allow it. See
countbelow for details.
WebAclRuleActionAllow
- Custom
Request Pulumi.Handling Aws. Waf V2. Inputs. Web Acl Rule Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- Custom
Request WebHandling Acl Rule Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom_
request_ Webhandling Acl Rule Action Allow Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request Property MapHandling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
WebAclRuleActionAllowCustomRequestHandling
- Insert
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Action Allow Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- Insert
Headers []WebAcl Rule Action Allow Custom Request Handling Insert Header The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<WebAcl Rule Action Allow Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers WebAcl Rule Action Allow Custom Request Handling Insert Header[] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert_
headers Sequence[WebAcl Rule Action Allow Custom Request Handling Insert Header] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<Property Map> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
WebAclRuleActionAllowCustomRequestHandlingInsertHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclRuleActionBlock
- Custom
Response Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- Custom
Response WebAcl Rule Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom
Response WebAcl Rule Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom
Response WebAcl Rule Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom_
response WebAcl Rule Action Block Custom Response Defines a custom response for the web request. See
custom_responsebelow for details.
- custom
Response Property Map Defines a custom response for the web request. See
custom_responsebelow for details.
WebAclRuleActionBlockCustomResponse
- Response
Code int The HTTP status code to return to the client.
- Custom
Response stringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- Response
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Action Block Custom Response Response Header> The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- Response
Code int The HTTP status code to return to the client.
- Custom
Response stringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- Response
Headers []WebAcl Rule Action Block Custom Response Response Header The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response
Code Integer The HTTP status code to return to the client.
- custom
Response StringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response
Headers List<WebAcl Rule Action Block Custom Response Response Header> The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response
Code number The HTTP status code to return to the client.
- custom
Response stringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response
Headers WebAcl Rule Action Block Custom Response Response Header[] The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response_
code int The HTTP status code to return to the client.
- custom_
response_ strbody_ key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response_
headers Sequence[WebAcl Rule Action Block Custom Response Response Header] The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
- response
Code Number The HTTP status code to return to the client.
- custom
Response StringBody Key References the response body that you want AWS WAF to return to the web request client. This must reference a
keydefined in acustom_response_bodyblock of this resource.- response
Headers List<Property Map> The
response_headerblocks used to define the HTTP response headers added to the response. Seeresponse_headerbelow for details.
WebAclRuleActionBlockCustomResponseResponseHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclRuleActionCaptcha
- Custom
Request Pulumi.Handling Aws. Waf V2. Inputs. Web Acl Rule Action Captcha Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- Custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Captcha Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom_
request_ Webhandling Acl Rule Action Captcha Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request Property MapHandling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
WebAclRuleActionCaptchaCustomRequestHandling
- Insert
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Action Captcha Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- Insert
Headers []WebAcl Rule Action Captcha Custom Request Handling Insert Header The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<WebAcl Rule Action Captcha Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers WebAcl Rule Action Captcha Custom Request Handling Insert Header[] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert_
headers Sequence[WebAcl Rule Action Captcha Custom Request Handling Insert Header] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<Property Map> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclRuleActionChallenge
- Custom
Request Pulumi.Handling Aws. Waf V2. Inputs. Web Acl Rule Action Challenge Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- Custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Challenge Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom_
request_ Webhandling Acl Rule Action Challenge Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request Property MapHandling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
WebAclRuleActionChallengeCustomRequestHandling
- Insert
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Action Challenge Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- Insert
Headers []WebAcl Rule Action Challenge Custom Request Handling Insert Header The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<WebAcl Rule Action Challenge Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers WebAcl Rule Action Challenge Custom Request Handling Insert Header[] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert_
headers Sequence[WebAcl Rule Action Challenge Custom Request Handling Insert Header] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<Property Map> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
WebAclRuleActionChallengeCustomRequestHandlingInsertHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclRuleActionCount
- Custom
Request Pulumi.Handling Aws. Waf V2. Inputs. Web Acl Rule Action Count Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- Custom
Request WebHandling Acl Rule Action Count Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Count Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request WebHandling Acl Rule Action Count Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom_
request_ Webhandling Acl Rule Action Count Custom Request Handling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
- custom
Request Property MapHandling Defines custom handling for the web request. See
custom_request_handlingbelow for details.
WebAclRuleActionCountCustomRequestHandling
- Insert
Headers List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Action Count Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- Insert
Headers []WebAcl Rule Action Count Custom Request Handling Insert Header The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<WebAcl Rule Action Count Custom Request Handling Insert Header> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers WebAcl Rule Action Count Custom Request Handling Insert Header[] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert_
headers Sequence[WebAcl Rule Action Count Custom Request Handling Insert Header] The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
- insert
Headers List<Property Map> The
insert_headerblocks used to define HTTP headers added to the request. Seeinsert_headerbelow for details.
WebAclRuleActionCountCustomRequestHandlingInsertHeader
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- Name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- Value string
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
- name string
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value string
Value of the custom header.
- name str
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value str
Value of the custom header.
- name String
Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name
x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header namesample, AWS WAF inserts the headerx-amzn-waf-sample.- value String
Value of the custom header.
WebAclRuleCaptchaConfig
- Immunity
Time Pulumi.Property Aws. Waf V2. Inputs. Web Acl Rule Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- Immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time WebProperty Acl Rule Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity_
time_ Webproperty Acl Rule Captcha Config Immunity Time Property Defines custom immunity time. See Immunity Time Property below for details.
- immunity
Time Property MapProperty Defines custom immunity time. See Immunity Time Property below for details.
WebAclRuleCaptchaConfigImmunityTimeProperty
- Immunity
Time int The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- Immunity
Time int The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Integer The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time number The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity_
time int The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
- immunity
Time Number The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.
WebAclRuleOverrideAction
- Count
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Override Action Count Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}.- None
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Override Action None Don't override the rule action setting. Configured as an empty block
{}.
- Count
Web
Acl Rule Override Action Count Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}.- None
Web
Acl Rule Override Action None Don't override the rule action setting. Configured as an empty block
{}.
- count
Web
Acl Rule Override Action Count Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}.- none
Web
Acl Rule Override Action None Don't override the rule action setting. Configured as an empty block
{}.
- count
Web
Acl Rule Override Action Count Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}.- none
Web
Acl Rule Override Action None Don't override the rule action setting. Configured as an empty block
{}.
- count
Web
Acl Rule Override Action Count Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}.- none
Web
Acl Rule Override Action None Don't override the rule action setting. Configured as an empty block
{}.
- count Property Map
Override the rule action setting to count (i.e., only count matches). Configured as an empty block
{}.- none Property Map
Don't override the rule action setting. Configured as an empty block
{}.
WebAclRuleRuleLabel
- Name string
Label string.
- Name string
Label string.
- name String
Label string.
- name string
Label string.
- name str
Label string.
- name String
Label string.
WebAclRuleStatement
- And
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- Byte
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set Pulumi.Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Managed
Rule Pulumi.Group Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Managed Rule Group Statement Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.
- Not
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- Or
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- Rate
Based Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Rate Based Statement Rate-based rule tracks the rate of requests for each originating
IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minutetime span. This statement can not be nested. Seerate_based_statementbelow for details.- Regex
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern Pulumi.Set Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Rule
Group Pulumi.Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Rule Group Reference Statement Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.
- Size
Constraint Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- And
Statement WebAcl Rule Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- Byte
Match WebStatement Acl Rule Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match WebStatement Acl Rule Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match WebStatement Acl Rule Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.
- Not
Statement WebAcl Rule Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- Or
Statement WebAcl Rule Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- Rate
Based WebStatement Acl Rule Statement Rate Based Statement Rate-based rule tracks the rate of requests for each originating
IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minutetime span. This statement can not be nested. Seerate_based_statementbelow for details.- Regex
Match WebStatement Acl Rule Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.
- Size
Constraint WebStatement Acl Rule Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match WebStatement Acl Rule Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match WebStatement Acl Rule Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement WebAcl Rule Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match WebStatement Acl Rule Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.
- not
Statement WebAcl Rule Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement WebAcl Rule Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- rate
Based WebStatement Acl Rule Statement Rate Based Statement Rate-based rule tracks the rate of requests for each originating
IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minutetime span. This statement can not be nested. Seerate_based_statementbelow for details.- regex
Match WebStatement Acl Rule Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement WebAcl Rule Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match WebStatement Acl Rule Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- managed
Rule WebGroup Statement Acl Rule Statement Managed Rule Group Statement Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.
- not
Statement WebAcl Rule Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement WebAcl Rule Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- rate
Based WebStatement Acl Rule Statement Rate Based Statement Rate-based rule tracks the rate of requests for each originating
IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minutetime span. This statement can not be nested. Seerate_based_statementbelow for details.- regex
Match WebStatement Acl Rule Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- rule
Group WebReference Statement Acl Rule Statement Rule Group Reference Statement Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and_
statement WebAcl Rule Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte_
match_ Webstatement Acl Rule Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo_
match_ Webstatement Acl Rule Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip_
set_ Webreference_ statement Acl Rule Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label_
match_ Webstatement Acl Rule Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- managed_
rule_ Webgroup_ statement Acl Rule Statement Managed Rule Group Statement Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.
- not_
statement WebAcl Rule Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or_
statement WebAcl Rule Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- rate_
based_ Webstatement Acl Rule Statement Rate Based Statement Rate-based rule tracks the rate of requests for each originating
IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minutetime span. This statement can not be nested. Seerate_based_statementbelow for details.- regex_
match_ Webstatement Acl Rule Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- rule_
group_ Webreference_ statement Acl Rule Statement Rule Group Reference Statement Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.
- size_
constraint_ Webstatement Acl Rule Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli_
match_ Webstatement Acl Rule Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss_
match_ Webstatement Acl Rule Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement Property Map Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match Property MapStatement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match Property MapStatement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set Property MapReference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match Property MapStatement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- managed
Rule Property MapGroup Statement Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.
- not
Statement Property Map Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement Property Map Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- rate
Based Property MapStatement Rate-based rule tracks the rate of requests for each originating
IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any5-minutetime span. This statement can not be nested. Seerate_based_statementbelow for details.- regex
Match Property MapStatement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern Property MapSet Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- rule
Group Property MapReference Statement Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.
- size
Constraint Property MapStatement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match Property MapStatement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match Property MapStatement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
WebAclRuleStatementAndStatement
- Statements
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement> Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- Statements
[]Web
Acl Rule Statement And Statement Statement Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
List<Web
Acl Rule Statement And Statement Statement> Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
Web
Acl Rule Statement And Statement Statement[] Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
Sequence[Web
Acl Rule Statement And Statement Statement] Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements List<Property Map>
Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
WebAclRuleStatementAndStatementStatement
- And
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- Byte
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set Pulumi.Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Not
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- Or
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- Regex
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern Pulumi.Set Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- And
Statement WebAcl Rule Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- Byte
Match WebStatement Acl Rule Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match WebStatement Acl Rule Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set WebReference Statement Acl Rule Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match WebStatement Acl Rule Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Not
Statement WebAcl Rule Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- Or
Statement WebAcl Rule Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- Regex
Match WebStatement Acl Rule Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint WebStatement Acl Rule Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match WebStatement Acl Rule Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match WebStatement Acl Rule Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement WebAcl Rule Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match WebStatement Acl Rule Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not
Statement WebAcl Rule Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement WebAcl Rule Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex
Match WebStatement Acl Rule Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement WebAcl Rule Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match WebStatement Acl Rule Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not
Statement WebAcl Rule Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement WebAcl Rule Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex
Match WebStatement Acl Rule Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and_
statement WebAcl Rule Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte_
match_ Webstatement Acl Rule Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo_
match_ Webstatement Acl Rule Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip_
set_ Webreference_ statement Acl Rule Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label_
match_ Webstatement Acl Rule Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not_
statement WebAcl Rule Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or_
statement WebAcl Rule Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex_
match_ Webstatement Acl Rule Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size_
constraint_ Webstatement Acl Rule Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli_
match_ Webstatement Acl Rule Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss_
match_ Webstatement Acl Rule Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement Property Map Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match Property MapStatement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match Property MapStatement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set Property MapReference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match Property MapStatement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not
Statement Property Map Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement Property Map Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex
Match Property MapStatement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern Property MapSet Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint Property MapStatement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match Property MapStatement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match Property MapStatement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
WebAclRuleStatementAndStatementStatementAndStatement
- Statements
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement> Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- Statements
[]Web
Acl Rule Statement And Statement Statement And Statement Statement Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
List<Web
Acl Rule Statement And Statement Statement And Statement Statement> Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
Web
Acl Rule Statement And Statement Statement And Statement Statement[] Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
Sequence[Web
Acl Rule Statement And Statement Statement And Statement Statement] Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements List<Property Map>
Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
WebAclRuleStatementAndStatementStatementAndStatementStatement
- And
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- Byte
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set Pulumi.Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Not
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- Or
Statement Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- Regex
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern Pulumi.Set Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- And
Statement WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- Byte
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set WebReference Statement Acl Rule Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Not
Statement WebAcl Rule Statement And Statement Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- Or
Statement WebAcl Rule Statement And Statement Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- Regex
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint WebStatement Acl Rule Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not
Statement WebAcl Rule Statement And Statement Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement WebAcl Rule Statement And Statement Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not
Statement WebAcl Rule Statement And Statement Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement WebAcl Rule Statement And Statement Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and_
statement WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip_
set_ Webreference_ statement Acl Rule Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not_
statement WebAcl Rule Statement And Statement Statement And Statement Statement Not Statement Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or_
statement WebAcl Rule Statement And Statement Statement And Statement Statement Or Statement Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size_
constraint_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- and
Statement Property Map Logical rule statement used to combine other rule statements with AND logic. See
and_statementbelow for details.- byte
Match Property MapStatement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match Property MapStatement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set Property MapReference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match Property MapStatement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- not
Statement Property Map Logical rule statement used to negate the results of another rule statement. See
not_statementbelow for details.- or
Statement Property Map Logical rule statement used to combine other rule statements with OR logic. See
or_statementbelow for details.- regex
Match Property MapStatement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern Property MapSet Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint Property MapStatement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match Property MapStatement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match Property MapStatement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement
- Statements
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement> Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- Statements
[]Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
List<Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement> Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement[] Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements
Sequence[Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement] Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
- statements List<Property Map>
Statements to combine with
ANDlogic. You can use any statements that can be nested. Seestatementabove for details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement
- Byte
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set Pulumi.Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Regex
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern Pulumi.Set Reference Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match Pulumi.Statement Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- Byte
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- Geo
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- Ip
Set WebReference Statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- Label
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- Regex
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- Regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- Size
Constraint WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- Sqli
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- Xss
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- byte
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- regex
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- byte
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set WebReference Statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- regex
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern WebSet Reference Statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match WebStatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- byte_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip_
set_ Webreference_ statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Label Match Statement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- regex_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex_
pattern_ Webset_ reference_ statement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Pattern Set Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size_
constraint_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Size Constraint Statement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Sqli Match Statement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss_
match_ Webstatement Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Xss Match Statement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
- byte
Match Property MapStatement Rule statement that defines a string match search for AWS WAF to apply to web requests. See
byte_match_statementbelow for details.- geo
Match Property MapStatement Rule statement used to identify web requests based on country of origin. See
geo_match_statementbelow for details.- ip
Set Property MapReference Statement Rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.
- label
Match Property MapStatement Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See
label_match_statementbelow for details.- regex
Match Property MapStatement Rule statement used to search web request components for a match against a single regular expression. See
regex_match_statementbelow for details.- regex
Pattern Property MapSet Reference Statement Rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.
- size
Constraint Property MapStatement Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See
size_constraint_statementbelow for more details.- sqli
Match Property MapStatement An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See
sqli_match_statementbelow for details.- xss
Match Property MapStatement Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See
xss_match_statementbelow for details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement
- Positional
Constraint string Area within the portion of a web request that you want AWS WAF to search for
search_string. Valid values include the following:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. See the AWS documentation for more information.- Search
String string String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match. The maximum length of the value is 50 bytes.- Text
Transformations List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Text Transformation> Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- Field
To Pulumi.Match Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- Positional
Constraint string Area within the portion of a web request that you want AWS WAF to search for
search_string. Valid values include the following:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. See the AWS documentation for more information.- Search
String string String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match. The maximum length of the value is 50 bytes.- Text
Transformations []WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Text Transformation Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- Field
To WebMatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- positional
Constraint String Area within the portion of a web request that you want AWS WAF to search for
search_string. Valid values include the following:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. See the AWS documentation for more information.- search
String String String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match. The maximum length of the value is 50 bytes.- text
Transformations List<WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Text Transformation> Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field
To WebMatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- positional
Constraint string Area within the portion of a web request that you want AWS WAF to search for
search_string. Valid values include the following:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. See the AWS documentation for more information.- search
String string String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match. The maximum length of the value is 50 bytes.- text
Transformations WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Text Transformation[] Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field
To WebMatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- positional_
constraint str Area within the portion of a web request that you want AWS WAF to search for
search_string. Valid values include the following:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. See the AWS documentation for more information.- search_
string str String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match. The maximum length of the value is 50 bytes.- text_
transformations Sequence[WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Text Transformation] Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field_
to_ Webmatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- positional
Constraint String Area within the portion of a web request that you want AWS WAF to search for
search_string. Valid values include the following:EXACTLY,STARTS_WITH,ENDS_WITH,CONTAINS,CONTAINS_WORD. See the AWS documentation for more information.- search
String String String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in
field_to_match. The maximum length of the value is 50 bytes.- text
Transformations List<Property Map> Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field
To Property MapMatch Part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch
- All
Query Pulumi.Arguments Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match All Query Arguments Inspect all query arguments.
- Body
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- Headers
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header> Inspect the request headers. See
headersbelow for details.- Json
Body Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- Method
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- Single
Header Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- Single
Query Pulumi.Argument Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- Uri
Path Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- All
Query WebArguments Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match All Query Arguments Inspect all query arguments.
- Body
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- Headers
[]Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Inspect the request headers. See
headersbelow for details.- Json
Body WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- Method
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- Single
Header WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- Single
Query WebArgument Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- Uri
Path WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- all
Query WebArguments Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match All Query Arguments Inspect all query arguments.
- body
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- headers
List<Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header> Inspect the request headers. See
headersbelow for details.- json
Body WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- method
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- single
Header WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- single
Query WebArgument Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- uri
Path WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- all
Query WebArguments Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match All Query Arguments Inspect all query arguments.
- body
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- headers
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header[] Inspect the request headers. See
headersbelow for details.- json
Body WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- method
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- single
Header WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- single
Query WebArgument Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- uri
Path WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- all_
query_ Webarguments Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match All Query Arguments Inspect all query arguments.
- body
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- headers
Sequence[Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header] Inspect the request headers. See
headersbelow for details.- json_
body WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- method
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query_
string WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- single_
header WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- single_
query_ Webargument Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- uri_
path WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- all
Query Property MapArguments Inspect all query arguments.
- body Property Map
Inspect the request body, which immediately follows the request headers. See
bodybelow for details.- Property Map
Inspect the cookies in the web request. See
cookiesbelow for details.- headers List<Property Map>
Inspect the request headers. See
headersbelow for details.- json
Body Property Map Inspect the request body as JSON. See
json_bodyfor details.- method Property Map
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- query
String Property Map Inspect the query string. This is the part of a URL that appears after a
?character, if any.- single
Header Property Map Inspect a single header. See
single_headerbelow for details.- single
Query Property MapArgument Inspect a single query argument. See
single_query_argumentbelow for details.- uri
Path Property Map Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody
- Oversize
Handling string What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Oversize
Handling string What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling string What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize_
handling str What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE,MATCH,NO_MATCH.
- oversize
Handling String What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookies
- Match
Patterns List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern> The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all,included_cookiesorexcluded_cookies. More details: CookieMatchPattern- Match
Scope string The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL,KEY,VALUE- Oversize
Handling string What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE,MATCH,NO_MATCH.
- Match
Patterns []WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all,included_cookiesorexcluded_cookies. More details: CookieMatchPattern- Match
Scope string The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL,KEY,VALUE- Oversize
Handling string What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE,MATCH,NO_MATCH.
- match
Patterns List<WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern> The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all,included_cookiesorexcluded_cookies. More details: CookieMatchPattern- match
Scope String The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL,KEY,VALUE- oversize
Handling String What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE,MATCH,NO_MATCH.
- match
Patterns WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern[] The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all,included_cookiesorexcluded_cookies. More details: CookieMatchPattern- match
Scope string The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL,KEY,VALUE- oversize
Handling string What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE,MATCH,NO_MATCH.
- match_
patterns Sequence[WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern] The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all,included_cookiesorexcluded_cookies. More details: CookieMatchPattern- match_
scope str The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL,KEY,VALUE- oversize_
handling str What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE,MATCH,NO_MATCH.
- match
Patterns List<Property Map> The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either
all,included_cookiesorexcluded_cookies. More details: CookieMatchPattern- match
Scope String The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values:
ALL,KEY,VALUE- oversize
Handling String What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values:
CONTINUE,MATCH,NO_MATCH.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchCookiesMatchPattern
- All
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern All An empty configuration block that is used for inspecting all headers.
- List<string>
- List<string>
- All
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern All An empty configuration block that is used for inspecting all headers.
- []string
- []string
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern All An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern All An empty configuration block that is used for inspecting all headers.
- string[]
- string[]
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Cookies Match Pattern All An empty configuration block that is used for inspecting all headers.
- Sequence[str]
- Sequence[str]
- all Property Map
An empty configuration block that is used for inspecting all headers.
- List<String>
- List<String>
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeader
- Match
Pattern Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern The filter to use to identify the subset of headers to inspect in a web request. The
match_patternblock supports only one of the following arguments:- Match
Scope string The parts of the headers to inspect with the rule inspection criteria. If you specify
All, AWS WAF inspects both keys and values. Valid values include the following:ALL,Key,Value.- Oversize
Handling string Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE,MATCH,NO_MATCH. See the AWS documentation for more information.
- Match
Pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern The filter to use to identify the subset of headers to inspect in a web request. The
match_patternblock supports only one of the following arguments:- Match
Scope string The parts of the headers to inspect with the rule inspection criteria. If you specify
All, AWS WAF inspects both keys and values. Valid values include the following:ALL,Key,Value.- Oversize
Handling string Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE,MATCH,NO_MATCH. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern The filter to use to identify the subset of headers to inspect in a web request. The
match_patternblock supports only one of the following arguments:- match
Scope String The parts of the headers to inspect with the rule inspection criteria. If you specify
All, AWS WAF inspects both keys and values. Valid values include the following:ALL,Key,Value.- oversize
Handling String Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE,MATCH,NO_MATCH. See the AWS documentation for more information.
- match
Pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern The filter to use to identify the subset of headers to inspect in a web request. The
match_patternblock supports only one of the following arguments:- match
Scope string The parts of the headers to inspect with the rule inspection criteria. If you specify
All, AWS WAF inspects both keys and values. Valid values include the following:ALL,Key,Value.- oversize
Handling string Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE,MATCH,NO_MATCH. See the AWS documentation for more information.
- match_
pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern The filter to use to identify the subset of headers to inspect in a web request. The
match_patternblock supports only one of the following arguments:- match_
scope str The parts of the headers to inspect with the rule inspection criteria. If you specify
All, AWS WAF inspects both keys and values. Valid values include the following:ALL,Key,Value.- oversize_
handling str Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE,MATCH,NO_MATCH. See the AWS documentation for more information.
- match
Pattern Property Map The filter to use to identify the subset of headers to inspect in a web request. The
match_patternblock supports only one of the following arguments:- match
Scope String The parts of the headers to inspect with the rule inspection criteria. If you specify
All, AWS WAF inspects both keys and values. Valid values include the following:ALL,Key,Value.- oversize
Handling String Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following:
CONTINUE,MATCH,NO_MATCH. See the AWS documentation for more information.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchHeaderMatchPattern
- All
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern All An empty configuration block that is used for inspecting all headers.
- Excluded
Headers List<string> An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers List<string> An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- All
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern All An empty configuration block that is used for inspecting all headers.
- Excluded
Headers []string An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- Included
Headers []string An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern All An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern All An empty configuration block that is used for inspecting all headers.
- excluded
Headers string[] An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers string[] An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Header Match Pattern All An empty configuration block that is used for inspecting all headers.
- excluded_
headers Sequence[str] An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included_
headers Sequence[str] An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
- all Property Map
An empty configuration block that is used for inspecting all headers.
- excluded
Headers List<String> An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
- included
Headers List<String> An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBody
- Match
Pattern Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern The patterns to look for in the JSON body. You must specify exactly one setting: either
allorincluded_paths. See JsonMatchPattern for details.- Match
Scope string The parts of the JSON to match against using the
match_pattern. Valid values areALL,KEYandVALUE.- Invalid
Fallback stringBehavior What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING,MATCHandNO_MATCH.- Oversize
Handling string What to do if the body is larger than can be inspected. Valid values are
CONTINUE(default),MATCHandNO_MATCH.
- Match
Pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern The patterns to look for in the JSON body. You must specify exactly one setting: either
allorincluded_paths. See JsonMatchPattern for details.- Match
Scope string The parts of the JSON to match against using the
match_pattern. Valid values areALL,KEYandVALUE.- Invalid
Fallback stringBehavior What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING,MATCHandNO_MATCH.- Oversize
Handling string What to do if the body is larger than can be inspected. Valid values are
CONTINUE(default),MATCHandNO_MATCH.
- match
Pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern The patterns to look for in the JSON body. You must specify exactly one setting: either
allorincluded_paths. See JsonMatchPattern for details.- match
Scope String The parts of the JSON to match against using the
match_pattern. Valid values areALL,KEYandVALUE.- invalid
Fallback StringBehavior What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING,MATCHandNO_MATCH.- oversize
Handling String What to do if the body is larger than can be inspected. Valid values are
CONTINUE(default),MATCHandNO_MATCH.
- match
Pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern The patterns to look for in the JSON body. You must specify exactly one setting: either
allorincluded_paths. See JsonMatchPattern for details.- match
Scope string The parts of the JSON to match against using the
match_pattern. Valid values areALL,KEYandVALUE.- invalid
Fallback stringBehavior What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING,MATCHandNO_MATCH.- oversize
Handling string What to do if the body is larger than can be inspected. Valid values are
CONTINUE(default),MATCHandNO_MATCH.
- match_
pattern WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern The patterns to look for in the JSON body. You must specify exactly one setting: either
allorincluded_paths. See JsonMatchPattern for details.- match_
scope str The parts of the JSON to match against using the
match_pattern. Valid values areALL,KEYandVALUE.- invalid_
fallback_ strbehavior What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING,MATCHandNO_MATCH.- oversize_
handling str What to do if the body is larger than can be inspected. Valid values are
CONTINUE(default),MATCHandNO_MATCH.
- match
Pattern Property Map The patterns to look for in the JSON body. You must specify exactly one setting: either
allorincluded_paths. See JsonMatchPattern for details.- match
Scope String The parts of the JSON to match against using the
match_pattern. Valid values areALL,KEYandVALUE.- invalid
Fallback StringBehavior What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are
EVALUATE_AS_STRING,MATCHandNO_MATCH.- oversize
Handling String What to do if the body is larger than can be inspected. Valid values are
CONTINUE(default),MATCHandNO_MATCH.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
- All
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern All An empty configuration block that is used for inspecting all headers.
- Included
Paths List<string>
- All
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern All An empty configuration block that is used for inspecting all headers.
- Included
Paths []string
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern All An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern All An empty configuration block that is used for inspecting all headers.
- included
Paths string[]
- all
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Byte Match Statement Field To Match Json Body Match Pattern All An empty configuration block that is used for inspecting all headers.
- included_
paths Sequence[str]
- all Property Map
An empty configuration block that is used for inspecting all headers.
- included
Paths List<String>
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader
- Name string
Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument
- Name string
Name of the query header to inspect. This setting must be provided as lower case characters.
- Name string
Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
Name of the query header to inspect. This setting must be provided as lower case characters.
- name string
Name of the query header to inspect. This setting must be provided as lower case characters.
- name str
Name of the query header to inspect. This setting must be provided as lower case characters.
- name String
Name of the query header to inspect. This setting must be provided as lower case characters.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation
- Priority int
Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
Transformation to apply, please refer to the Text Transformation documentation for more details.
- Priority int
Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- Type string
Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Integer
Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority number
Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type string
Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority int
Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type str
Transformation to apply, please refer to the Text Transformation documentation for more details.
- priority Number
Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
- type String
Transformation to apply, please refer to the Text Transformation documentation for more details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement
- Country
Codes List<string> Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166international standard. See the documentation for valid values.- Forwarded
Ip Pulumi.Config Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_configbelow for details.
- Country
Codes []string Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166international standard. See the documentation for valid values.- Forwarded
Ip WebConfig Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_configbelow for details.
- country
Codes List<String> Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166international standard. See the documentation for valid values.- forwarded
Ip WebConfig Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_configbelow for details.
- country
Codes string[] Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166international standard. See the documentation for valid values.- forwarded
Ip WebConfig Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_configbelow for details.
- country_
codes Sequence[str] Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166international standard. See the documentation for valid values.- forwarded_
ip_ Webconfig Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Geo Match Statement Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_configbelow for details.
- country
Codes List<String> Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the
ISO 3166international standard. See the documentation for valid values.- forwarded
Ip Property MapConfig Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
forwarded_ip_configbelow for details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig
- Fallback
Behavior string Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- Header
Name string Name of the HTTP header to use for the IP address.
- Fallback
Behavior string Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- Header
Name string Name of the HTTP header to use for the IP address.
- fallback
Behavior String Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header
Name String Name of the HTTP header to use for the IP address.
- fallback
Behavior string Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header
Name string Name of the HTTP header to use for the IP address.
- fallback_
behavior str Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header_
name str Name of the HTTP header to use for the IP address.
- fallback
Behavior String Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header
Name String Name of the HTTP header to use for the IP address.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement
- Arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set Pulumi.Forwarded Ip Config Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Ip Set Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_configbelow for more details.
- Arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- Ip
Set WebForwarded Ip Config Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Ip Set Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_configbelow for more details.
- arn String
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set WebForwarded Ip Config Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Ip Set Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_configbelow for more details.
- arn string
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set WebForwarded Ip Config Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Ip Set Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_configbelow for more details.
- arn str
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip_
set_ Webforwarded_ ip_ config Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Ip Set Reference Statement Ip Set Forwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_configbelow for more details.
- arn String
The Amazon Resource Name (ARN) of the IP Set that this statement references.
- ip
Set Property MapForwarded Ip Config Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See
ip_set_forwarded_ip_configbelow for more details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig
- Fallback
Behavior string Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- Header
Name string Name of the HTTP header to use for the IP address.
- Position string
Position in the header to search for the IP address. Valid values include:
FIRST,LAST, orANY. IfANYis specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- Fallback
Behavior string Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- Header
Name string Name of the HTTP header to use for the IP address.
- Position string
Position in the header to search for the IP address. Valid values include:
FIRST,LAST, orANY. IfANYis specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header
Name String Name of the HTTP header to use for the IP address.
- position String
Position in the header to search for the IP address. Valid values include:
FIRST,LAST, orANY. IfANYis specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior string Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header
Name string Name of the HTTP header to use for the IP address.
- position string
Position in the header to search for the IP address. Valid values include:
FIRST,LAST, orANY. IfANYis specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback_
behavior str Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header_
name str Name of the HTTP header to use for the IP address.
- position str
Position in the header to search for the IP address. Valid values include:
FIRST,LAST, orANY. IfANYis specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
- fallback
Behavior String Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include:
MATCHorNO_MATCH.- header
Name String Name of the HTTP header to use for the IP address.
- position String
Position in the header to search for the IP address. Valid values include:
FIRST,LAST, orANY. IfANYis specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementLabelMatchStatement
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatement
- Regex
String string String representing the regular expression. Minimum of
1and maximum of512characters.- Text
Transformations List<Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Text Transformation> Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- Field
To Pulumi.Match Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match The part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- Regex
String string String representing the regular expression. Minimum of
1and maximum of512characters.- Text
Transformations []WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Text Transformation Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- Field
To WebMatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match The part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- regex
String String String representing the regular expression. Minimum of
1and maximum of512characters.- text
Transformations List<WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Text Transformation> Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field
To WebMatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match The part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- regex
String string String representing the regular expression. Minimum of
1and maximum of512characters.- text
Transformations WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Text Transformation[] Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field
To WebMatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match The part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- regex_
string str String representing the regular expression. Minimum of
1and maximum of512characters.- text_
transformations Sequence[WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Text Transformation] Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field_
to_ Webmatch Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match The part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
- regex
String String String representing the regular expression. Minimum of
1and maximum of512characters.- text
Transformations List<Property Map> Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one required. See
text_transformationbelow for details.- field
To Property MapMatch The part of a web request that you want AWS WAF to inspect. See
field_to_matchbelow for details.
WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexMatchStatementFieldToMatch
- All
Query Pulumi.Arguments Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match All Query Arguments Inspect all query arguments.
- Body
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- Headers
List<Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Header> Inspect the request headers. See
headersbelow for details.- Json
Body Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- Method
Pulumi.
Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- Single
Header Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- Single
Query Pulumi.Argument Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- Uri
Path Pulumi.Aws. Waf V2. Inputs. Web Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- All
Query WebArguments Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match All Query Arguments Inspect all query arguments.
- Body
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.-
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Cookies Inspect the cookies in the web request. See
cookiesbelow for details.- Headers
[]Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Header Inspect the request headers. See
headersbelow for details.- Json
Body WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Json Body Inspect the request body as JSON. See
json_bodyfor details.- Method
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Method Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
- Query
String WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Query String Inspect the query string. This is the part of a URL that appears after a
?character, if any.- Single
Header WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Single Header Inspect a single header. See
single_headerbelow for details.- Single
Query WebArgument Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Single Query Argument Inspect a single query argument. See
single_query_argumentbelow for details.- Uri
Path WebAcl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Uri Path Inspect the request URI path. This is the part of a web request that identifies a resource, for example,
/images/daily-ad.jpg.
- all
Query WebArguments Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match All Query Arguments Inspect all query arguments.
- body
Web
Acl Rule Statement And Statement Statement And Statement Statement And Statement Statement Regex Match Statement Field To Match Body Inspect the request body, which immediately follows the request headers. See
bodybelow for details.