aws::wafv2-web-acl

Creates a web acl.

Example

aws::wafv2-web-acl web-acl-example
    name: "web-acl-example"
    description: "web-acl-example-desc"
    scope: "REGIONAL"
    default-action: "BLOCK"

    visibility-config
        metric-name: "web-acl-example"
        cloud-watch-metrics-enabled: false
        sampled-requests-enabled: false
    end

    rule
        name: web-acl-example-rule-1
        priority: 0
        override-action: "COUNT"

        visibility-config
            metric-name: "web-acl-example-rule-1"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            rule-group-reference-statement
                rule-group: $(aws::wafv2-rule-group rule-group-example)
            end
        end
    end

    rule
        name: "web-acl-example-rule-2"
        priority: 1
        override-action: "COUNT"

        visibility-config
            metric-name: "web-acl-example-rule-2"
            cloud-watch-metrics-enabled: false
            sampled-requests-enabled: false
        end

        statement
            managed-rule-group-statement
                name: "AWSManagedRulesAnonymousIpList"
                vendor-name: "AWS"
            end
        end
    end
end

Attributes

Attribute Description
scope

The scope where the resource is going to be created.

Resources can only use and associate with other similar scoped resources. Valid values are GLOBAL or REGIONAL. (Required)

tags map The tags associated with the resources.
name The name of the web acl. (Required)
description The description of the web acl.
default-action The default action when no rules match. Valid values are ALLOW or BLOCK. (Required)
rule set subresource

A set of rules having the request filters for the web acl. Maximum allowed items are 10. (Required)

name
The name of the rule. (Required)
priority
The priority of the rule. The priority assigned needs to be ordered in increasing order starting from 0. (Required)
visibility-config
The visibility configuration for the rule. (Required)
action
The action to perform if the rule passes. Cannot be set if override-action is set. Valid values are ALLOW, BLOCK or COUNT.
override-action
The override action to perform if the rule passes. Cannot be set if action is set. Valid values are NONE or COUNT.
statement
The statement configuration having the individual conditions.
visibility-config subresource

The visibility config for the web acl. (Required)

metric-name
The name of the cloud watch metric. (Required)
cloud-watch-metrics-enabled
Enable cloud watch metrics when set to true. Defaults to false.
sampled-requests-enabled
Enable cloud watch metric sample request when set to true. Defaults to false.
load-balancers set A set of Application Load Balancer that will be associated with the web acl.
logging-configuration subresource

The logging configuration for the web acl.

redacted-field set subresource

The set of field match setting to take out of logging.

match-type
The field match type. Valid values are SINGLE_HEADER, SINGLE_QUERY_ARGUMENT, ALL_QUERY_ARGUMENTS, BODY, QUERY_STRING, METHOD or URI_PATH. (Required)
name
The name of the field to match. Only required if match-type set to SINGLE_HEADER or SINGLE_QUERY_ARGUMENT.
log-destination-configs set
A set of arn of AWS Kinesis Data Firehouse to associate with the web acl.

Outputs

Attribute Description
id The id of the web acl.
arn The arn of the web acl.
capacity The total capacity based on the associated rules of the web acl.