aws::wafv2-rule-group

Creates a rule group.

Example

aws::wafv2-rule-group rule-group-example
    name: "rule-group-example"
    description: "rule-group-example-desc"
    scope: "REGIONAL"

    rule
        name: "rule-group-example-rule-1"
        priority: 0
        action: "BLOCK"

        visibility-config
            metric-name: "rule-group-example-rule-1"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            xss-match-statement
                field-to-match
                    name: "header-field"
                    match-type: "SINGLE_HEADER"
                end

                text-transformation
                    priority: 0
                    type: "NONE"
                end
            end
        end
    end

    rule
        name: "rule-group-example-rule-2"
        priority: 1
        action: "BLOCK"

        visibility-config
            metric-name: "rule-group-example-rule-2"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            byte-match-statement
                field-to-match
                    name: "header-field"
                    match-type: "SINGLE_HEADER"
                end

                positional-constraint: "EXACTLY"

                text-transformation
                    priority: 0
                    type: "NONE"
                end

                search-string: "something"
            end
        end
    end

    rule
        name: "rule-group-example-rule-3"
        priority: 2
        action: "BLOCK"

        visibility-config
            metric-name: "rule-group-example-rule-3"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            size-constraint-statement
                field-to-match
                    match-type: "BODY"
                end

                comparison-operator: "EQ"

                text-transformation
                    priority: 0
                    type: "COMPRESS_WHITE_SPACE"
                end

                text-transformation
                    priority: 1
                    type: "HTML_ENTITY_DECODE"
                end

                size: 3
            end
        end
    end

    rule
        name: "rule-group-example-rule-4"
        priority: 3
        action: "BLOCK"

        visibility-config
            metric-name: "rule-group-example-rule-4"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            and-statement
                statement
                    ip-set-reference-statement
                        ip-set: $(aws::wafv2-ip-set ip-set-example-ipv4)
                    end
                end

                statement
                    regex-pattern-set-reference-statement
                        field-to-match
                            match-type: "BODY"
                        end

                        text-transformation
                            priority: 0
                            type: "COMPRESS_WHITE_SPACE"
                        end

                        regex-pattern-set: $(aws::wafv2-regex-pattern-set regex-pattern-set-example)
                    end
                end

                statement
                    sqli-match-statement
                        field-to-match
                            match-type: "BODY"
                        end

                        text-transformation
                            priority: 0
                            type: "COMPRESS_WHITE_SPACE"
                        end
                    end
                end
            end
        end
    end

    rule
        name: "rule-group-example-rule-5"
        priority: 4
        action: "BLOCK"

        visibility-config
            metric-name: "rule-group-example-rule-5"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            or-statement
                statement
                    geo-match-statement
                        country-codes: [
                            "IN"
                        ]
                    end
                end

                statement
                    sqli-match-statement
                        field-to-match
                            match-type: "BODY"
                        end

                        text-transformation
                            priority: 0
                            type: "COMPRESS_WHITE_SPACE"
                        end
                    end
                end
            end
        end
    end

    visibility-config
        metric-name: "rule-group-example-metric"
        cloud-watch-metrics-enabled: false
        sampled-requests-enabled: false
    end
end

Attributes

Attribute Description
scope

The scope where the resource is going to be created.

Resources can only use and associate with other similar scoped resources. Valid values are GLOBAL or REGIONAL. (Required)

tags map The tags associated with the resources.
name Name of the rule group. (Required)
description Description of the rule group.
capacity

The total WCU capacity for the rule group.

If not provided will be auto calculated based on the conditions provided by the rule configuration.

rule set subresource

A set of rule configurations that contains the conditions. Maximum allowed items are 10. (Required)

name
The name of the rule. (Required)
priority
The priority of the rule. The priority assigned needs to be ordered in increasing order starting from 0. (Required)
visibility-config
The visibility configuration for the rule. (Required)
action
The action to perform if the rule passes. Cannot be set if override-action is set. Valid values are ALLOW, BLOCK or COUNT.
override-action
The override action to perform if the rule passes. Cannot be set if action is set. Valid values are NONE or COUNT.
statement
The statement configuration having the individual conditions.
visibility-config subresource

The visibility configuration for the rule group. (Required)

metric-name
The name of the cloud watch metric. (Required)
cloud-watch-metrics-enabled
Enable cloud watch metrics when set to true. Defaults to false.
sampled-requests-enabled
Enable cloud watch metric sample request when set to true. Defaults to false.
policy The policy document. A policy path or policy string is allowed.

Outputs

Attribute Description
arn The arn of the rule group.
id The id of the rule group.