Docs Home
AWS v7.7.0 published on Friday, Sep 5, 2025 by Pulumi
aws.wafv2.WebAclRuleGroupAssociation
Explore with Pulumi AI
Associates a WAFv2 Rule Group (custom or managed) with a Web ACL by adding a rule that references the Rule Group. Use this resource to apply the rules defined in a Rule Group to a Web ACL without duplicating rule definitions.
This resource supports both:
- Custom Rule Groups: User-created rule groups that you manage within your AWS account
- Managed Rule Groups: Pre-configured rule groups provided by AWS or third-party vendors
!> Warning: Verify the rule names in your rule_action_overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn’t exactly match the case-sensitive name of an existing rule in the rule group.
!> Warning: Using this resource will cause the associated Web ACL resource to show configuration drift in the rule argument unless you add lifecycle { ignore_changes = [rule] } to the Web ACL resource configuration. This is because this resource modifies the Web ACL’s rules outside of the Web ACL resource’s direct management.
Note: This resource creates a rule within the Web ACL that references the entire Rule Group. The rule group’s individual rules are evaluated as a unit when requests are processed by the Web ACL.
Example Usage
Custom Rule Group - Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.RuleGroup("example", {
name: "example-rule-group",
scope: "REGIONAL",
capacity: 10,
rules: [{
name: "block-suspicious-requests",
priority: 1,
action: {
block: {},
},
statement: {
geoMatchStatement: {
countryCodes: [
"CN",
"RU",
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "block-suspicious-requests",
sampledRequestsEnabled: true,
},
}],
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example-rule-group",
sampledRequestsEnabled: true,
},
});
const exampleWebAcl = new aws.wafv2.WebAcl("example", {
name: "example-web-acl",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example-web-acl",
sampledRequestsEnabled: true,
},
});
const exampleWebAclRuleGroupAssociation = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "example-rule-group-rule",
priority: 100,
webAclArn: exampleWebAcl.arn,
ruleGroupReference: {
arn: example.arn,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.RuleGroup("example",
name="example-rule-group",
scope="REGIONAL",
capacity=10,
rules=[{
"name": "block-suspicious-requests",
"priority": 1,
"action": {
"block": {},
},
"statement": {
"geo_match_statement": {
"country_codes": [
"CN",
"RU",
],
},
},
"visibility_config": {
"cloudwatch_metrics_enabled": True,
"metric_name": "block-suspicious-requests",
"sampled_requests_enabled": True,
},
}],
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example-rule-group",
"sampled_requests_enabled": True,
})
example_web_acl = aws.wafv2.WebAcl("example",
name="example-web-acl",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example-web-acl",
"sampled_requests_enabled": True,
})
example_web_acl_rule_group_association = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="example-rule-group-rule",
priority=100,
web_acl_arn=example_web_acl.arn,
rule_group_reference={
"arn": example.arn,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := wafv2.NewRuleGroup(ctx, "example", &wafv2.RuleGroupArgs{
Name: pulumi.String("example-rule-group"),
Scope: pulumi.String("REGIONAL"),
Capacity: pulumi.Int(10),
Rules: wafv2.RuleGroupRuleArray{
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("block-suspicious-requests"),
Priority: pulumi.Int(1),
Action: &wafv2.RuleGroupRuleActionArgs{
Block: &wafv2.RuleGroupRuleActionBlockArgs{},
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("CN"),
pulumi.String("RU"),
},
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("block-suspicious-requests"),
SampledRequestsEnabled: pulumi.Bool(true),
},
},
},
VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example-rule-group"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
exampleWebAcl, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example-web-acl"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example-web-acl"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("example-rule-group-rule"),
Priority: pulumi.Int(100),
WebAclArn: exampleWebAcl.Arn,
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: example.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.RuleGroup("example", new()
{
Name = "example-rule-group",
Scope = "REGIONAL",
Capacity = 10,
Rules = new[]
{
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "block-suspicious-requests",
Priority = 1,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"CN",
"RU",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "block-suspicious-requests",
SampledRequestsEnabled = true,
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example-rule-group",
SampledRequestsEnabled = true,
},
});
var exampleWebAcl = new Aws.WafV2.WebAcl("example", new()
{
Name = "example-web-acl",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example-web-acl",
SampledRequestsEnabled = true,
},
});
var exampleWebAclRuleGroupAssociation = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "example-rule-group-rule",
Priority = 100,
WebAclArn = exampleWebAcl.Arn,
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = example.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new RuleGroup("example", RuleGroupArgs.builder()
.name("example-rule-group")
.scope("REGIONAL")
.capacity(10)
.rules(RuleGroupRuleArgs.builder()
.name("block-suspicious-requests")
.priority(1)
.action(RuleGroupRuleActionArgs.builder()
.block(RuleGroupRuleActionBlockArgs.builder()
.build())
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
.countryCodes(
"CN",
"RU")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("block-suspicious-requests")
.sampledRequestsEnabled(true)
.build())
.build())
.visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example-rule-group")
.sampledRequestsEnabled(true)
.build())
.build());
var exampleWebAcl = new WebAcl("exampleWebAcl", WebAclArgs.builder()
.name("example-web-acl")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example-web-acl")
.sampledRequestsEnabled(true)
.build())
.build());
var exampleWebAclRuleGroupAssociation = new WebAclRuleGroupAssociation("exampleWebAclRuleGroupAssociation", WebAclRuleGroupAssociationArgs.builder()
.ruleName("example-rule-group-rule")
.priority(100)
.webAclArn(exampleWebAcl.arn())
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(example.arn())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:RuleGroup
properties:
name: example-rule-group
scope: REGIONAL
capacity: 10
rules:
- name: block-suspicious-requests
priority: 1
action:
block: {}
statement:
geoMatchStatement:
countryCodes:
- CN
- RU
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: block-suspicious-requests
sampledRequestsEnabled: true
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example-rule-group
sampledRequestsEnabled: true
exampleWebAcl:
type: aws:wafv2:WebAcl
name: example
properties:
name: example-web-acl
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example-web-acl
sampledRequestsEnabled: true
exampleWebAclRuleGroupAssociation:
type: aws:wafv2:WebAclRuleGroupAssociation
name: example
properties:
ruleName: example-rule-group-rule
priority: 100
webAclArn: ${exampleWebAcl.arn}
ruleGroupReference:
arn: ${example.arn}
Managed Rule Group - Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAcl("example", {
name: "example-web-acl",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example-web-acl",
sampledRequestsEnabled: true,
},
});
const managedExample = new aws.wafv2.WebAclRuleGroupAssociation("managed_example", {
ruleName: "aws-common-rule-set",
priority: 50,
webAclArn: example.arn,
managedRuleGroup: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAcl("example",
name="example-web-acl",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example-web-acl",
"sampled_requests_enabled": True,
})
managed_example = aws.wafv2.WebAclRuleGroupAssociation("managed_example",
rule_name="aws-common-rule-set",
priority=50,
web_acl_arn=example.arn,
managed_rule_group={
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example-web-acl"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example-web-acl"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAclRuleGroupAssociation(ctx, "managed_example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("aws-common-rule-set"),
Priority: pulumi.Int(50),
WebAclArn: example.Arn,
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAcl("example", new()
{
Name = "example-web-acl",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example-web-acl",
SampledRequestsEnabled = true,
},
});
var managedExample = new Aws.WafV2.WebAclRuleGroupAssociation("managed_example", new()
{
RuleName = "aws-common-rule-set",
Priority = 50,
WebAclArn = example.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAcl("example", WebAclArgs.builder()
.name("example-web-acl")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example-web-acl")
.sampledRequestsEnabled(true)
.build())
.build());
var managedExample = new WebAclRuleGroupAssociation("managedExample", WebAclRuleGroupAssociationArgs.builder()
.ruleName("aws-common-rule-set")
.priority(50)
.webAclArn(example.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAcl
properties:
name: example-web-acl
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example-web-acl
sampledRequestsEnabled: true
managedExample:
type: aws:wafv2:WebAclRuleGroupAssociation
name: managed_example
properties:
ruleName: aws-common-rule-set
priority: 50
webAclArn: ${example.arn}
managedRuleGroup:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
Managed Rule Group - With Version
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const managedVersioned = new aws.wafv2.WebAclRuleGroupAssociation("managed_versioned", {
ruleName: "aws-common-rule-set-versioned",
priority: 60,
webAclArn: example.arn,
managedRuleGroup: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
version: "Version_1.0",
},
});
import pulumi
import pulumi_aws as aws
managed_versioned = aws.wafv2.WebAclRuleGroupAssociation("managed_versioned",
rule_name="aws-common-rule-set-versioned",
priority=60,
web_acl_arn=example["arn"],
managed_rule_group={
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
"version": "Version_1.0",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "managed_versioned", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("aws-common-rule-set-versioned"),
Priority: pulumi.Int(60),
WebAclArn: pulumi.Any(example.Arn),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
Version: pulumi.String("Version_1.0"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var managedVersioned = new Aws.WafV2.WebAclRuleGroupAssociation("managed_versioned", new()
{
RuleName = "aws-common-rule-set-versioned",
Priority = 60,
WebAclArn = example.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
Version = "Version_1.0",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedVersioned = new WebAclRuleGroupAssociation("managedVersioned", WebAclRuleGroupAssociationArgs.builder()
.ruleName("aws-common-rule-set-versioned")
.priority(60)
.webAclArn(example.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.version("Version_1.0")
.build())
.build());
}
}
resources:
managedVersioned:
type: aws:wafv2:WebAclRuleGroupAssociation
name: managed_versioned
properties:
ruleName: aws-common-rule-set-versioned
priority: 60
webAclArn: ${example.arn}
managedRuleGroup:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
version: Version_1.0
Managed Rule Group - With Rule Action Overrides
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const managedWithOverrides = new aws.wafv2.WebAclRuleGroupAssociation("managed_with_overrides", {
ruleName: "aws-common-rule-set-with-overrides",
priority: 70,
webAclArn: example.arn,
managedRuleGroup: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
ruleActionOverrides: [
{
name: "GenericRFI_BODY",
actionToUse: {
count: {
customRequestHandling: {
insertHeaders: [{
name: "X-RFI-Override",
value: "counted",
}],
},
},
},
},
{
name: "SizeRestrictions_BODY",
actionToUse: {
captcha: {},
},
},
],
},
});
import pulumi
import pulumi_aws as aws
managed_with_overrides = aws.wafv2.WebAclRuleGroupAssociation("managed_with_overrides",
rule_name="aws-common-rule-set-with-overrides",
priority=70,
web_acl_arn=example["arn"],
managed_rule_group={
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
"rule_action_overrides": [
{
"name": "GenericRFI_BODY",
"action_to_use": {
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "X-RFI-Override",
"value": "counted",
}],
},
},
},
},
{
"name": "SizeRestrictions_BODY",
"action_to_use": {
"captcha": {},
},
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "managed_with_overrides", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("aws-common-rule-set-with-overrides"),
Priority: pulumi.Int(70),
WebAclArn: pulumi.Any(example.Arn),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs{
Name: pulumi.String("GenericRFI_BODY"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs{
Count: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("X-RFI-Override"),
Value: pulumi.String("counted"),
},
},
},
},
},
},
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs{
Name: pulumi.String("SizeRestrictions_BODY"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs{
Captcha: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs{},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var managedWithOverrides = new Aws.WafV2.WebAclRuleGroupAssociation("managed_with_overrides", new()
{
RuleName = "aws-common-rule-set-with-overrides",
Priority = 70,
WebAclArn = example.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
{
Name = "GenericRFI_BODY",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
{
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "X-RFI-Override",
Value = "counted",
},
},
},
},
},
},
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
{
Name = "SizeRestrictions_BODY",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
{
Captcha = null,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var managedWithOverrides = new WebAclRuleGroupAssociation("managedWithOverrides", WebAclRuleGroupAssociationArgs.builder()
.ruleName("aws-common-rule-set-with-overrides")
.priority(70)
.webAclArn(example.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.ruleActionOverrides(
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs.builder()
.name("GenericRFI_BODY")
.actionToUse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs.builder()
.count(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("X-RFI-Override")
.value("counted")
.build())
.build())
.build())
.build())
.build(),
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs.builder()
.name("SizeRestrictions_BODY")
.actionToUse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs.builder()
.captcha(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs.builder()
.build())
.build())
.build())
.build())
.build());
}
}
resources:
managedWithOverrides:
type: aws:wafv2:WebAclRuleGroupAssociation
name: managed_with_overrides
properties:
ruleName: aws-common-rule-set-with-overrides
priority: 70
webAclArn: ${example.arn}
managedRuleGroup:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
ruleActionOverrides:
- name: GenericRFI_BODY
actionToUse:
count:
customRequestHandling:
insertHeaders:
- name: X-RFI-Override
value: counted
- name: SizeRestrictions_BODY
actionToUse:
captcha: {}
Custom Rule Group - With Override Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "example-rule-group-rule",
priority: 100,
webAclArn: exampleAwsWafv2WebAcl.arn,
overrideAction: "count",
ruleGroupReference: {
arn: exampleAwsWafv2RuleGroup.arn,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="example-rule-group-rule",
priority=100,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
override_action="count",
rule_group_reference={
"arn": example_aws_wafv2_rule_group["arn"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("example-rule-group-rule"),
Priority: pulumi.Int(100),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
OverrideAction: pulumi.String("count"),
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.Any(exampleAwsWafv2RuleGroup.Arn),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "example-rule-group-rule",
Priority = 100,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
OverrideAction = "count",
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = exampleAwsWafv2RuleGroup.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("example-rule-group-rule")
.priority(100)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.overrideAction("count")
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(exampleAwsWafv2RuleGroup.arn())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: example-rule-group-rule
priority: 100
webAclArn: ${exampleAwsWafv2WebAcl.arn}
overrideAction: count
ruleGroupReference:
arn: ${exampleAwsWafv2RuleGroup.arn}
Custom Rule Group - With Rule Action Overrides
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.RuleGroup("example", {
name: "example-rule-group",
scope: "REGIONAL",
capacity: 10,
rules: [
{
name: "geo-block-rule",
priority: 1,
action: {
block: {},
},
statement: {
geoMatchStatement: {
countryCodes: [
"CN",
"RU",
],
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "geo-block-rule",
sampledRequestsEnabled: true,
},
},
{
name: "rate-limit-rule",
priority: 2,
action: {
block: {},
},
statement: {
rateBasedStatement: {
limit: 1000,
aggregateKeyType: "IP",
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "rate-limit-rule",
sampledRequestsEnabled: true,
},
},
],
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example-rule-group",
sampledRequestsEnabled: true,
},
});
const exampleWebAcl = new aws.wafv2.WebAcl("example", {
name: "example-web-acl",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example-web-acl",
sampledRequestsEnabled: true,
},
});
const exampleWebAclRuleGroupAssociation = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "example-rule-group-rule",
priority: 100,
webAclArn: exampleWebAcl.arn,
ruleGroupReference: {
arn: example.arn,
ruleActionOverrides: [
{
name: "geo-block-rule",
actionToUse: {
count: {
customRequestHandling: {
insertHeaders: [{
name: "X-Geo-Block-Override",
value: "counted",
}],
},
},
},
},
{
name: "rate-limit-rule",
actionToUse: {
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "X-Rate-Limit-Override",
value: "captcha-required",
}],
},
},
},
},
],
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.RuleGroup("example",
name="example-rule-group",
scope="REGIONAL",
capacity=10,
rules=[
{
"name": "geo-block-rule",
"priority": 1,
"action": {
"block": {},
},
"statement": {
"geo_match_statement": {
"country_codes": [
"CN",
"RU",
],
},
},
"visibility_config": {
"cloudwatch_metrics_enabled": True,
"metric_name": "geo-block-rule",
"sampled_requests_enabled": True,
},
},
{
"name": "rate-limit-rule",
"priority": 2,
"action": {
"block": {},
},
"statement": {
"rate_based_statement": {
"limit": 1000,
"aggregate_key_type": "IP",
},
},
"visibility_config": {
"cloudwatch_metrics_enabled": True,
"metric_name": "rate-limit-rule",
"sampled_requests_enabled": True,
},
},
],
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example-rule-group",
"sampled_requests_enabled": True,
})
example_web_acl = aws.wafv2.WebAcl("example",
name="example-web-acl",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example-web-acl",
"sampled_requests_enabled": True,
})
example_web_acl_rule_group_association = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="example-rule-group-rule",
priority=100,
web_acl_arn=example_web_acl.arn,
rule_group_reference={
"arn": example.arn,
"rule_action_overrides": [
{
"name": "geo-block-rule",
"action_to_use": {
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "X-Geo-Block-Override",
"value": "counted",
}],
},
},
},
},
{
"name": "rate-limit-rule",
"action_to_use": {
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "X-Rate-Limit-Override",
"value": "captcha-required",
}],
},
},
},
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := wafv2.NewRuleGroup(ctx, "example", &wafv2.RuleGroupArgs{
Name: pulumi.String("example-rule-group"),
Scope: pulumi.String("REGIONAL"),
Capacity: pulumi.Int(10),
Rules: wafv2.RuleGroupRuleArray{
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("geo-block-rule"),
Priority: pulumi.Int(1),
Action: &wafv2.RuleGroupRuleActionArgs{
Block: &wafv2.RuleGroupRuleActionBlockArgs{},
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
GeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{
CountryCodes: pulumi.StringArray{
pulumi.String("CN"),
pulumi.String("RU"),
},
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("geo-block-rule"),
SampledRequestsEnabled: pulumi.Bool(true),
},
},
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("rate-limit-rule"),
Priority: pulumi.Int(2),
Action: &wafv2.RuleGroupRuleActionArgs{
Block: &wafv2.RuleGroupRuleActionBlockArgs{},
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
RateBasedStatement: &wafv2.RuleGroupRuleStatementRateBasedStatementArgs{
Limit: pulumi.Int(1000),
AggregateKeyType: pulumi.String("IP"),
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("rate-limit-rule"),
SampledRequestsEnabled: pulumi.Bool(true),
},
},
},
VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example-rule-group"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
exampleWebAcl, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example-web-acl"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example-web-acl"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("example-rule-group-rule"),
Priority: pulumi.Int(100),
WebAclArn: exampleWebAcl.Arn,
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: example.Arn,
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs{
Name: pulumi.String("geo-block-rule"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs{
Count: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("X-Geo-Block-Override"),
Value: pulumi.String("counted"),
},
},
},
},
},
},
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs{
Name: pulumi.String("rate-limit-rule"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs{
Captcha: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("X-Rate-Limit-Override"),
Value: pulumi.String("captcha-required"),
},
},
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.RuleGroup("example", new()
{
Name = "example-rule-group",
Scope = "REGIONAL",
Capacity = 10,
Rules = new[]
{
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "geo-block-rule",
Priority = 1,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs
{
CountryCodes = new[]
{
"CN",
"RU",
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "geo-block-rule",
SampledRequestsEnabled = true,
},
},
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "rate-limit-rule",
Priority = 2,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
RateBasedStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementRateBasedStatementArgs
{
Limit = 1000,
AggregateKeyType = "IP",
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "rate-limit-rule",
SampledRequestsEnabled = true,
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example-rule-group",
SampledRequestsEnabled = true,
},
});
var exampleWebAcl = new Aws.WafV2.WebAcl("example", new()
{
Name = "example-web-acl",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example-web-acl",
SampledRequestsEnabled = true,
},
});
var exampleWebAclRuleGroupAssociation = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "example-rule-group-rule",
Priority = 100,
WebAclArn = exampleWebAcl.Arn,
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = example.Arn,
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
{
Name = "geo-block-rule",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
{
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "X-Geo-Block-Override",
Value = "counted",
},
},
},
},
},
},
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
{
Name = "rate-limit-rule",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
{
Captcha = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "X-Rate-Limit-Override",
Value = "captcha-required",
},
},
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementRateBasedStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new RuleGroup("example", RuleGroupArgs.builder()
.name("example-rule-group")
.scope("REGIONAL")
.capacity(10)
.rules(
RuleGroupRuleArgs.builder()
.name("geo-block-rule")
.priority(1)
.action(RuleGroupRuleActionArgs.builder()
.block(RuleGroupRuleActionBlockArgs.builder()
.build())
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
.countryCodes(
"CN",
"RU")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("geo-block-rule")
.sampledRequestsEnabled(true)
.build())
.build(),
RuleGroupRuleArgs.builder()
.name("rate-limit-rule")
.priority(2)
.action(RuleGroupRuleActionArgs.builder()
.block(RuleGroupRuleActionBlockArgs.builder()
.build())
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.rateBasedStatement(RuleGroupRuleStatementRateBasedStatementArgs.builder()
.limit(1000)
.aggregateKeyType("IP")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("rate-limit-rule")
.sampledRequestsEnabled(true)
.build())
.build())
.visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example-rule-group")
.sampledRequestsEnabled(true)
.build())
.build());
var exampleWebAcl = new WebAcl("exampleWebAcl", WebAclArgs.builder()
.name("example-web-acl")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example-web-acl")
.sampledRequestsEnabled(true)
.build())
.build());
var exampleWebAclRuleGroupAssociation = new WebAclRuleGroupAssociation("exampleWebAclRuleGroupAssociation", WebAclRuleGroupAssociationArgs.builder()
.ruleName("example-rule-group-rule")
.priority(100)
.webAclArn(exampleWebAcl.arn())
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(example.arn())
.ruleActionOverrides(
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs.builder()
.name("geo-block-rule")
.actionToUse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs.builder()
.count(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("X-Geo-Block-Override")
.value("counted")
.build())
.build())
.build())
.build())
.build(),
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs.builder()
.name("rate-limit-rule")
.actionToUse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs.builder()
.captcha(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("X-Rate-Limit-Override")
.value("captcha-required")
.build())
.build())
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:RuleGroup
properties:
name: example-rule-group
scope: REGIONAL
capacity: 10
rules:
- name: geo-block-rule
priority: 1
action:
block: {}
statement:
geoMatchStatement:
countryCodes:
- CN
- RU
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: geo-block-rule
sampledRequestsEnabled: true
- name: rate-limit-rule
priority: 2
action:
block: {}
statement:
rateBasedStatement:
limit: 1000
aggregateKeyType: IP
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: rate-limit-rule
sampledRequestsEnabled: true
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example-rule-group
sampledRequestsEnabled: true
exampleWebAcl:
type: aws:wafv2:WebAcl
name: example
properties:
name: example-web-acl
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example-web-acl
sampledRequestsEnabled: true
exampleWebAclRuleGroupAssociation:
type: aws:wafv2:WebAclRuleGroupAssociation
name: example
properties:
ruleName: example-rule-group-rule
priority: 100
webAclArn: ${exampleWebAcl.arn}
ruleGroupReference:
arn: ${example.arn}
ruleActionOverrides:
- name: geo-block-rule
actionToUse:
count:
customRequestHandling:
insertHeaders:
- name: X-Geo-Block-Override
value: counted
- name: rate-limit-rule
actionToUse:
captcha:
customRequestHandling:
insertHeaders:
- name: X-Rate-Limit-Override
value: captcha-required
Custom Rule Group - CloudFront Web ACL
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const cloudfrontExample = new aws.wafv2.RuleGroup("cloudfront_example", {
name: "cloudfront-rule-group",
scope: "CLOUDFRONT",
capacity: 10,
rules: [{
name: "rate-limit",
priority: 1,
action: {
block: {},
},
statement: {
rateBasedStatement: {
limit: 2000,
aggregateKeyType: "IP",
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "rate-limit",
sampledRequestsEnabled: true,
},
}],
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "cloudfront-rule-group",
sampledRequestsEnabled: true,
},
});
const cloudfrontExampleWebAcl = new aws.wafv2.WebAcl("cloudfront_example", {
name: "cloudfront-web-acl",
scope: "CLOUDFRONT",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "cloudfront-web-acl",
sampledRequestsEnabled: true,
},
});
const cloudfrontExampleWebAclRuleGroupAssociation = new aws.wafv2.WebAclRuleGroupAssociation("cloudfront_example", {
ruleName: "cloudfront-rule-group-rule",
priority: 50,
webAclArn: cloudfrontExampleWebAcl.arn,
ruleGroupReference: {
arn: cloudfrontExample.arn,
},
});
import pulumi
import pulumi_aws as aws
cloudfront_example = aws.wafv2.RuleGroup("cloudfront_example",
name="cloudfront-rule-group",
scope="CLOUDFRONT",
capacity=10,
rules=[{
"name": "rate-limit",
"priority": 1,
"action": {
"block": {},
},
"statement": {
"rate_based_statement": {
"limit": 2000,
"aggregate_key_type": "IP",
},
},
"visibility_config": {
"cloudwatch_metrics_enabled": True,
"metric_name": "rate-limit",
"sampled_requests_enabled": True,
},
}],
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "cloudfront-rule-group",
"sampled_requests_enabled": True,
})
cloudfront_example_web_acl = aws.wafv2.WebAcl("cloudfront_example",
name="cloudfront-web-acl",
scope="CLOUDFRONT",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "cloudfront-web-acl",
"sampled_requests_enabled": True,
})
cloudfront_example_web_acl_rule_group_association = aws.wafv2.WebAclRuleGroupAssociation("cloudfront_example",
rule_name="cloudfront-rule-group-rule",
priority=50,
web_acl_arn=cloudfront_example_web_acl.arn,
rule_group_reference={
"arn": cloudfront_example.arn,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cloudfrontExample, err := wafv2.NewRuleGroup(ctx, "cloudfront_example", &wafv2.RuleGroupArgs{
Name: pulumi.String("cloudfront-rule-group"),
Scope: pulumi.String("CLOUDFRONT"),
Capacity: pulumi.Int(10),
Rules: wafv2.RuleGroupRuleArray{
&wafv2.RuleGroupRuleArgs{
Name: pulumi.String("rate-limit"),
Priority: pulumi.Int(1),
Action: &wafv2.RuleGroupRuleActionArgs{
Block: &wafv2.RuleGroupRuleActionBlockArgs{},
},
Statement: &wafv2.RuleGroupRuleStatementArgs{
RateBasedStatement: &wafv2.RuleGroupRuleStatementRateBasedStatementArgs{
Limit: pulumi.Int(2000),
AggregateKeyType: pulumi.String("IP"),
},
},
VisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("rate-limit"),
SampledRequestsEnabled: pulumi.Bool(true),
},
},
},
VisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("cloudfront-rule-group"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
cloudfrontExampleWebAcl, err := wafv2.NewWebAcl(ctx, "cloudfront_example", &wafv2.WebAclArgs{
Name: pulumi.String("cloudfront-web-acl"),
Scope: pulumi.String("CLOUDFRONT"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("cloudfront-web-acl"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
_, err = wafv2.NewWebAclRuleGroupAssociation(ctx, "cloudfront_example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("cloudfront-rule-group-rule"),
Priority: pulumi.Int(50),
WebAclArn: cloudfrontExampleWebAcl.Arn,
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: cloudfrontExample.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var cloudfrontExample = new Aws.WafV2.RuleGroup("cloudfront_example", new()
{
Name = "cloudfront-rule-group",
Scope = "CLOUDFRONT",
Capacity = 10,
Rules = new[]
{
new Aws.WafV2.Inputs.RuleGroupRuleArgs
{
Name = "rate-limit",
Priority = 1,
Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs
{
Block = null,
},
Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs
{
RateBasedStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementRateBasedStatementArgs
{
Limit = 2000,
AggregateKeyType = "IP",
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "rate-limit",
SampledRequestsEnabled = true,
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "cloudfront-rule-group",
SampledRequestsEnabled = true,
},
});
var cloudfrontExampleWebAcl = new Aws.WafV2.WebAcl("cloudfront_example", new()
{
Name = "cloudfront-web-acl",
Scope = "CLOUDFRONT",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "cloudfront-web-acl",
SampledRequestsEnabled = true,
},
});
var cloudfrontExampleWebAclRuleGroupAssociation = new Aws.WafV2.WebAclRuleGroupAssociation("cloudfront_example", new()
{
RuleName = "cloudfront-rule-group-rule",
Priority = 50,
WebAclArn = cloudfrontExampleWebAcl.Arn,
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = cloudfrontExample.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementRateBasedStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cloudfrontExample = new RuleGroup("cloudfrontExample", RuleGroupArgs.builder()
.name("cloudfront-rule-group")
.scope("CLOUDFRONT")
.capacity(10)
.rules(RuleGroupRuleArgs.builder()
.name("rate-limit")
.priority(1)
.action(RuleGroupRuleActionArgs.builder()
.block(RuleGroupRuleActionBlockArgs.builder()
.build())
.build())
.statement(Map.of("rateBasedStatement", RuleGroupRuleStatementRateBasedStatementArgs.builder()
.limit(2000)
.aggregateKeyType("IP")
.build()))
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("rate-limit")
.sampledRequestsEnabled(true)
.build())
.build())
.visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("cloudfront-rule-group")
.sampledRequestsEnabled(true)
.build())
.build());
var cloudfrontExampleWebAcl = new WebAcl("cloudfrontExampleWebAcl", WebAclArgs.builder()
.name("cloudfront-web-acl")
.scope("CLOUDFRONT")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("cloudfront-web-acl")
.sampledRequestsEnabled(true)
.build())
.build());
var cloudfrontExampleWebAclRuleGroupAssociation = new WebAclRuleGroupAssociation("cloudfrontExampleWebAclRuleGroupAssociation", WebAclRuleGroupAssociationArgs.builder()
.ruleName("cloudfront-rule-group-rule")
.priority(50)
.webAclArn(cloudfrontExampleWebAcl.arn())
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(cloudfrontExample.arn())
.build())
.build());
}
}
resources:
cloudfrontExample:
type: aws:wafv2:RuleGroup
name: cloudfront_example
properties:
name: cloudfront-rule-group
scope: CLOUDFRONT
capacity: 10
rules:
- name: rate-limit
priority: 1
action:
block: {}
statement:
rateBasedStatement:
limit: 2000
aggregateKeyType: IP
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: rate-limit
sampledRequestsEnabled: true
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: cloudfront-rule-group
sampledRequestsEnabled: true
cloudfrontExampleWebAcl:
type: aws:wafv2:WebAcl
name: cloudfront_example
properties:
name: cloudfront-web-acl
scope: CLOUDFRONT
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: cloudfront-web-acl
sampledRequestsEnabled: true
cloudfrontExampleWebAclRuleGroupAssociation:
type: aws:wafv2:WebAclRuleGroupAssociation
name: cloudfront_example
properties:
ruleName: cloudfront-rule-group-rule
priority: 50
webAclArn: ${cloudfrontExampleWebAcl.arn}
ruleGroupReference:
arn: ${cloudfrontExample.arn}
Create WebAclRuleGroupAssociation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WebAclRuleGroupAssociation(name: string, args: WebAclRuleGroupAssociationArgs, opts?: CustomResourceOptions);@overload
def WebAclRuleGroupAssociation(resource_name: str,
args: WebAclRuleGroupAssociationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WebAclRuleGroupAssociation(resource_name: str,
opts: Optional[ResourceOptions] = None,
priority: Optional[int] = None,
rule_name: Optional[str] = None,
web_acl_arn: Optional[str] = None,
managed_rule_group: Optional[WebAclRuleGroupAssociationManagedRuleGroupArgs] = None,
override_action: Optional[str] = None,
region: Optional[str] = None,
rule_group_reference: Optional[WebAclRuleGroupAssociationRuleGroupReferenceArgs] = None,
timeouts: Optional[WebAclRuleGroupAssociationTimeoutsArgs] = None)func NewWebAclRuleGroupAssociation(ctx *Context, name string, args WebAclRuleGroupAssociationArgs, opts ...ResourceOption) (*WebAclRuleGroupAssociation, error)public WebAclRuleGroupAssociation(string name, WebAclRuleGroupAssociationArgs args, CustomResourceOptions? opts = null)
public WebAclRuleGroupAssociation(String name, WebAclRuleGroupAssociationArgs args)
public WebAclRuleGroupAssociation(String name, WebAclRuleGroupAssociationArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclRuleGroupAssociation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var webAclRuleGroupAssociationResource = new Aws.WafV2.WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource", new()
{
Priority = 0,
RuleName = "string",
WebAclArn = "string",
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "string",
VendorName = "string",
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
{
Name = "string",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
{
Allow = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Block = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs
{
CustomResponse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs
{
ResponseCode = 0,
CustomResponseBodyKey = "string",
ResponseHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Captcha = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Challenge = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
},
},
},
Version = "string",
},
OverrideAction = "string",
Region = "string",
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = "string",
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
{
Name = "string",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
{
Allow = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Block = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs
{
CustomResponse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs
{
ResponseCode = 0,
CustomResponseBodyKey = "string",
ResponseHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Captcha = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Challenge = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
},
},
},
},
Timeouts = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
});
example, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "webAclRuleGroupAssociationResource", &wafv2.WebAclRuleGroupAssociationArgs{
Priority: pulumi.Int(0),
RuleName: pulumi.String("string"),
WebAclArn: pulumi.String("string"),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("string"),
VendorName: pulumi.String("string"),
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs{
Name: pulumi.String("string"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs{
Allow: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Block: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs{
CustomResponse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs{
ResponseCode: pulumi.Int(0),
CustomResponseBodyKey: pulumi.String("string"),
ResponseHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Captcha: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Challenge: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Count: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
},
},
},
Version: pulumi.String("string"),
},
OverrideAction: pulumi.String("string"),
Region: pulumi.String("string"),
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.String("string"),
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs{
Name: pulumi.String("string"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs{
Allow: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Block: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs{
CustomResponse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs{
ResponseCode: pulumi.Int(0),
CustomResponseBodyKey: pulumi.String("string"),
ResponseHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Captcha: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Challenge: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Count: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
},
},
},
},
Timeouts: &wafv2.WebAclRuleGroupAssociationTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var webAclRuleGroupAssociationResource = new WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource", WebAclRuleGroupAssociationArgs.builder()
.priority(0)
.ruleName("string")
.webAclArn("string")
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("string")
.vendorName("string")
.ruleActionOverrides(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs.builder()
.name("string")
.actionToUse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs.builder()
.allow(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.block(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs.builder()
.customResponse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs.builder()
.responseCode(0)
.customResponseBodyKey("string")
.responseHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.captcha(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.challenge(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.count(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.build())
.build())
.version("string")
.build())
.overrideAction("string")
.region("string")
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn("string")
.ruleActionOverrides(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs.builder()
.name("string")
.actionToUse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs.builder()
.allow(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.block(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs.builder()
.customResponse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs.builder()
.responseCode(0)
.customResponseBodyKey("string")
.responseHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.captcha(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.challenge(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.count(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.build())
.build())
.build())
.timeouts(WebAclRuleGroupAssociationTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.build());
web_acl_rule_group_association_resource = aws.wafv2.WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource",
priority=0,
rule_name="string",
web_acl_arn="string",
managed_rule_group={
"name": "string",
"vendor_name": "string",
"rule_action_overrides": [{
"name": "string",
"action_to_use": {
"allow": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"block": {
"custom_response": {
"response_code": 0,
"custom_response_body_key": "string",
"response_headers": [{
"name": "string",
"value": "string",
}],
},
},
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"challenge": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
},
}],
"version": "string",
},
override_action="string",
region="string",
rule_group_reference={
"arn": "string",
"rule_action_overrides": [{
"name": "string",
"action_to_use": {
"allow": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"block": {
"custom_response": {
"response_code": 0,
"custom_response_body_key": "string",
"response_headers": [{
"name": "string",
"value": "string",
}],
},
},
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"challenge": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
},
}],
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
})
const webAclRuleGroupAssociationResource = new aws.wafv2.WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource", {
priority: 0,
ruleName: "string",
webAclArn: "string",
managedRuleGroup: {
name: "string",
vendorName: "string",
ruleActionOverrides: [{
name: "string",
actionToUse: {
allow: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
block: {
customResponse: {
responseCode: 0,
customResponseBodyKey: "string",
responseHeaders: [{
name: "string",
value: "string",
}],
},
},
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
challenge: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
count: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
},
}],
version: "string",
},
overrideAction: "string",
region: "string",
ruleGroupReference: {
arn: "string",
ruleActionOverrides: [{
name: "string",
actionToUse: {
allow: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
block: {
customResponse: {
responseCode: 0,
customResponseBodyKey: "string",
responseHeaders: [{
name: "string",
value: "string",
}],
},
},
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
challenge: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
count: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
},
}],
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
});
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
managedRuleGroup:
name: string
ruleActionOverrides:
- actionToUse:
allow:
customRequestHandling:
insertHeaders:
- name: string
value: string
block:
customResponse:
customResponseBodyKey: string
responseCode: 0
responseHeaders:
- name: string
value: string
captcha:
customRequestHandling:
insertHeaders:
- name: string
value: string
challenge:
customRequestHandling:
insertHeaders:
- name: string
value: string
count:
customRequestHandling:
insertHeaders:
- name: string
value: string
name: string
vendorName: string
version: string
overrideAction: string
priority: 0
region: string
ruleGroupReference:
arn: string
ruleActionOverrides:
- actionToUse:
allow:
customRequestHandling:
insertHeaders:
- name: string
value: string
block:
customResponse:
customResponseBodyKey: string
responseCode: 0
responseHeaders:
- name: string
value: string
captcha:
customRequestHandling:
insertHeaders:
- name: string
value: string
challenge:
customRequestHandling:
insertHeaders:
- name: string
value: string
count:
customRequestHandling:
insertHeaders:
- name: string
value: string
name: string
ruleName: string
timeouts:
create: string
delete: string
update: string
webAclArn: string
WebAclRuleGroupAssociation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WebAclRuleGroupAssociation resource accepts the following input properties:
- Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Timeouts
Web
Acl Rule Group Association Timeouts
- Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Timeouts
Web
Acl Rule Group Association Timeouts Args
- priority Integer
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts
Web
Acl Rule Group Association Timeouts
- priority number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts
Web
Acl Rule Group Association Timeouts
- priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule_
name str - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web_
acl_ strarn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed_
rule_ Webgroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override_
action str - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule_
group_ Webreference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts
Web
Acl Rule Group Association Timeouts Args
- priority Number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule Property MapGroup - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group Property MapReference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAclRuleGroupAssociation resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing WebAclRuleGroupAssociation Resource
Get an existing WebAclRuleGroupAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclRuleGroupAssociationState, opts?: CustomResourceOptions): WebAclRuleGroupAssociation@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
managed_rule_group: Optional[WebAclRuleGroupAssociationManagedRuleGroupArgs] = None,
override_action: Optional[str] = None,
priority: Optional[int] = None,
region: Optional[str] = None,
rule_group_reference: Optional[WebAclRuleGroupAssociationRuleGroupReferenceArgs] = None,
rule_name: Optional[str] = None,
timeouts: Optional[WebAclRuleGroupAssociationTimeoutsArgs] = None,
web_acl_arn: Optional[str] = None) -> WebAclRuleGroupAssociationfunc GetWebAclRuleGroupAssociation(ctx *Context, name string, id IDInput, state *WebAclRuleGroupAssociationState, opts ...ResourceOption) (*WebAclRuleGroupAssociation, error)public static WebAclRuleGroupAssociation Get(string name, Input<string> id, WebAclRuleGroupAssociationState? state, CustomResourceOptions? opts = null)public static WebAclRuleGroupAssociation get(String name, Output<String> id, WebAclRuleGroupAssociationState state, CustomResourceOptions options)resources: _: type: aws:wafv2:WebAclRuleGroupAssociation get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Timeouts
Web
Acl Rule Group Association Timeouts - Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Timeouts
Web
Acl Rule Group Association Timeouts Args - Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority Integer
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts
Web
Acl Rule Group Association Timeouts - web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts
Web
Acl Rule Group Association Timeouts - web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed_
rule_ Webgroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override_
action str - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule_
group_ Webreference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule_
name str - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts
Web
Acl Rule Group Association Timeouts Args - web_
acl_ strarn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule Property MapGroup - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority Number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group Property MapReference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts Property Map
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
Supporting Types
WebAclRuleGroupAssociationManagedRuleGroup, WebAclRuleGroupAssociationManagedRuleGroupArgs
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - Rule
Action List<WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override> - Override actions for specific rules within the rule group. See below.
- Version string
- Version of the managed rule group. If not specified, the default version is used.
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - Rule
Action []WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override - Override actions for specific rules within the rule group. See below.
- Version string
- Version of the managed rule group. If not specified, the default version is used.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - rule
Action List<WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override> - Override actions for specific rules within the rule group. See below.
- version String
- Version of the managed rule group. If not specified, the default version is used.
- name string
- Name of the managed rule group.
- vendor
Name string - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - rule
Action WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override[] - Override actions for specific rules within the rule group. See below.
- version string
- Version of the managed rule group. If not specified, the default version is used.
- name str
- Name of the managed rule group.
- vendor_
name str - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - rule_
action_ Sequence[Weboverrides Acl Rule Group Association Managed Rule Group Rule Action Override] - Override actions for specific rules within the rule group. See below.
- version str
- Version of the managed rule group. If not specified, the default version is used.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - rule
Action List<Property Map>Overrides - Override actions for specific rules within the rule group. See below.
- version String
- Version of the managed rule group. If not specified, the default version is used.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverride, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name str
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action_
to_ Webuse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To Property MapUse - Action to use instead of the rule's original action. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUse, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
- Allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- Allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow Property Map
- Allow the request. See below.
- block Property Map
- Block the request. See below.
- captcha Property Map
- Require CAPTCHA verification. See below.
- challenge Property Map
- Require challenge verification. See below.
- count Property Map
- Count the request without taking action. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllow, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request Property MapHandling - Custom handling for allowed requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlock, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs
- Custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- Custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom_
response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response Property Map - Custom response for blocked requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header - Headers to include in the response. See below.
- response
Code Integer - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- response
Code number - HTTP response code to return (200-599).
- custom
Response stringBody Key - Key of a custom response body to use.
- response
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header[] - Headers to include in the response. See below.
- response_
code int - HTTP response code to return (200-599).
- custom_
response_ strbody_ key - Key of a custom response body to use.
- response_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header] - Headers to include in the response. See below.
- response
Code Number - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<Property Map> - Headers to include in the response. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptcha, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request Property MapHandling - Custom handling for CAPTCHA requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallenge, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request Property MapHandling - Custom handling for challenge requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCount, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request Property MapHandling - Custom handling for counted requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReference, WebAclRuleGroupAssociationRuleGroupReferenceArgs
- Arn string
- ARN of the Rule Group to associate with the Web ACL.
- Rule
Action List<WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override> - Override actions for specific rules within the rule group. See below.
- Arn string
- ARN of the Rule Group to associate with the Web ACL.
- Rule
Action []WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override - Override actions for specific rules within the rule group. See below.
- arn String
- ARN of the Rule Group to associate with the Web ACL.
- rule
Action List<WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override> - Override actions for specific rules within the rule group. See below.
- arn string
- ARN of the Rule Group to associate with the Web ACL.
- rule
Action WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override[] - Override actions for specific rules within the rule group. See below.
- arn str
- ARN of the Rule Group to associate with the Web ACL.
- rule_
action_ Sequence[Weboverrides Acl Rule Group Association Rule Group Reference Rule Action Override] - Override actions for specific rules within the rule group. See below.
- arn String
- ARN of the Rule Group to associate with the Web ACL.
- rule
Action List<Property Map>Overrides - Override actions for specific rules within the rule group. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverride, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name str
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action_
to_ Webuse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To Property MapUse - Action to use instead of the rule's original action. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUse, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
- Allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- Allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow Property Map
- Allow the request. See below.
- block Property Map
- Block the request. See below.
- captcha Property Map
- Require CAPTCHA verification. See below.
- challenge Property Map
- Require challenge verification. See below.
- count Property Map
- Count the request without taking action. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllow, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request Property MapHandling - Custom handling for allowed requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlock, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs
- Custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- Custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom_
response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response Property Map - Custom response for blocked requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header - Headers to include in the response. See below.
- response
Code Integer - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- response
Code number - HTTP response code to return (200-599).
- custom
Response stringBody Key - Key of a custom response body to use.
- response
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header[] - Headers to include in the response. See below.
- response_
code int - HTTP response code to return (200-599).
- custom_
response_ strbody_ key - Key of a custom response body to use.
- response_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header] - Headers to include in the response. See below.
- response
Code Number - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<Property Map> - Headers to include in the response. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptcha, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request Property MapHandling - Custom handling for CAPTCHA requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallenge, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request Property MapHandling - Custom handling for challenge requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCount, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request Property MapHandling - Custom handling for counted requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationTimeouts, WebAclRuleGroupAssociationTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
Using pulumi import, import WAFv2 web ACL custom rule group associations using WebACLARN,RuleGroupARN,RuleName. For example:
$ pulumi import aws:wafv2/webAclRuleGroupAssociation:WebAclRuleGroupAssociation example "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/example-web-acl/12345678-1234-1234-1234-123456789012,arn:aws:wafv2:us-east-1:123456789012:regional/rulegroup/example-rule-group/87654321-4321-4321-4321-210987654321,example-rule-group-rule"
Using pulumi import, import WAFv2 web ACL managed rule group associations using WebACLARN,VendorName:RuleGroupName[:Version],RuleName. For example:
$ pulumi import aws:wafv2/webAclRuleGroupAssociation:WebAclRuleGroupAssociation managed_example "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/example-web-acl/12345678-1234-1234-1234-123456789012,AWS:AWSManagedRulesCommonRuleSet,aws-common-rule-set"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.