Viewing docs for AWS v7.22.0
published on Wednesday, Mar 11, 2026 by Pulumi
published on Wednesday, Mar 11, 2026 by Pulumi
Viewing docs for AWS v7.22.0
published on Wednesday, Mar 11, 2026 by Pulumi
published on Wednesday, Mar 11, 2026 by Pulumi
Associates a WAFv2 Rule Group (custom or managed) with a Web ACL by adding a rule that references the Rule Group. Use this resource to apply the rules defined in a Rule Group to a Web ACL without duplicating rule definitions.
This resource supports both:
- Custom Rule Groups: User-created rule groups that you manage within your AWS account
- Managed Rule Groups: Pre-configured rule groups provided by AWS or third-party vendors
!> Warning: Verify the rule names in your rule_action_overrides carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn’t exactly match the case-sensitive name of an existing rule in the rule group.
!> Warning: Using this resource will cause the associated Web ACL resource to show configuration drift in the rule argument unless you add lifecycle {<span pulumi-lang-nodejs=" ignoreChanges " pulumi-lang-dotnet=" IgnoreChanges " pulumi-lang-go=" ignoreChanges " pulumi-lang-python=" ignore_changes " pulumi-lang-yaml=" ignoreChanges " pulumi-lang-java=" ignoreChanges "> ignore_changes </span>= [rule] } to the Web ACL resource configuration. This is because this resource modifies the Web ACL’s rules outside of the Web ACL resource’s direct management.
Note: This resource creates a rule within the Web ACL that references the entire Rule Group. The rule group’s individual rules are evaluated as a unit when requests are processed by the Web ACL.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Web ACL must use lifecycle.ignore_changes to prevent drift from this resource
const example = new aws.wafv2.WebAcl("example", {
name: "example-web-acl",
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "example-web-acl",
sampledRequestsEnabled: true,
},
});
// Associate a custom rule group
const exampleWebAclRuleGroupAssociation = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "example-rule-group-rule",
priority: 100,
webAclArn: example.arn,
ruleGroupReference: {
arn: exampleAwsWafv2RuleGroup.arn,
},
});
import pulumi
import pulumi_aws as aws
# Web ACL must use lifecycle.ignore_changes to prevent drift from this resource
example = aws.wafv2.WebAcl("example",
name="example-web-acl",
scope="REGIONAL",
default_action={
"allow": {},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "example-web-acl",
"sampled_requests_enabled": True,
})
# Associate a custom rule group
example_web_acl_rule_group_association = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="example-rule-group-rule",
priority=100,
web_acl_arn=example.arn,
rule_group_reference={
"arn": example_aws_wafv2_rule_group["arn"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Web ACL must use lifecycle.ignore_changes to prevent drift from this resource
example, err := wafv2.NewWebAcl(ctx, "example", &wafv2.WebAclArgs{
Name: pulumi.String("example-web-acl"),
Scope: pulumi.String("REGIONAL"),
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("example-web-acl"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
// Associate a custom rule group
_, err = wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("example-rule-group-rule"),
Priority: pulumi.Int(100),
WebAclArn: example.Arn,
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.Any(exampleAwsWafv2RuleGroup.Arn),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Web ACL must use lifecycle.ignore_changes to prevent drift from this resource
var example = new Aws.WafV2.WebAcl("example", new()
{
Name = "example-web-acl",
Scope = "REGIONAL",
DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs
{
Allow = null,
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "example-web-acl",
SampledRequestsEnabled = true,
},
});
// Associate a custom rule group
var exampleWebAclRuleGroupAssociation = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "example-rule-group-rule",
Priority = 100,
WebAclArn = example.Arn,
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = exampleAwsWafv2RuleGroup.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Web ACL must use lifecycle.ignore_changes to prevent drift from this resource
var example = new WebAcl("example", WebAclArgs.builder()
.name("example-web-acl")
.scope("REGIONAL")
.defaultAction(WebAclDefaultActionArgs.builder()
.allow(WebAclDefaultActionAllowArgs.builder()
.build())
.build())
.visibilityConfig(WebAclVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("example-web-acl")
.sampledRequestsEnabled(true)
.build())
.build());
// Associate a custom rule group
var exampleWebAclRuleGroupAssociation = new WebAclRuleGroupAssociation("exampleWebAclRuleGroupAssociation", WebAclRuleGroupAssociationArgs.builder()
.ruleName("example-rule-group-rule")
.priority(100)
.webAclArn(example.arn())
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(exampleAwsWafv2RuleGroup.arn())
.build())
.build());
}
}
resources:
# Web ACL must use lifecycle.ignore_changes to prevent drift from this resource
example:
type: aws:wafv2:WebAcl
properties:
name: example-web-acl
scope: REGIONAL
defaultAction:
allow: {}
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: example-web-acl
sampledRequestsEnabled: true
# Associate a custom rule group
exampleWebAclRuleGroupAssociation:
type: aws:wafv2:WebAclRuleGroupAssociation
name: example
properties:
ruleName: example-rule-group-rule
priority: 100
webAclArn: ${example.arn}
ruleGroupReference:
arn: ${exampleAwsWafv2RuleGroup.arn}
Managed Rule Group
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "aws-common-rule-set",
priority: 50,
webAclArn: exampleAwsWafv2WebAcl.arn,
managedRuleGroup: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="aws-common-rule-set",
priority=50,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
managed_rule_group={
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("aws-common-rule-set"),
Priority: pulumi.Int(50),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "aws-common-rule-set",
Priority = 50,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("aws-common-rule-set")
.priority(50)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: aws-common-rule-set
priority: 50
webAclArn: ${exampleAwsWafv2WebAcl.arn}
managedRuleGroup:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
Managed Rule Group With Version
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "aws-common-rule-set-versioned",
priority: 60,
webAclArn: exampleAwsWafv2WebAcl.arn,
managedRuleGroup: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
version: "Version_1.0",
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="aws-common-rule-set-versioned",
priority=60,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
managed_rule_group={
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
"version": "Version_1.0",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("aws-common-rule-set-versioned"),
Priority: pulumi.Int(60),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
Version: pulumi.String("Version_1.0"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "aws-common-rule-set-versioned",
Priority = 60,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
Version = "Version_1.0",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("aws-common-rule-set-versioned")
.priority(60)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.version("Version_1.0")
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: aws-common-rule-set-versioned
priority: 60
webAclArn: ${exampleAwsWafv2WebAcl.arn}
managedRuleGroup:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
version: Version_1.0
Managed Rule Group With Rule Action Overrides
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "aws-common-rule-set-with-overrides",
priority: 70,
webAclArn: exampleAwsWafv2WebAcl.arn,
managedRuleGroup: {
name: "AWSManagedRulesCommonRuleSet",
vendorName: "AWS",
ruleActionOverrides: [
{
name: "GenericRFI_BODY",
actionToUse: {
count: {
customRequestHandling: {
insertHeaders: [{
name: "X-RFI-Override",
value: "counted",
}],
},
},
},
},
{
name: "SizeRestrictions_BODY",
actionToUse: {
captcha: {},
},
},
],
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="aws-common-rule-set-with-overrides",
priority=70,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
managed_rule_group={
"name": "AWSManagedRulesCommonRuleSet",
"vendor_name": "AWS",
"rule_action_overrides": [
{
"name": "GenericRFI_BODY",
"action_to_use": {
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "X-RFI-Override",
"value": "counted",
}],
},
},
},
},
{
"name": "SizeRestrictions_BODY",
"action_to_use": {
"captcha": {},
},
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("aws-common-rule-set-with-overrides"),
Priority: pulumi.Int(70),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesCommonRuleSet"),
VendorName: pulumi.String("AWS"),
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs{
Name: pulumi.String("GenericRFI_BODY"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs{
Count: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("X-RFI-Override"),
Value: pulumi.String("counted"),
},
},
},
},
},
},
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs{
Name: pulumi.String("SizeRestrictions_BODY"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs{
Captcha: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs{},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "aws-common-rule-set-with-overrides",
Priority = 70,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesCommonRuleSet",
VendorName = "AWS",
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
{
Name = "GenericRFI_BODY",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
{
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "X-RFI-Override",
Value = "counted",
},
},
},
},
},
},
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
{
Name = "SizeRestrictions_BODY",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
{
Captcha = null,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("aws-common-rule-set-with-overrides")
.priority(70)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesCommonRuleSet")
.vendorName("AWS")
.ruleActionOverrides(
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs.builder()
.name("GenericRFI_BODY")
.actionToUse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs.builder()
.count(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("X-RFI-Override")
.value("counted")
.build())
.build())
.build())
.build())
.build(),
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs.builder()
.name("SizeRestrictions_BODY")
.actionToUse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs.builder()
.captcha(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs.builder()
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: aws-common-rule-set-with-overrides
priority: 70
webAclArn: ${exampleAwsWafv2WebAcl.arn}
managedRuleGroup:
name: AWSManagedRulesCommonRuleSet
vendorName: AWS
ruleActionOverrides:
- name: GenericRFI_BODY
actionToUse:
count:
customRequestHandling:
insertHeaders:
- name: X-RFI-Override
value: counted
- name: SizeRestrictions_BODY
actionToUse:
captcha: {}
Managed Rule Group With Managed Rule Group Configs
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "acfp-ruleset-with-rule-config",
priority: 70,
webAclArn: exampleAwsWafv2WebAcl.arn,
managedRuleGroup: {
name: "AWSManagedRulesACFPRuleSet",
vendorName: "AWS",
managedRuleGroupConfigs: {
awsManagedRulesAcfpRuleSet: {
creationPath: "/creation",
registrationPagePath: "/registration",
requestInspection: {
emailField: {
identifier: "/email",
},
passwordField: {
identifier: "/password",
},
phoneNumberFields: {
identifiers: [
"/phone1",
"/phone2",
],
},
addressFields: {
identifiers: [
"home",
"work",
],
},
payloadType: "JSON",
usernameField: {
identifier: "/username",
},
},
},
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "friendly-metric-name",
sampledRequestsEnabled: true,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="acfp-ruleset-with-rule-config",
priority=70,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
managed_rule_group={
"name": "AWSManagedRulesACFPRuleSet",
"vendor_name": "AWS",
"managed_rule_group_configs": {
"aws_managed_rules_acfp_rule_set": {
"creation_path": "/creation",
"registration_page_path": "/registration",
"request_inspection": {
"email_field": {
"identifier": "/email",
},
"password_field": {
"identifier": "/password",
},
"phone_number_fields": {
"identifiers": [
"/phone1",
"/phone2",
],
},
"address_fields": {
"identifiers": [
"home",
"work",
],
},
"payload_type": "JSON",
"username_field": {
"identifier": "/username",
},
},
},
},
},
visibility_config={
"cloudwatch_metrics_enabled": True,
"metric_name": "friendly-metric-name",
"sampled_requests_enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("acfp-ruleset-with-rule-config"),
Priority: pulumi.Int(70),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("AWSManagedRulesACFPRuleSet"),
VendorName: pulumi.String("AWS"),
ManagedRuleGroupConfigs: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs{
AwsManagedRulesAcfpRuleSet: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs{
CreationPath: pulumi.String("/creation"),
RegistrationPagePath: pulumi.String("/registration"),
RequestInspection: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs{
EmailField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs{
Identifier: pulumi.String("/email"),
},
PasswordField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs{
Identifier: pulumi.String("/password"),
},
PhoneNumberFields: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs{
Identifiers: pulumi.StringArray{
pulumi.String("/phone1"),
pulumi.String("/phone2"),
},
},
AddressFields: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs{
Identifiers: pulumi.StringArray{
pulumi.String("home"),
pulumi.String("work"),
},
},
PayloadType: pulumi.String("JSON"),
UsernameField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs{
Identifier: pulumi.String("/username"),
},
},
},
},
},
VisibilityConfig: &wafv2.WebAclRuleGroupAssociationVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("friendly-metric-name"),
SampledRequestsEnabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "acfp-ruleset-with-rule-config",
Priority = 70,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "AWSManagedRulesACFPRuleSet",
VendorName = "AWS",
ManagedRuleGroupConfigs = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs
{
AwsManagedRulesAcfpRuleSet = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs
{
CreationPath = "/creation",
RegistrationPagePath = "/registration",
RequestInspection = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs
{
EmailField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs
{
Identifier = "/email",
},
PasswordField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs
{
Identifier = "/password",
},
PhoneNumberFields = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs
{
Identifiers = new[]
{
"/phone1",
"/phone2",
},
},
AddressFields = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs
{
Identifiers = new[]
{
"home",
"work",
},
},
PayloadType = "JSON",
UsernameField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs
{
Identifier = "/username",
},
},
},
},
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationVisibilityConfigArgs
{
CloudwatchMetricsEnabled = true,
MetricName = "friendly-metric-name",
SampledRequestsEnabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("acfp-ruleset-with-rule-config")
.priority(70)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("AWSManagedRulesACFPRuleSet")
.vendorName("AWS")
.managedRuleGroupConfigs(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs.builder()
.awsManagedRulesAcfpRuleSet(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs.builder()
.creationPath("/creation")
.registrationPagePath("/registration")
.requestInspection(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs.builder()
.emailField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs.builder()
.identifier("/email")
.build())
.passwordField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs.builder()
.identifier("/password")
.build())
.phoneNumberFields(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs.builder()
.identifiers(
"/phone1",
"/phone2")
.build())
.addressFields(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs.builder()
.identifiers(
"home",
"work")
.build())
.payloadType("JSON")
.usernameField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs.builder()
.identifier("/username")
.build())
.build())
.build())
.build())
.build())
.visibilityConfig(WebAclRuleGroupAssociationVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(true)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(true)
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: acfp-ruleset-with-rule-config
priority: 70
webAclArn: ${exampleAwsWafv2WebAcl.arn}
managedRuleGroup:
name: AWSManagedRulesACFPRuleSet
vendorName: AWS
managedRuleGroupConfigs:
awsManagedRulesAcfpRuleSet:
creationPath: /creation
registrationPagePath: /registration
requestInspection:
emailField:
identifier: /email
passwordField:
identifier: /password
phoneNumberFields:
identifiers:
- /phone1
- /phone2
addressFields:
identifiers:
- home
- work
payloadType: JSON
usernameField:
identifier: /username
visibilityConfig:
cloudwatchMetricsEnabled: true
metricName: friendly-metric-name
sampledRequestsEnabled: true
Custom Rule Group With Override Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "example-rule-group-rule",
priority: 100,
webAclArn: exampleAwsWafv2WebAcl.arn,
overrideAction: "count",
ruleGroupReference: {
arn: exampleAwsWafv2RuleGroup.arn,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="example-rule-group-rule",
priority=100,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
override_action="count",
rule_group_reference={
"arn": example_aws_wafv2_rule_group["arn"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("example-rule-group-rule"),
Priority: pulumi.Int(100),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
OverrideAction: pulumi.String("count"),
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.Any(exampleAwsWafv2RuleGroup.Arn),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "example-rule-group-rule",
Priority = 100,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
OverrideAction = "count",
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = exampleAwsWafv2RuleGroup.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("example-rule-group-rule")
.priority(100)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.overrideAction("count")
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(exampleAwsWafv2RuleGroup.arn())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: example-rule-group-rule
priority: 100
webAclArn: ${exampleAwsWafv2WebAcl.arn}
overrideAction: count
ruleGroupReference:
arn: ${exampleAwsWafv2RuleGroup.arn}
Custom Rule Group With Rule Action Overrides
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "example-rule-group-rule",
priority: 100,
webAclArn: exampleAwsWafv2WebAcl.arn,
ruleGroupReference: {
arn: exampleAwsWafv2RuleGroup.arn,
ruleActionOverrides: [
{
name: "geo-block-rule",
actionToUse: {
count: {
customRequestHandling: {
insertHeaders: [{
name: "X-Geo-Block-Override",
value: "counted",
}],
},
},
},
},
{
name: "rate-limit-rule",
actionToUse: {
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "X-Rate-Limit-Override",
value: "captcha-required",
}],
},
},
},
},
],
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="example-rule-group-rule",
priority=100,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
rule_group_reference={
"arn": example_aws_wafv2_rule_group["arn"],
"rule_action_overrides": [
{
"name": "geo-block-rule",
"action_to_use": {
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "X-Geo-Block-Override",
"value": "counted",
}],
},
},
},
},
{
"name": "rate-limit-rule",
"action_to_use": {
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "X-Rate-Limit-Override",
"value": "captcha-required",
}],
},
},
},
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("example-rule-group-rule"),
Priority: pulumi.Int(100),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.Any(exampleAwsWafv2RuleGroup.Arn),
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs{
Name: pulumi.String("geo-block-rule"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs{
Count: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("X-Geo-Block-Override"),
Value: pulumi.String("counted"),
},
},
},
},
},
},
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs{
Name: pulumi.String("rate-limit-rule"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs{
Captcha: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("X-Rate-Limit-Override"),
Value: pulumi.String("captcha-required"),
},
},
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "example-rule-group-rule",
Priority = 100,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = exampleAwsWafv2RuleGroup.Arn,
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
{
Name = "geo-block-rule",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
{
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "X-Geo-Block-Override",
Value = "counted",
},
},
},
},
},
},
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
{
Name = "rate-limit-rule",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
{
Captcha = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "X-Rate-Limit-Override",
Value = "captcha-required",
},
},
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("example-rule-group-rule")
.priority(100)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(exampleAwsWafv2RuleGroup.arn())
.ruleActionOverrides(
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs.builder()
.name("geo-block-rule")
.actionToUse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs.builder()
.count(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("X-Geo-Block-Override")
.value("counted")
.build())
.build())
.build())
.build())
.build(),
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs.builder()
.name("rate-limit-rule")
.actionToUse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs.builder()
.captcha(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("X-Rate-Limit-Override")
.value("captcha-required")
.build())
.build())
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: example-rule-group-rule
priority: 100
webAclArn: ${exampleAwsWafv2WebAcl.arn}
ruleGroupReference:
arn: ${exampleAwsWafv2RuleGroup.arn}
ruleActionOverrides:
- name: geo-block-rule
actionToUse:
count:
customRequestHandling:
insertHeaders:
- name: X-Geo-Block-Override
value: counted
- name: rate-limit-rule
actionToUse:
captcha:
customRequestHandling:
insertHeaders:
- name: X-Rate-Limit-Override
value: captcha-required
CloudFront Web ACL
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.wafv2.WebAclRuleGroupAssociation("example", {
ruleName: "cloudfront-rule-group-rule",
priority: 50,
webAclArn: exampleAwsWafv2WebAcl.arn,
ruleGroupReference: {
arn: exampleAwsWafv2RuleGroup.arn,
},
});
import pulumi
import pulumi_aws as aws
example = aws.wafv2.WebAclRuleGroupAssociation("example",
rule_name="cloudfront-rule-group-rule",
priority=50,
web_acl_arn=example_aws_wafv2_web_acl["arn"],
rule_group_reference={
"arn": example_aws_wafv2_rule_group["arn"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "example", &wafv2.WebAclRuleGroupAssociationArgs{
RuleName: pulumi.String("cloudfront-rule-group-rule"),
Priority: pulumi.Int(50),
WebAclArn: pulumi.Any(exampleAwsWafv2WebAcl.Arn),
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.Any(exampleAwsWafv2RuleGroup.Arn),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WafV2.WebAclRuleGroupAssociation("example", new()
{
RuleName = "cloudfront-rule-group-rule",
Priority = 50,
WebAclArn = exampleAwsWafv2WebAcl.Arn,
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = exampleAwsWafv2RuleGroup.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociation;
import com.pulumi.aws.wafv2.WebAclRuleGroupAssociationArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new WebAclRuleGroupAssociation("example", WebAclRuleGroupAssociationArgs.builder()
.ruleName("cloudfront-rule-group-rule")
.priority(50)
.webAclArn(exampleAwsWafv2WebAcl.arn())
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn(exampleAwsWafv2RuleGroup.arn())
.build())
.build());
}
}
resources:
example:
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
ruleName: cloudfront-rule-group-rule
priority: 50
webAclArn: ${exampleAwsWafv2WebAcl.arn}
ruleGroupReference:
arn: ${exampleAwsWafv2RuleGroup.arn}
Create WebAclRuleGroupAssociation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new WebAclRuleGroupAssociation(name: string, args: WebAclRuleGroupAssociationArgs, opts?: CustomResourceOptions);@overload
def WebAclRuleGroupAssociation(resource_name: str,
args: WebAclRuleGroupAssociationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def WebAclRuleGroupAssociation(resource_name: str,
opts: Optional[ResourceOptions] = None,
priority: Optional[int] = None,
rule_name: Optional[str] = None,
web_acl_arn: Optional[str] = None,
managed_rule_group: Optional[WebAclRuleGroupAssociationManagedRuleGroupArgs] = None,
override_action: Optional[str] = None,
region: Optional[str] = None,
rule_group_reference: Optional[WebAclRuleGroupAssociationRuleGroupReferenceArgs] = None,
timeouts: Optional[WebAclRuleGroupAssociationTimeoutsArgs] = None,
visibility_config: Optional[WebAclRuleGroupAssociationVisibilityConfigArgs] = None)func NewWebAclRuleGroupAssociation(ctx *Context, name string, args WebAclRuleGroupAssociationArgs, opts ...ResourceOption) (*WebAclRuleGroupAssociation, error)public WebAclRuleGroupAssociation(string name, WebAclRuleGroupAssociationArgs args, CustomResourceOptions? opts = null)
public WebAclRuleGroupAssociation(String name, WebAclRuleGroupAssociationArgs args)
public WebAclRuleGroupAssociation(String name, WebAclRuleGroupAssociationArgs args, CustomResourceOptions options)
type: aws:wafv2:WebAclRuleGroupAssociation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args WebAclRuleGroupAssociationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var webAclRuleGroupAssociationResource = new Aws.WafV2.WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource", new()
{
Priority = 0,
RuleName = "string",
WebAclArn = "string",
ManagedRuleGroup = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupArgs
{
Name = "string",
VendorName = "string",
ManagedRuleGroupConfigs = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs
{
AwsManagedRulesAcfpRuleSet = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs
{
CreationPath = "string",
RegistrationPagePath = "string",
EnableRegexInPath = false,
RequestInspection = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs
{
PayloadType = "string",
AddressFields = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs
{
Identifiers = new[]
{
"string",
},
},
EmailField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs
{
Identifier = "string",
},
PasswordField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs
{
Identifier = "string",
},
PhoneNumberFields = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs
{
Identifiers = new[]
{
"string",
},
},
UsernameField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs
{
Identifier = "string",
},
},
ResponseInspection = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionArgs
{
BodyContains = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs
{
FailureStrings = new[]
{
"string",
},
SuccessStrings = new[]
{
"string",
},
},
Header = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs
{
FailureValues = new[]
{
"string",
},
Name = "string",
SuccessValues = new[]
{
"string",
},
},
Json = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs
{
FailureValues = new[]
{
"string",
},
Identifier = "string",
SuccessValues = new[]
{
"string",
},
},
StatusCode = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs
{
FailureCodes = new[]
{
0,
},
SuccessCodes = new[]
{
0,
},
},
},
},
AwsManagedRulesAntiDdosRuleSet = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetArgs
{
ClientSideActionConfig = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs
{
Challenge = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs
{
UsageOfAction = "string",
ExemptUriRegularExpressions = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs
{
RegexString = "string",
},
},
Sensitivity = "string",
},
},
SensitivityToBlock = "string",
},
AwsManagedRulesAtpRuleSet = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetArgs
{
LoginPath = "string",
EnableRegexInPath = false,
RequestInspection = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionArgs
{
PayloadType = "string",
PasswordField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs
{
Identifier = "string",
},
UsernameField = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs
{
Identifier = "string",
},
},
ResponseInspection = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionArgs
{
BodyContains = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs
{
FailureStrings = new[]
{
"string",
},
SuccessStrings = new[]
{
"string",
},
},
Header = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs
{
FailureValues = new[]
{
"string",
},
Name = "string",
SuccessValues = new[]
{
"string",
},
},
Json = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs
{
FailureValues = new[]
{
"string",
},
Identifier = "string",
SuccessValues = new[]
{
"string",
},
},
StatusCode = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs
{
FailureCodes = new[]
{
0,
},
SuccessCodes = new[]
{
0,
},
},
},
},
AwsManagedRulesBotControlRuleSet = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesBotControlRuleSetArgs
{
InspectionLevel = "string",
EnableMachineLearning = false,
},
},
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
{
Name = "string",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
{
Allow = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Block = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs
{
CustomResponse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs
{
ResponseCode = 0,
CustomResponseBodyKey = "string",
ResponseHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Captcha = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Challenge = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
},
},
},
Version = "string",
},
OverrideAction = "string",
Region = "string",
RuleGroupReference = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceArgs
{
Arn = "string",
RuleActionOverrides = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
{
Name = "string",
ActionToUse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
{
Allow = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Block = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs
{
CustomResponse = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs
{
ResponseCode = 0,
CustomResponseBodyKey = "string",
ResponseHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Captcha = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Challenge = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
Count = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs
{
CustomRequestHandling = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
{
InsertHeaders = new[]
{
new Aws.WafV2.Inputs.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
{
Name = "string",
Value = "string",
},
},
},
},
},
},
},
},
Timeouts = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleGroupAssociationVisibilityConfigArgs
{
CloudwatchMetricsEnabled = false,
MetricName = "string",
SampledRequestsEnabled = false,
},
});
example, err := wafv2.NewWebAclRuleGroupAssociation(ctx, "webAclRuleGroupAssociationResource", &wafv2.WebAclRuleGroupAssociationArgs{
Priority: pulumi.Int(0),
RuleName: pulumi.String("string"),
WebAclArn: pulumi.String("string"),
ManagedRuleGroup: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupArgs{
Name: pulumi.String("string"),
VendorName: pulumi.String("string"),
ManagedRuleGroupConfigs: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs{
AwsManagedRulesAcfpRuleSet: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs{
CreationPath: pulumi.String("string"),
RegistrationPagePath: pulumi.String("string"),
EnableRegexInPath: pulumi.Bool(false),
RequestInspection: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs{
PayloadType: pulumi.String("string"),
AddressFields: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs{
Identifiers: pulumi.StringArray{
pulumi.String("string"),
},
},
EmailField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs{
Identifier: pulumi.String("string"),
},
PasswordField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs{
Identifier: pulumi.String("string"),
},
PhoneNumberFields: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs{
Identifiers: pulumi.StringArray{
pulumi.String("string"),
},
},
UsernameField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs{
Identifier: pulumi.String("string"),
},
},
ResponseInspection: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionArgs{
BodyContains: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs{
FailureStrings: pulumi.StringArray{
pulumi.String("string"),
},
SuccessStrings: pulumi.StringArray{
pulumi.String("string"),
},
},
Header: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs{
FailureValues: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
SuccessValues: pulumi.StringArray{
pulumi.String("string"),
},
},
Json: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs{
FailureValues: pulumi.StringArray{
pulumi.String("string"),
},
Identifier: pulumi.String("string"),
SuccessValues: pulumi.StringArray{
pulumi.String("string"),
},
},
StatusCode: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs{
FailureCodes: pulumi.IntArray{
pulumi.Int(0),
},
SuccessCodes: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
AwsManagedRulesAntiDdosRuleSet: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetArgs{
ClientSideActionConfig: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs{
Challenge: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs{
UsageOfAction: pulumi.String("string"),
ExemptUriRegularExpressions: wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs{
RegexString: pulumi.String("string"),
},
},
Sensitivity: pulumi.String("string"),
},
},
SensitivityToBlock: pulumi.String("string"),
},
AwsManagedRulesAtpRuleSet: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetArgs{
LoginPath: pulumi.String("string"),
EnableRegexInPath: pulumi.Bool(false),
RequestInspection: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionArgs{
PayloadType: pulumi.String("string"),
PasswordField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs{
Identifier: pulumi.String("string"),
},
UsernameField: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs{
Identifier: pulumi.String("string"),
},
},
ResponseInspection: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionArgs{
BodyContains: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs{
FailureStrings: pulumi.StringArray{
pulumi.String("string"),
},
SuccessStrings: pulumi.StringArray{
pulumi.String("string"),
},
},
Header: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs{
FailureValues: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
SuccessValues: pulumi.StringArray{
pulumi.String("string"),
},
},
Json: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs{
FailureValues: pulumi.StringArray{
pulumi.String("string"),
},
Identifier: pulumi.String("string"),
SuccessValues: pulumi.StringArray{
pulumi.String("string"),
},
},
StatusCode: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs{
FailureCodes: pulumi.IntArray{
pulumi.Int(0),
},
SuccessCodes: pulumi.IntArray{
pulumi.Int(0),
},
},
},
},
AwsManagedRulesBotControlRuleSet: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesBotControlRuleSetArgs{
InspectionLevel: pulumi.String("string"),
EnableMachineLearning: pulumi.Bool(false),
},
},
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs{
Name: pulumi.String("string"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs{
Allow: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Block: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs{
CustomResponse: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs{
ResponseCode: pulumi.Int(0),
CustomResponseBodyKey: pulumi.String("string"),
ResponseHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Captcha: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Challenge: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Count: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
},
},
},
Version: pulumi.String("string"),
},
OverrideAction: pulumi.String("string"),
Region: pulumi.String("string"),
RuleGroupReference: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceArgs{
Arn: pulumi.String("string"),
RuleActionOverrides: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs{
Name: pulumi.String("string"),
ActionToUse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs{
Allow: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Block: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs{
CustomResponse: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs{
ResponseCode: pulumi.Int(0),
CustomResponseBodyKey: pulumi.String("string"),
ResponseHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Captcha: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Challenge: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
Count: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs{
CustomRequestHandling: &wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs{
InsertHeaders: wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArray{
&wafv2.WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs{
Name: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
},
},
},
},
},
Timeouts: &wafv2.WebAclRuleGroupAssociationTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
VisibilityConfig: &wafv2.WebAclRuleGroupAssociationVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(false),
MetricName: pulumi.String("string"),
SampledRequestsEnabled: pulumi.Bool(false),
},
})
var webAclRuleGroupAssociationResource = new WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource", WebAclRuleGroupAssociationArgs.builder()
.priority(0)
.ruleName("string")
.webAclArn("string")
.managedRuleGroup(WebAclRuleGroupAssociationManagedRuleGroupArgs.builder()
.name("string")
.vendorName("string")
.managedRuleGroupConfigs(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs.builder()
.awsManagedRulesAcfpRuleSet(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs.builder()
.creationPath("string")
.registrationPagePath("string")
.enableRegexInPath(false)
.requestInspection(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs.builder()
.payloadType("string")
.addressFields(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs.builder()
.identifiers("string")
.build())
.emailField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs.builder()
.identifier("string")
.build())
.passwordField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs.builder()
.identifier("string")
.build())
.phoneNumberFields(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs.builder()
.identifiers("string")
.build())
.usernameField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs.builder()
.identifier("string")
.build())
.build())
.responseInspection(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionArgs.builder()
.bodyContains(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs.builder()
.failureStrings("string")
.successStrings("string")
.build())
.header(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs.builder()
.failureValues("string")
.name("string")
.successValues("string")
.build())
.json(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs.builder()
.failureValues("string")
.identifier("string")
.successValues("string")
.build())
.statusCode(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs.builder()
.failureCodes(0)
.successCodes(0)
.build())
.build())
.build())
.awsManagedRulesAntiDdosRuleSet(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetArgs.builder()
.clientSideActionConfig(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs.builder()
.challenge(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs.builder()
.usageOfAction("string")
.exemptUriRegularExpressions(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs.builder()
.regexString("string")
.build())
.sensitivity("string")
.build())
.build())
.sensitivityToBlock("string")
.build())
.awsManagedRulesAtpRuleSet(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetArgs.builder()
.loginPath("string")
.enableRegexInPath(false)
.requestInspection(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionArgs.builder()
.payloadType("string")
.passwordField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs.builder()
.identifier("string")
.build())
.usernameField(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs.builder()
.identifier("string")
.build())
.build())
.responseInspection(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionArgs.builder()
.bodyContains(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs.builder()
.failureStrings("string")
.successStrings("string")
.build())
.header(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs.builder()
.failureValues("string")
.name("string")
.successValues("string")
.build())
.json(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs.builder()
.failureValues("string")
.identifier("string")
.successValues("string")
.build())
.statusCode(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs.builder()
.failureCodes(0)
.successCodes(0)
.build())
.build())
.build())
.awsManagedRulesBotControlRuleSet(WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesBotControlRuleSetArgs.builder()
.inspectionLevel("string")
.enableMachineLearning(false)
.build())
.build())
.ruleActionOverrides(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs.builder()
.name("string")
.actionToUse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs.builder()
.allow(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.block(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs.builder()
.customResponse(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs.builder()
.responseCode(0)
.customResponseBodyKey("string")
.responseHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.captcha(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.challenge(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.count(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.build())
.build())
.version("string")
.build())
.overrideAction("string")
.region("string")
.ruleGroupReference(WebAclRuleGroupAssociationRuleGroupReferenceArgs.builder()
.arn("string")
.ruleActionOverrides(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs.builder()
.name("string")
.actionToUse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs.builder()
.allow(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.block(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs.builder()
.customResponse(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs.builder()
.responseCode(0)
.customResponseBodyKey("string")
.responseHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.captcha(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.challenge(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.count(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs.builder()
.customRequestHandling(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs.builder()
.insertHeaders(WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs.builder()
.name("string")
.value("string")
.build())
.build())
.build())
.build())
.build())
.build())
.timeouts(WebAclRuleGroupAssociationTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.visibilityConfig(WebAclRuleGroupAssociationVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("string")
.sampledRequestsEnabled(false)
.build())
.build());
web_acl_rule_group_association_resource = aws.wafv2.WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource",
priority=0,
rule_name="string",
web_acl_arn="string",
managed_rule_group={
"name": "string",
"vendor_name": "string",
"managed_rule_group_configs": {
"aws_managed_rules_acfp_rule_set": {
"creation_path": "string",
"registration_page_path": "string",
"enable_regex_in_path": False,
"request_inspection": {
"payload_type": "string",
"address_fields": {
"identifiers": ["string"],
},
"email_field": {
"identifier": "string",
},
"password_field": {
"identifier": "string",
},
"phone_number_fields": {
"identifiers": ["string"],
},
"username_field": {
"identifier": "string",
},
},
"response_inspection": {
"body_contains": {
"failure_strings": ["string"],
"success_strings": ["string"],
},
"header": {
"failure_values": ["string"],
"name": "string",
"success_values": ["string"],
},
"json": {
"failure_values": ["string"],
"identifier": "string",
"success_values": ["string"],
},
"status_code": {
"failure_codes": [0],
"success_codes": [0],
},
},
},
"aws_managed_rules_anti_ddos_rule_set": {
"client_side_action_config": {
"challenge": {
"usage_of_action": "string",
"exempt_uri_regular_expressions": [{
"regex_string": "string",
}],
"sensitivity": "string",
},
},
"sensitivity_to_block": "string",
},
"aws_managed_rules_atp_rule_set": {
"login_path": "string",
"enable_regex_in_path": False,
"request_inspection": {
"payload_type": "string",
"password_field": {
"identifier": "string",
},
"username_field": {
"identifier": "string",
},
},
"response_inspection": {
"body_contains": {
"failure_strings": ["string"],
"success_strings": ["string"],
},
"header": {
"failure_values": ["string"],
"name": "string",
"success_values": ["string"],
},
"json": {
"failure_values": ["string"],
"identifier": "string",
"success_values": ["string"],
},
"status_code": {
"failure_codes": [0],
"success_codes": [0],
},
},
},
"aws_managed_rules_bot_control_rule_set": {
"inspection_level": "string",
"enable_machine_learning": False,
},
},
"rule_action_overrides": [{
"name": "string",
"action_to_use": {
"allow": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"block": {
"custom_response": {
"response_code": 0,
"custom_response_body_key": "string",
"response_headers": [{
"name": "string",
"value": "string",
}],
},
},
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"challenge": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
},
}],
"version": "string",
},
override_action="string",
region="string",
rule_group_reference={
"arn": "string",
"rule_action_overrides": [{
"name": "string",
"action_to_use": {
"allow": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"block": {
"custom_response": {
"response_code": 0,
"custom_response_body_key": "string",
"response_headers": [{
"name": "string",
"value": "string",
}],
},
},
"captcha": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"challenge": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
"count": {
"custom_request_handling": {
"insert_headers": [{
"name": "string",
"value": "string",
}],
},
},
},
}],
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
},
visibility_config={
"cloudwatch_metrics_enabled": False,
"metric_name": "string",
"sampled_requests_enabled": False,
})
const webAclRuleGroupAssociationResource = new aws.wafv2.WebAclRuleGroupAssociation("webAclRuleGroupAssociationResource", {
priority: 0,
ruleName: "string",
webAclArn: "string",
managedRuleGroup: {
name: "string",
vendorName: "string",
managedRuleGroupConfigs: {
awsManagedRulesAcfpRuleSet: {
creationPath: "string",
registrationPagePath: "string",
enableRegexInPath: false,
requestInspection: {
payloadType: "string",
addressFields: {
identifiers: ["string"],
},
emailField: {
identifier: "string",
},
passwordField: {
identifier: "string",
},
phoneNumberFields: {
identifiers: ["string"],
},
usernameField: {
identifier: "string",
},
},
responseInspection: {
bodyContains: {
failureStrings: ["string"],
successStrings: ["string"],
},
header: {
failureValues: ["string"],
name: "string",
successValues: ["string"],
},
json: {
failureValues: ["string"],
identifier: "string",
successValues: ["string"],
},
statusCode: {
failureCodes: [0],
successCodes: [0],
},
},
},
awsManagedRulesAntiDdosRuleSet: {
clientSideActionConfig: {
challenge: {
usageOfAction: "string",
exemptUriRegularExpressions: [{
regexString: "string",
}],
sensitivity: "string",
},
},
sensitivityToBlock: "string",
},
awsManagedRulesAtpRuleSet: {
loginPath: "string",
enableRegexInPath: false,
requestInspection: {
payloadType: "string",
passwordField: {
identifier: "string",
},
usernameField: {
identifier: "string",
},
},
responseInspection: {
bodyContains: {
failureStrings: ["string"],
successStrings: ["string"],
},
header: {
failureValues: ["string"],
name: "string",
successValues: ["string"],
},
json: {
failureValues: ["string"],
identifier: "string",
successValues: ["string"],
},
statusCode: {
failureCodes: [0],
successCodes: [0],
},
},
},
awsManagedRulesBotControlRuleSet: {
inspectionLevel: "string",
enableMachineLearning: false,
},
},
ruleActionOverrides: [{
name: "string",
actionToUse: {
allow: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
block: {
customResponse: {
responseCode: 0,
customResponseBodyKey: "string",
responseHeaders: [{
name: "string",
value: "string",
}],
},
},
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
challenge: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
count: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
},
}],
version: "string",
},
overrideAction: "string",
region: "string",
ruleGroupReference: {
arn: "string",
ruleActionOverrides: [{
name: "string",
actionToUse: {
allow: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
block: {
customResponse: {
responseCode: 0,
customResponseBodyKey: "string",
responseHeaders: [{
name: "string",
value: "string",
}],
},
},
captcha: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
challenge: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
count: {
customRequestHandling: {
insertHeaders: [{
name: "string",
value: "string",
}],
},
},
},
}],
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
visibilityConfig: {
cloudwatchMetricsEnabled: false,
metricName: "string",
sampledRequestsEnabled: false,
},
});
type: aws:wafv2:WebAclRuleGroupAssociation
properties:
managedRuleGroup:
managedRuleGroupConfigs:
awsManagedRulesAcfpRuleSet:
creationPath: string
enableRegexInPath: false
registrationPagePath: string
requestInspection:
addressFields:
identifiers:
- string
emailField:
identifier: string
passwordField:
identifier: string
payloadType: string
phoneNumberFields:
identifiers:
- string
usernameField:
identifier: string
responseInspection:
bodyContains:
failureStrings:
- string
successStrings:
- string
header:
failureValues:
- string
name: string
successValues:
- string
json:
failureValues:
- string
identifier: string
successValues:
- string
statusCode:
failureCodes:
- 0
successCodes:
- 0
awsManagedRulesAntiDdosRuleSet:
clientSideActionConfig:
challenge:
exemptUriRegularExpressions:
- regexString: string
sensitivity: string
usageOfAction: string
sensitivityToBlock: string
awsManagedRulesAtpRuleSet:
enableRegexInPath: false
loginPath: string
requestInspection:
passwordField:
identifier: string
payloadType: string
usernameField:
identifier: string
responseInspection:
bodyContains:
failureStrings:
- string
successStrings:
- string
header:
failureValues:
- string
name: string
successValues:
- string
json:
failureValues:
- string
identifier: string
successValues:
- string
statusCode:
failureCodes:
- 0
successCodes:
- 0
awsManagedRulesBotControlRuleSet:
enableMachineLearning: false
inspectionLevel: string
name: string
ruleActionOverrides:
- actionToUse:
allow:
customRequestHandling:
insertHeaders:
- name: string
value: string
block:
customResponse:
customResponseBodyKey: string
responseCode: 0
responseHeaders:
- name: string
value: string
captcha:
customRequestHandling:
insertHeaders:
- name: string
value: string
challenge:
customRequestHandling:
insertHeaders:
- name: string
value: string
count:
customRequestHandling:
insertHeaders:
- name: string
value: string
name: string
vendorName: string
version: string
overrideAction: string
priority: 0
region: string
ruleGroupReference:
arn: string
ruleActionOverrides:
- actionToUse:
allow:
customRequestHandling:
insertHeaders:
- name: string
value: string
block:
customResponse:
customResponseBodyKey: string
responseCode: 0
responseHeaders:
- name: string
value: string
captcha:
customRequestHandling:
insertHeaders:
- name: string
value: string
challenge:
customRequestHandling:
insertHeaders:
- name: string
value: string
count:
customRequestHandling:
insertHeaders:
- name: string
value: string
name: string
ruleName: string
timeouts:
create: string
delete: string
update: string
visibilityConfig:
cloudwatchMetricsEnabled: false
metricName: string
sampledRequestsEnabled: false
webAclArn: string
WebAclRuleGroupAssociation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The WebAclRuleGroupAssociation resource accepts the following input properties:
- Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Timeouts
Web
Acl Rule Group Association Timeouts - Visibility
Config WebAcl Rule Group Association Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Timeouts
Web
Acl Rule Group Association Timeouts Args - Visibility
Config WebAcl Rule Group Association Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- priority Integer
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts
Web
Acl Rule Group Association Timeouts - visibility
Config WebAcl Rule Group Association Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- priority number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts
Web
Acl Rule Group Association Timeouts - visibility
Config WebAcl Rule Group Association Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule_
name str - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web_
acl_ strarn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed_
rule_ Webgroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override_
action str - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule_
group_ Webreference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts
Web
Acl Rule Group Association Timeouts Args - visibility_
config WebAcl Rule Group Association Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- priority Number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule Property MapGroup - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group Property MapReference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - timeouts Property Map
- visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
Outputs
All input properties are implicitly available as output properties. Additionally, the WebAclRuleGroupAssociation resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing WebAclRuleGroupAssociation Resource
Get an existing WebAclRuleGroupAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: WebAclRuleGroupAssociationState, opts?: CustomResourceOptions): WebAclRuleGroupAssociation@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
managed_rule_group: Optional[WebAclRuleGroupAssociationManagedRuleGroupArgs] = None,
override_action: Optional[str] = None,
priority: Optional[int] = None,
region: Optional[str] = None,
rule_group_reference: Optional[WebAclRuleGroupAssociationRuleGroupReferenceArgs] = None,
rule_name: Optional[str] = None,
timeouts: Optional[WebAclRuleGroupAssociationTimeoutsArgs] = None,
visibility_config: Optional[WebAclRuleGroupAssociationVisibilityConfigArgs] = None,
web_acl_arn: Optional[str] = None) -> WebAclRuleGroupAssociationfunc GetWebAclRuleGroupAssociation(ctx *Context, name string, id IDInput, state *WebAclRuleGroupAssociationState, opts ...ResourceOption) (*WebAclRuleGroupAssociation, error)public static WebAclRuleGroupAssociation Get(string name, Input<string> id, WebAclRuleGroupAssociationState? state, CustomResourceOptions? opts = null)public static WebAclRuleGroupAssociation get(String name, Output<String> id, WebAclRuleGroupAssociationState state, CustomResourceOptions options)resources: _: type: aws:wafv2:WebAclRuleGroupAssociation get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Timeouts
Web
Acl Rule Group Association Timeouts - Visibility
Config WebAcl Rule Group Association Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- Managed
Rule WebGroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - Override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - Priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Rule
Group WebReference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - Rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- Timeouts
Web
Acl Rule Group Association Timeouts Args - Visibility
Config WebAcl Rule Group Association Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- Web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority Integer
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts
Web
Acl Rule Group Association Timeouts - visibility
Config WebAcl Rule Group Association Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule WebGroup Acl Rule Group Association Managed Rule Group - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action string - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group WebReference Acl Rule Group Association Rule Group Reference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule
Name string - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts
Web
Acl Rule Group Association Timeouts - visibility
Config WebAcl Rule Group Association Visibility Config - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- web
Acl stringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed_
rule_ Webgroup Acl Rule Group Association Managed Rule Group Args - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override_
action str - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority int
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule_
group_ Webreference Acl Rule Group Association Rule Group Reference Args - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule_
name str - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts
Web
Acl Rule Group Association Timeouts Args - visibility_
config WebAcl Rule Group Association Visibility Config Args - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- web_
acl_ strarn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
- managed
Rule Property MapGroup - Managed Rule Group configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withrule_group_reference. See below. - override
Action String - Override action for the rule group. Valid values are
noneandcount. Defaults tonone. When set tocount, the actions defined in the rule group rules are overridden to count matches instead of blocking or allowing requests. - priority Number
- Priority of the rule within the Web ACL. Rules are evaluated in order of priority, with lower numbers evaluated first.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- rule
Group Property MapReference - Custom Rule Group reference configuration. One of
rule_group_referenceormanaged_rule_groupis required. Conflicts withmanaged_rule_group. See below. - rule
Name String - Name of the rule to create in the Web ACL that references the rule group. Must be between 1 and 128 characters.
- timeouts Property Map
- visibility
Config Property Map - Defines and enables Amazon CloudWatch metrics and web request sample collection. See below.
- web
Acl StringArn ARN of the Web ACL to associate the Rule Group with.
The following arguments are optional:
Supporting Types
WebAclRuleGroupAssociationManagedRuleGroup, WebAclRuleGroupAssociationManagedRuleGroupArgs
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - Managed
Rule WebGroup Configs Acl Rule Group Association Managed Rule Group Managed Rule Group Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See below.
- Rule
Action List<WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override> - Override actions for specific rules within the rule group. See below.
- Version string
- Version of the managed rule group. If not specified, the default version is used.
- Name string
- Name of the managed rule group.
- Vendor
Name string - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - Managed
Rule WebGroup Configs Acl Rule Group Association Managed Rule Group Managed Rule Group Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See below.
- Rule
Action []WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override - Override actions for specific rules within the rule group. See below.
- Version string
- Version of the managed rule group. If not specified, the default version is used.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - managed
Rule WebGroup Configs Acl Rule Group Association Managed Rule Group Managed Rule Group Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See below.
- rule
Action List<WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override> - Override actions for specific rules within the rule group. See below.
- version String
- Version of the managed rule group. If not specified, the default version is used.
- name string
- Name of the managed rule group.
- vendor
Name string - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - managed
Rule WebGroup Configs Acl Rule Group Association Managed Rule Group Managed Rule Group Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See below.
- rule
Action WebOverrides Acl Rule Group Association Managed Rule Group Rule Action Override[] - Override actions for specific rules within the rule group. See below.
- version string
- Version of the managed rule group. If not specified, the default version is used.
- name str
- Name of the managed rule group.
- vendor_
name str - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - managed_
rule_ Webgroup_ configs Acl Rule Group Association Managed Rule Group Managed Rule Group Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See below.
- rule_
action_ Sequence[Weboverrides Acl Rule Group Association Managed Rule Group Rule Action Override] - Override actions for specific rules within the rule group. See below.
- version str
- Version of the managed rule group. If not specified, the default version is used.
- name String
- Name of the managed rule group.
- vendor
Name String - Name of the managed rule group vendor. For AWS managed rule groups, this is
AWS. - managed
Rule Property MapGroup Configs - Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See below.
- rule
Action List<Property Map>Overrides - Override actions for specific rules within the rule group. See below.
- version String
- Version of the managed rule group. If not specified, the default version is used.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigs, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsArgs
- Aws
Managed WebRules Acfp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. See below.
- Aws
Managed WebRules Anti Ddos Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set - Configuration for using the anti-DDoS managed rule group. See below.
- Aws
Managed WebRules Atp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. See below.
- Aws
Managed WebRules Bot Control Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See below.
- Aws
Managed WebRules Acfp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. See below.
- Aws
Managed WebRules Anti Ddos Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set - Configuration for using the anti-DDoS managed rule group. See below.
- Aws
Managed WebRules Atp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. See below.
- Aws
Managed WebRules Bot Control Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See below.
- aws
Managed WebRules Acfp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. See below.
- aws
Managed WebRules Anti Ddos Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set - Configuration for using the anti-DDoS managed rule group. See below.
- aws
Managed WebRules Atp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. See below.
- aws
Managed WebRules Bot Control Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See below.
- aws
Managed WebRules Acfp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. See below.
- aws
Managed WebRules Anti Ddos Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set - Configuration for using the anti-DDoS managed rule group. See below.
- aws
Managed WebRules Atp Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. See below.
- aws
Managed WebRules Bot Control Rule Set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See below.
- aws_
managed_ Webrules_ acfp_ rule_ set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. See below.
- aws_
managed_ Webrules_ anti_ ddos_ rule_ set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set - Configuration for using the anti-DDoS managed rule group. See below.
- aws_
managed_ Webrules_ atp_ rule_ set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. See below.
- aws_
managed_ Webrules_ bot_ control_ rule_ set Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See below.
- aws
Managed Property MapRules Acfp Rule Set - Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client. See below.
- aws
Managed Property MapRules Anti Ddos Rule Set - Configuration for using the anti-DDoS managed rule group. See below.
- aws
Managed Property MapRules Atp Rule Set - Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client. See below.
- aws
Managed Property MapRules Bot Control Rule Set - Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSet, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetArgs
- Creation
Path string - Path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- Registration
Page stringPath - Path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- Response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- Creation
Path string - Path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- Registration
Page stringPath - Path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- Response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- creation
Path String - Path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration
Page StringPath - Path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- creation
Path string - Path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration
Page stringPath - Path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- enable
Regex booleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- creation_
path str - Path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration_
page_ strpath - Path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- enable_
regex_ boolin_ path - Whether or not to allow the use of regular expressions in the login page path.
- request_
inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response_
inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- creation
Path String - Path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
- registration
Page StringPath - Path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
- enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection Property Map - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response
Inspection Property Map - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspection, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionArgs
- Payload
Type string - Payload type for your login endpoint, either JSON or form encoded.
- Address
Fields WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Names of the fields in the request payload that contain your customer's primary physical address. See below.
- Email
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Name of the field in the request payload that contains your customer's email. See below.
- Password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- Phone
Number WebFields Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Names of the fields in the request payload that contain your customer's primary phone number. See below.
- Username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- Payload
Type string - Payload type for your login endpoint, either JSON or form encoded.
- Address
Fields WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Names of the fields in the request payload that contain your customer's primary physical address. See below.
- Email
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Name of the field in the request payload that contains your customer's email. See below.
- Password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- Phone
Number WebFields Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Names of the fields in the request payload that contain your customer's primary phone number. See below.
- Username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload
Type String - Payload type for your login endpoint, either JSON or form encoded.
- address
Fields WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Names of the fields in the request payload that contain your customer's primary physical address. See below.
- email
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Name of the field in the request payload that contains your customer's email. See below.
- password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- phone
Number WebFields Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Names of the fields in the request payload that contain your customer's primary phone number. See below.
- username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload
Type string - Payload type for your login endpoint, either JSON or form encoded.
- address
Fields WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Names of the fields in the request payload that contain your customer's primary physical address. See below.
- email
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Name of the field in the request payload that contains your customer's email. See below.
- password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- phone
Number WebFields Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Names of the fields in the request payload that contain your customer's primary phone number. See below.
- username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload_
type str - Payload type for your login endpoint, either JSON or form encoded.
- address_
fields WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Address Fields - Names of the fields in the request payload that contain your customer's primary physical address. See below.
- email_
field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Email Field - Name of the field in the request payload that contains your customer's email. See below.
- password_
field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- phone_
number_ Webfields Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Phone Number Fields - Names of the fields in the request payload that contain your customer's primary phone number. See below.
- username_
field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload
Type String - Payload type for your login endpoint, either JSON or form encoded.
- address
Fields Property Map - Names of the fields in the request payload that contain your customer's primary physical address. See below.
- email
Field Property Map - Name of the field in the request payload that contains your customer's email. See below.
- password
Field Property Map - Details about your login page password field. See below.
- phone
Number Property MapFields - Names of the fields in the request payload that contain your customer's primary phone number. See below.
- username
Field Property Map - Details about your login page username field. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs
- Identifiers List<string>
- Names of the address fields.
- Identifiers []string
- Names of the address fields.
- identifiers List<String>
- Names of the address fields.
- identifiers string[]
- Names of the address fields.
- identifiers Sequence[str]
- Names of the address fields.
- identifiers List<String>
- Names of the address fields.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailField, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs
- Identifier string
- Name of the field in the request payload that contains your customer's email.
- Identifier string
- Name of the field in the request payload that contains your customer's email.
- identifier String
- Name of the field in the request payload that contains your customer's email.
- identifier string
- Name of the field in the request payload that contains your customer's email.
- identifier str
- Name of the field in the request payload that contains your customer's email.
- identifier String
- Name of the field in the request payload that contains your customer's email.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs
- Identifier string
- Name of the password field.
- Identifier string
- Name of the password field.
- identifier String
- Name of the password field.
- identifier string
- Name of the password field.
- identifier str
- Name of the password field.
- identifier String
- Name of the password field.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs
- Identifiers List<string>
- Names of the phone number fields.
- Identifiers []string
- Names of the phone number fields.
- identifiers List<String>
- Names of the phone number fields.
- identifiers string[]
- Names of the phone number fields.
- identifiers Sequence[str]
- Names of the phone number fields.
- identifiers List<String>
- Names of the phone number fields.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs
- Identifier string
- Name of the username field.
- Identifier string
- Name of the username field.
- identifier String
- Name of the username field.
- identifier string
- Name of the username field.
- identifier str
- Name of the username field.
- identifier String
- Name of the username field.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspection, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionArgs
- Body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- Header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- Json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- Status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- Body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- Header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- Json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- Status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body_
contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- status_
code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Acfp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body
Contains Property Map - Configures inspection of the response body. See below.
- header Property Map
- Configures inspection of the response header. See below.
- json Property Map
- Configures inspection of the response JSON. See below.
- status
Code Property Map - Configures inspection of the response status code. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs
- Failure
Strings List<string> - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings List<string> - Strings in the body of the response that indicate a successful login attempt.
- Failure
Strings []string - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings []string - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings string[] - Strings in the body of the response that indicate a failed login attempt.
- success
Strings string[] - Strings in the body of the response that indicate a successful login attempt.
- failure_
strings Sequence[str] - Strings in the body of the response that indicate a failed login attempt.
- success_
strings Sequence[str] - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionHeader, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs
- Failure
Values List<string> - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- Name of the header to match against. The name must be an exact match, including case.
- Success
Values List<string> - Values in the response header with the specified name that indicate a successful login attempt.
- Failure
Values []string - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- Name of the header to match against. The name must be an exact match, including case.
- Success
Values []string - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- Name of the header to match against. The name must be an exact match, including case.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values string[] - Values in the response header with the specified name that indicate a failed login attempt.
- name string
- Name of the header to match against. The name must be an exact match, including case.
- success
Values string[] - Values in the response header with the specified name that indicate a successful login attempt.
- failure_
values Sequence[str] - Values in the response header with the specified name that indicate a failed login attempt.
- name str
- Name of the header to match against. The name must be an exact match, including case.
- success_
values Sequence[str] - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- Name of the header to match against. The name must be an exact match, including case.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionJson, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs
- Failure
Values List<string> - Strings that indicate a failed login or account creation attempt
- Identifier string
- Identifier for the value to match against in the JSON.
- Success
Values List<string> - Strings that indicate a successful login or account creation attempt
- Failure
Values []string - Strings that indicate a failed login or account creation attempt
- Identifier string
- Identifier for the value to match against in the JSON.
- Success
Values []string - Strings that indicate a successful login or account creation attempt
- failure
Values List<String> - Strings that indicate a failed login or account creation attempt
- identifier String
- Identifier for the value to match against in the JSON.
- success
Values List<String> - Strings that indicate a successful login or account creation attempt
- failure
Values string[] - Strings that indicate a failed login or account creation attempt
- identifier string
- Identifier for the value to match against in the JSON.
- success
Values string[] - Strings that indicate a successful login or account creation attempt
- failure_
values Sequence[str] - Strings that indicate a failed login or account creation attempt
- identifier str
- Identifier for the value to match against in the JSON.
- success_
values Sequence[str] - Strings that indicate a successful login or account creation attempt
- failure
Values List<String> - Strings that indicate a failed login or account creation attempt
- identifier String
- Identifier for the value to match against in the JSON.
- success
Values List<String> - Strings that indicate a successful login or account creation attempt
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs
- Failure
Codes List<int> - Status codes in the response that indicate a failed login attempt.
- Success
Codes List<int> - Status codes in the response that indicate a successful login attempt.
- Failure
Codes []int - Status codes in the response that indicate a failed login attempt.
- Success
Codes []int - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Integer> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Integer> - Status codes in the response that indicate a successful login attempt.
- failure
Codes number[] - Status codes in the response that indicate a failed login attempt.
- success
Codes number[] - Status codes in the response that indicate a successful login attempt.
- failure_
codes Sequence[int] - Status codes in the response that indicate a failed login attempt.
- success_
codes Sequence[int] - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Number> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Number> - Status codes in the response that indicate a successful login attempt.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSet, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetArgs
- Client
Side WebAction Config Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config - Configuration for the request handling that's applied by the managed rule group rules
ChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack. See below. - Sensitivity
To stringBlock - Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW(Default),MEDIUM, andHIGH.
- Client
Side WebAction Config Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config - Configuration for the request handling that's applied by the managed rule group rules
ChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack. See below. - Sensitivity
To stringBlock - Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW(Default),MEDIUM, andHIGH.
- client
Side WebAction Config Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config - Configuration for the request handling that's applied by the managed rule group rules
ChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack. See below. - sensitivity
To StringBlock - Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW(Default),MEDIUM, andHIGH.
- client
Side WebAction Config Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config - Configuration for the request handling that's applied by the managed rule group rules
ChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack. See below. - sensitivity
To stringBlock - Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW(Default),MEDIUM, andHIGH.
- client_
side_ Webaction_ config Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config - Configuration for the request handling that's applied by the managed rule group rules
ChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack. See below. - sensitivity_
to_ strblock - Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW(Default),MEDIUM, andHIGH.
- client
Side Property MapAction Config - Configuration for the request handling that's applied by the managed rule group rules
ChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack. See below. - sensitivity
To StringBlock - Sensitivity that the rule group rule DDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW(Default),MEDIUM, andHIGH.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfig, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs
- Challenge
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Configuration for the use of the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequests. See below.
- Challenge
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Configuration for the use of the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequests. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Configuration for the use of the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequests. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Configuration for the use of the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequests. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge - Configuration for the use of the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequests. See below.
- challenge Property Map
- Configuration for the use of the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequests. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs
- Usage
Of stringAction - Configuration whether to use the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequestsin the rule group evaluation. Valid values areENABLEDandDISABLED. - Exempt
Uri List<WebRegular Expressions Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge Exempt Uri Regular Expression> - Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. See below.
- Sensitivity string
- Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW,MEDIUMandHIGH(Default).
- Usage
Of stringAction - Configuration whether to use the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequestsin the rule group evaluation. Valid values areENABLEDandDISABLED. - Exempt
Uri []WebRegular Expressions Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge Exempt Uri Regular Expression - Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. See below.
- Sensitivity string
- Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW,MEDIUMandHIGH(Default).
- usage
Of StringAction - Configuration whether to use the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequestsin the rule group evaluation. Valid values areENABLEDandDISABLED. - exempt
Uri List<WebRegular Expressions Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge Exempt Uri Regular Expression> - Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. See below.
- sensitivity String
- Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW,MEDIUMandHIGH(Default).
- usage
Of stringAction - Configuration whether to use the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequestsin the rule group evaluation. Valid values areENABLEDandDISABLED. - exempt
Uri WebRegular Expressions Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge Exempt Uri Regular Expression[] - Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. See below.
- sensitivity string
- Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW,MEDIUMandHIGH(Default).
- usage_
of_ straction - Configuration whether to use the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequestsin the rule group evaluation. Valid values areENABLEDandDISABLED. - exempt_
uri_ Sequence[Webregular_ expressions Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Anti Ddos Rule Set Client Side Action Config Challenge Exempt Uri Regular Expression] - Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. See below.
- sensitivity str
- Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW,MEDIUMandHIGH(Default).
- usage
Of StringAction - Configuration whether to use the
AWSManagedRulesAntiDDoSRuleSetrulesChallengeAllDuringEventandChallengeDDoSRequestsin the rule group evaluation. Valid values areENABLEDandDISABLED. - exempt
Uri List<Property Map>Regular Expressions - Block for the list of the regular expressions to match against the web request URI, used to identify requests that can't handle a silent browser challenge. See below.
- sensitivity String
- Sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. Valid values are
LOW,MEDIUMandHIGH(Default).
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs
- Regex
String string - Regular expression string.
- Regex
String string - Regular expression string.
- regex
String String - Regular expression string.
- regex
String string - Regular expression string.
- regex_
string str - Regular expression string.
- regex
String String - Regular expression string.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSet, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetArgs
- Login
Path string - Path of the login endpoint for your application.
- Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- Response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- Login
Path string - Path of the login endpoint for your application.
- Enable
Regex boolIn Path - Whether or not to allow the use of regular expressions in the login page path.
- Request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- Response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- login
Path String - Path of the login endpoint for your application.
- enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- login
Path string - Path of the login endpoint for your application.
- enable
Regex booleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response
Inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- login_
path str - Path of the login endpoint for your application.
- enable_
regex_ boolin_ path - Whether or not to allow the use of regular expressions in the login page path.
- request_
inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response_
inspection WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
- login
Path String - Path of the login endpoint for your application.
- enable
Regex BooleanIn Path - Whether or not to allow the use of regular expressions in the login page path.
- request
Inspection Property Map - Criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See below.
- response
Inspection Property Map - Criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspection, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionArgs
- Payload
Type string - Payload type for your login endpoint, either JSON or form encoded.
- Password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- Username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- Payload
Type string - Payload type for your login endpoint, either JSON or form encoded.
- Password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- Username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload
Type String - Payload type for your login endpoint, either JSON or form encoded.
- password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload
Type string - Payload type for your login endpoint, either JSON or form encoded.
- password
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- username
Field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload_
type str - Payload type for your login endpoint, either JSON or form encoded.
- password_
field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Password Field - Details about your login page password field. See below.
- username_
field WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Request Inspection Username Field - Details about your login page username field. See below.
- payload
Type String - Payload type for your login endpoint, either JSON or form encoded.
- password
Field Property Map - Details about your login page password field. See below.
- username
Field Property Map - Details about your login page username field. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionPasswordField, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs
- Identifier string
- Name of the password field.
- Identifier string
- Name of the password field.
- identifier String
- Name of the password field.
- identifier string
- Name of the password field.
- identifier str
- Name of the password field.
- identifier String
- Name of the password field.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionUsernameField, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs
- Identifier string
- Name of the username field.
- Identifier string
- Name of the username field.
- identifier String
- Name of the username field.
- identifier string
- Name of the username field.
- identifier str
- Name of the username field.
- identifier String
- Name of the username field.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspection, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionArgs
- Body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- Header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- Json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- Status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- Body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- Header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- Json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- Status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body
Contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- status
Code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body_
contains WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Body Contains - Configures inspection of the response body. See below.
- header
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Header - Configures inspection of the response header. See below.
- json
Web
Acl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Json - Configures inspection of the response JSON. See below.
- status_
code WebAcl Rule Group Association Managed Rule Group Managed Rule Group Configs Aws Managed Rules Atp Rule Set Response Inspection Status Code - Configures inspection of the response status code. See below.
- body
Contains Property Map - Configures inspection of the response body. See below.
- header Property Map
- Configures inspection of the response header. See below.
- json Property Map
- Configures inspection of the response JSON. See below.
- status
Code Property Map - Configures inspection of the response status code. See below.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionBodyContains, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs
- Failure
Strings List<string> - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings List<string> - Strings in the body of the response that indicate a successful login attempt.
- Failure
Strings []string - Strings in the body of the response that indicate a failed login attempt.
- Success
Strings []string - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings string[] - Strings in the body of the response that indicate a failed login attempt.
- success
Strings string[] - Strings in the body of the response that indicate a successful login attempt.
- failure_
strings Sequence[str] - Strings in the body of the response that indicate a failed login attempt.
- success_
strings Sequence[str] - Strings in the body of the response that indicate a successful login attempt.
- failure
Strings List<String> - Strings in the body of the response that indicate a failed login attempt.
- success
Strings List<String> - Strings in the body of the response that indicate a successful login attempt.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionHeader, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs
- Failure
Values List<string> - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- Name of the header to match against. The name must be an exact match, including case.
- Success
Values List<string> - Values in the response header with the specified name that indicate a successful login attempt.
- Failure
Values []string - Values in the response header with the specified name that indicate a failed login attempt.
- Name string
- Name of the header to match against. The name must be an exact match, including case.
- Success
Values []string - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- Name of the header to match against. The name must be an exact match, including case.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values string[] - Values in the response header with the specified name that indicate a failed login attempt.
- name string
- Name of the header to match against. The name must be an exact match, including case.
- success
Values string[] - Values in the response header with the specified name that indicate a successful login attempt.
- failure_
values Sequence[str] - Values in the response header with the specified name that indicate a failed login attempt.
- name str
- Name of the header to match against. The name must be an exact match, including case.
- success_
values Sequence[str] - Values in the response header with the specified name that indicate a successful login attempt.
- failure
Values List<String> - Values in the response header with the specified name that indicate a failed login attempt.
- name String
- Name of the header to match against. The name must be an exact match, including case.
- success
Values List<String> - Values in the response header with the specified name that indicate a successful login attempt.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionJson, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs
- Failure
Values List<string> - Strings that indicate a failed login or account creation attempt
- Identifier string
- Identifier for the value to match against in the JSON.
- Success
Values List<string> - Strings that indicate a successful login or account creation attempt
- Failure
Values []string - Strings that indicate a failed login or account creation attempt
- Identifier string
- Identifier for the value to match against in the JSON.
- Success
Values []string - Strings that indicate a successful login or account creation attempt
- failure
Values List<String> - Strings that indicate a failed login or account creation attempt
- identifier String
- Identifier for the value to match against in the JSON.
- success
Values List<String> - Strings that indicate a successful login or account creation attempt
- failure
Values string[] - Strings that indicate a failed login or account creation attempt
- identifier string
- Identifier for the value to match against in the JSON.
- success
Values string[] - Strings that indicate a successful login or account creation attempt
- failure_
values Sequence[str] - Strings that indicate a failed login or account creation attempt
- identifier str
- Identifier for the value to match against in the JSON.
- success_
values Sequence[str] - Strings that indicate a successful login or account creation attempt
- failure
Values List<String> - Strings that indicate a failed login or account creation attempt
- identifier String
- Identifier for the value to match against in the JSON.
- success
Values List<String> - Strings that indicate a successful login or account creation attempt
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionStatusCode, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs
- Failure
Codes List<int> - Status codes in the response that indicate a failed login attempt.
- Success
Codes List<int> - Status codes in the response that indicate a successful login attempt.
- Failure
Codes []int - Status codes in the response that indicate a failed login attempt.
- Success
Codes []int - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Integer> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Integer> - Status codes in the response that indicate a successful login attempt.
- failure
Codes number[] - Status codes in the response that indicate a failed login attempt.
- success
Codes number[] - Status codes in the response that indicate a successful login attempt.
- failure_
codes Sequence[int] - Status codes in the response that indicate a failed login attempt.
- success_
codes Sequence[int] - Status codes in the response that indicate a successful login attempt.
- failure
Codes List<Number> - Status codes in the response that indicate a failed login attempt.
- success
Codes List<Number> - Status codes in the response that indicate a successful login attempt.
WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesBotControlRuleSet, WebAclRuleGroupAssociationManagedRuleGroupManagedRuleGroupConfigsAwsManagedRulesBotControlRuleSetArgs
- Inspection
Level string - Inspection level to use for the Bot Control rule group.
- Enable
Machine boolLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
false.
- Inspection
Level string - Inspection level to use for the Bot Control rule group.
- Enable
Machine boolLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
false.
- inspection
Level String - Inspection level to use for the Bot Control rule group.
- enable
Machine BooleanLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
false.
- inspection
Level string - Inspection level to use for the Bot Control rule group.
- enable
Machine booleanLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
false.
- inspection_
level str - Inspection level to use for the Bot Control rule group.
- enable_
machine_ boollearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
false.
- inspection
Level String - Inspection level to use for the Bot Control rule group.
- enable
Machine BooleanLearning - Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to
false.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverride, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideArgs
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name str
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action_
to_ Webuse Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To Property MapUse - Action to use instead of the rule's original action. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUse, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseArgs
- Allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- Allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow Property Map
- Allow the request. See below.
- block Property Map
- Block the request. See below.
- captcha Property Map
- Require CAPTCHA verification. See below.
- challenge Property Map
- Require challenge verification. See below.
- count Property Map
- Count the request without taking action. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllow, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request Property MapHandling - Custom handling for allowed requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Allow Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlock, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockArgs
- Custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- Custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom_
response WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response Property Map - Custom response for blocked requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseArgs
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header - Headers to include in the response. See below.
- response
Code Integer - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- response
Code number - HTTP response code to return (200-599).
- custom
Response stringBody Key - Key of a custom response body to use.
- response
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header[] - Headers to include in the response. See below.
- response_
code int - HTTP response code to return (200-599).
- custom_
response_ strbody_ key - Key of a custom response body to use.
- response_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Block Custom Response Response Header] - Headers to include in the response. See below.
- response
Code Number - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<Property Map> - Headers to include in the response. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptcha, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request Property MapHandling - Custom handling for CAPTCHA requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Captcha Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallenge, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request Property MapHandling - Custom handling for challenge requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Challenge Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCount, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountArgs
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request Property MapHandling - Custom handling for counted requests. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Managed Rule Group Rule Action Override Action To Use Count Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationManagedRuleGroupRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReference, WebAclRuleGroupAssociationRuleGroupReferenceArgs
- Arn string
- ARN of the Rule Group to associate with the Web ACL.
- Rule
Action List<WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override> - Override actions for specific rules within the rule group. See below.
- Arn string
- ARN of the Rule Group to associate with the Web ACL.
- Rule
Action []WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override - Override actions for specific rules within the rule group. See below.
- arn String
- ARN of the Rule Group to associate with the Web ACL.
- rule
Action List<WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override> - Override actions for specific rules within the rule group. See below.
- arn string
- ARN of the Rule Group to associate with the Web ACL.
- rule
Action WebOverrides Acl Rule Group Association Rule Group Reference Rule Action Override[] - Override actions for specific rules within the rule group. See below.
- arn str
- ARN of the Rule Group to associate with the Web ACL.
- rule_
action_ Sequence[Weboverrides Acl Rule Group Association Rule Group Reference Rule Action Override] - Override actions for specific rules within the rule group. See below.
- arn String
- ARN of the Rule Group to associate with the Web ACL.
- rule
Action List<Property Map>Overrides - Override actions for specific rules within the rule group. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverride, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideArgs
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- Name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- Action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name string
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To WebUse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name str
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action_
to_ Webuse Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use - Action to use instead of the rule's original action. See below.
- name String
- Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
- action
To Property MapUse - Action to use instead of the rule's original action. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUse, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseArgs
- Allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- Allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- Block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- Captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- Challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- Count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow - Allow the request. See below.
- block
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block - Block the request. See below.
- captcha
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha - Require CAPTCHA verification. See below.
- challenge
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge - Require challenge verification. See below.
- count
Web
Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count - Count the request without taking action. See below.
- allow Property Map
- Allow the request. See below.
- block Property Map
- Block the request. See below.
- captcha Property Map
- Require CAPTCHA verification. See below.
- challenge Property Map
- Require challenge verification. See below.
- count Property Map
- Count the request without taking action. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllow, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling - Custom handling for allowed requests. See below.
- custom
Request Property MapHandling - Custom handling for allowed requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Allow Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlock, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockArgs
- Custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- Custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom_
response WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response - Custom response for blocked requests. See below.
- custom
Response Property Map - Custom response for blocked requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseArgs
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- Response
Code int - HTTP response code to return (200-599).
- Custom
Response stringBody Key - Key of a custom response body to use.
- Response
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header - Headers to include in the response. See below.
- response
Code Integer - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header> - Headers to include in the response. See below.
- response
Code number - HTTP response code to return (200-599).
- custom
Response stringBody Key - Key of a custom response body to use.
- response
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header[] - Headers to include in the response. See below.
- response_
code int - HTTP response code to return (200-599).
- custom_
response_ strbody_ key - Key of a custom response body to use.
- response_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Block Custom Response Response Header] - Headers to include in the response. See below.
- response
Code Number - HTTP response code to return (200-599).
- custom
Response StringBody Key - Key of a custom response body to use.
- response
Headers List<Property Map> - Headers to include in the response. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptcha, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling - Custom handling for CAPTCHA requests. See below.
- custom
Request Property MapHandling - Custom handling for CAPTCHA requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Captcha Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallenge, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling - Custom handling for challenge requests. See below.
- custom
Request Property MapHandling - Custom handling for challenge requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Challenge Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCount, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountArgs
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- Custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request WebHandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom_
request_ Webhandling Acl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling - Custom handling for counted requests. See below.
- custom
Request Property MapHandling - Custom handling for counted requests. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingArgs
- Insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- Insert
Headers []WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header - Headers to insert into the request. See below.
- insert
Headers List<WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header> - Headers to insert into the request. See below.
- insert
Headers WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header[] - Headers to insert into the request. See below.
- insert_
headers Sequence[WebAcl Rule Group Association Rule Group Reference Rule Action Override Action To Use Count Custom Request Handling Insert Header] - Headers to insert into the request. See below.
- insert
Headers List<Property Map> - Headers to insert into the request. See below.
WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleGroupAssociationRuleGroupReferenceRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs
WebAclRuleGroupAssociationTimeouts, WebAclRuleGroupAssociationTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
WebAclRuleGroupAssociationVisibilityConfig, WebAclRuleGroupAssociationVisibilityConfigArgs
- Cloudwatch
Metrics boolEnabled - Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.
- Metric
Name string - Friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example
AllandDefault_Action. - Sampled
Requests boolEnabled - Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
- Cloudwatch
Metrics boolEnabled - Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.
- Metric
Name string - Friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example
AllandDefault_Action. - Sampled
Requests boolEnabled - Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
- cloudwatch
Metrics BooleanEnabled - Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.
- metric
Name String - Friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example
AllandDefault_Action. - sampled
Requests BooleanEnabled - Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
- cloudwatch
Metrics booleanEnabled - Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.
- metric
Name string - Friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example
AllandDefault_Action. - sampled
Requests booleanEnabled - Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
- cloudwatch_
metrics_ boolenabled - Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.
- metric_
name str - Friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example
AllandDefault_Action. - sampled_
requests_ boolenabled - Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
- cloudwatch
Metrics BooleanEnabled - Whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see AWS WAF Metrics.
- metric
Name String - Friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example
AllandDefault_Action. - sampled
Requests BooleanEnabled - Whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.
Import
Using pulumi import, import WAFv2 web ACL custom rule group associations using WebACLARN,RuleGroupARN,RuleName. For example:
$ pulumi import aws:wafv2/webAclRuleGroupAssociation:WebAclRuleGroupAssociation example "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/example-web-acl/12345678-1234-1234-1234-123456789012,arn:aws:wafv2:us-east-1:123456789012:regional/rulegroup/example-rule-group/87654321-4321-4321-4321-210987654321,example-rule-group-rule"
Using pulumi import, import WAFv2 web ACL managed rule group associations using WebACLARN,VendorName:RuleGroupName[:Version],RuleName. For example:
$ pulumi import aws:wafv2/webAclRuleGroupAssociation:WebAclRuleGroupAssociation managed_example "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/example-web-acl/12345678-1234-1234-1234-123456789012,AWS:AWSManagedRulesCommonRuleSet,aws-common-rule-set"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Viewing docs for AWS v7.22.0
published on Wednesday, Mar 11, 2026 by Pulumi
published on Wednesday, Mar 11, 2026 by Pulumi
