aws::wafv2-rule-group¶
Creates a rule group.
Example¶
aws::wafv2-rule-group rule-group-example
name: "rule-group-example"
description: "rule-group-example-desc"
scope: "REGIONAL"
rule
name: "rule-group-example-rule-1"
priority: 0
action: "BLOCK"
visibility-config
metric-name: "rule-group-example-rule-1"
cloud-watch-metrics-enabled: false
sampled-requests-enabled: false
end
statement
xss-match-statement
field-to-match
name: "header-field"
match-type: "SINGLE_HEADER"
end
text-transformation
priority: 0
type: "NONE"
end
end
end
end
rule
name: "rule-group-example-rule-2"
priority: 1
action: "BLOCK"
visibility-config
metric-name: "rule-group-example-rule-2"
cloud-watch-metrics-enabled: false
sampled-requests-enabled: false
end
statement
byte-match-statement
field-to-match
name: "header-field"
match-type: "SINGLE_HEADER"
end
positional-constraint: "EXACTLY"
text-transformation
priority: 0
type: "NONE"
end
search-string: "something"
end
end
end
rule
name: "rule-group-example-rule-3"
priority: 2
action: "BLOCK"
visibility-config
metric-name: "rule-group-example-rule-3"
cloud-watch-metrics-enabled: false
sampled-requests-enabled: false
end
statement
size-constraint-statement
field-to-match
match-type: "BODY"
end
comparison-operator: "EQ"
text-transformation
priority: 0
type: "COMPRESS_WHITE_SPACE"
end
text-transformation
priority: 1
type: "HTML_ENTITY_DECODE"
end
size: 3
end
end
end
rule
name: "rule-group-example-rule-4"
priority: 3
action: "BLOCK"
visibility-config
metric-name: "rule-group-example-rule-4"
cloud-watch-metrics-enabled: false
sampled-requests-enabled: false
end
statement
and-statement
statement
ip-set-reference-statement
ip-set: $(aws::wafv2-ip-set ip-set-example-ipv4)
end
end
statement
regex-pattern-set-reference-statement
field-to-match
match-type: "BODY"
end
text-transformation
priority: 0
type: "COMPRESS_WHITE_SPACE"
end
regex-pattern-set: $(aws::wafv2-regex-pattern-set regex-pattern-set-example)
end
end
statement
sqli-match-statement
field-to-match
match-type: "BODY"
end
text-transformation
priority: 0
type: "COMPRESS_WHITE_SPACE"
end
end
end
end
end
end
rule
name: "rule-group-example-rule-5"
priority: 4
action: "BLOCK"
visibility-config
metric-name: "rule-group-example-rule-5"
cloud-watch-metrics-enabled: false
sampled-requests-enabled: false
end
statement
or-statement
statement
geo-match-statement
country-codes: [
"IN"
]
end
end
statement
sqli-match-statement
field-to-match
match-type: "BODY"
end
text-transformation
priority: 0
type: "COMPRESS_WHITE_SPACE"
end
end
end
end
end
end
visibility-config
metric-name: "rule-group-example-metric"
cloud-watch-metrics-enabled: false
sampled-requests-enabled: false
end
end
Attributes¶
Attribute | Description |
---|---|
scope | The scope where the resource is going to be created. Resources can only use and associate with other similar scoped resources. Valid values are |
tags map | The tags associated with the resources. |
name | Name of the rule group. (Required) |
description | Description of the rule group. |
capacity | The total WCU capacity for the rule group. If not provided will be auto calculated based on the conditions provided by the rule configuration. |
rule set subresource | A set of rule configurations that contains the conditions. Maximum allowed items are
|
visibility-config subresource | The visibility configuration for the rule group. (Required)
|
policy | The policy document. A policy path or policy string is allowed. |
Outputs¶
Attribute | Description |
---|---|
arn | The arn of the rule group. |
id | The id of the rule group. |