aws::wafv2-web-acl¶

Creates a web acl.

Example¶

aws::wafv2-web-acl web-acl-example
    name: "web-acl-example"
    description: "web-acl-example-desc"
    scope: "REGIONAL"
    default-action: "BLOCK"

    visibility-config
        metric-name: "web-acl-example"
        cloud-watch-metrics-enabled: false
        sampled-requests-enabled: false
    end

    rule
        name: web-acl-example-rule-1
        priority: 0
        override-action: "COUNT"

        visibility-config
            metric-name: "web-acl-example-rule-1"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            rule-group-reference-statement
                rule-group: $(aws::wafv2-rule-group rule-group-example)
            end
        end
    end

    rule
        name: "web-acl-example-rule-2"
        priority: 1
        override-action: "COUNT"

        visibility-config
            metric-name: "web-acl-example-rule-2"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            managed-rule-group-statement
                name: "AWSManagedRulesAnonymousIpList"
                vendor-name: "AWS"
            end
        end
    end
end

Attributes¶

Attribute	Description
scope	The scope where the resource is going to be created. Resources can only use and associate with other similar scoped resources. Valid values are `CLOUDFRONT` or `REGIONAL`. (Required)
tags map	The tags associated with the resources.
name	The name of the web acl. (Required)
description	The description of the web acl.
default-action	The default action when no rules match. Valid values are `ALLOW` or `BLOCK`. (Required)
rule set subresource	A set of rules having the request filters for the web acl. Maximum allowed items are `10`. (Required) name The name of the rule. (Required) priority The priority of the rule. The priority assigned needs to be ordered in increasing order starting from 0. (Required) visibility-config The visibility configuration for the rule. (Required) action The action to perform if the rule passes. Cannot be set if `override-action` is set. Valid values are `ALLOW`, `BLOCK` or `COUNT`. override-action The override action to perform if the rule passes. Cannot be set if `action` is set. Valid values are `NONE` or `COUNT`. statement The statement configuration having the individual conditions.
visibility-config subresource	The visibility config for the web acl. (Required) metric-name The name of the cloud watch metric. (Required) cloud-watch-metrics-enabled Enable cloud watch metrics when set to `true`. Defaults to `false`. sampled-requests-enabled Enable cloud watch metric sample request when set to `true`. Defaults to `false`.
load-balancers set	A set of Application Load Balancer that will be associated with the web acl.
logging-configuration subresource	The logging configuration for the web acl. redacted-field set subresource The set of field match setting to take out of logging. match-type The field match type. Valid values are `SINGLE_HEADER`, `SINGLE_QUERY_ARGUMENT`, `ALL_QUERY_ARGUMENTS`, `BODY`, `QUERY_STRING`, `METHOD` or `URI_PATH`. (Required) name The name of the field to match. Only required if `match-type` set to `SINGLE_HEADER` or `SINGLE_QUERY_ARGUMENT`. log-destination-configs set A set of arn of AWS Kinesis Data Firehouse to associate with the web acl.

Outputs¶

Attribute	Description
id	The id of the web acl.
arn	The arn of the web acl.
capacity	The total capacity based on the associated rules of the web acl.