RateBasedRule

Provides a WAF Rate Based Rule Resource

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var ipset = new Aws.Waf.IpSet("ipset", new Aws.Waf.IpSetArgs
        {
            IpSetDescriptors = 
            {
                new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs
                {
                    Type = "IPV4",
                    Value = "192.0.7.0/24",
                },
            },
        });
        var wafrule = new Aws.Waf.RateBasedRule("wafrule", new Aws.Waf.RateBasedRuleArgs
        {
            MetricName = "tfWAFRule",
            Predicates = 
            {
                new Aws.Waf.Inputs.RateBasedRulePredicateArgs
                {
                    DataId = ipset.Id,
                    Negated = false,
                    Type = "IPMatch",
                },
            },
            RateKey = "IP",
            RateLimit = 100,
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                "aws_waf_ipset.ipset",
            },
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/waf"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        ipset, err := waf.NewIpSet(ctx, "ipset", &waf.IpSetArgs{
            IpSetDescriptors: waf.IpSetIpSetDescriptorArray{
                &waf.IpSetIpSetDescriptorArgs{
                    Type:  pulumi.String("IPV4"),
                    Value: pulumi.String("192.0.7.0/24"),
                },
            },
        })
        if err != nil {
            return err
        }
        _, err = waf.NewRateBasedRule(ctx, "wafrule", &waf.RateBasedRuleArgs{
            MetricName: pulumi.String("tfWAFRule"),
            Predicates: waf.RateBasedRulePredicateArray{
                &waf.RateBasedRulePredicateArgs{
                    DataId:  ipset.ID(),
                    Negated: pulumi.Bool(false),
                    Type:    pulumi.String("IPMatch"),
                },
            },
            RateKey:   pulumi.String("IP"),
            RateLimit: pulumi.Int(100),
        }, pulumi.DependsOn([]pulumi.Resource{
            "aws_waf_ipset.ipset",
        }))
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

ipset = aws.waf.IpSet("ipset", ip_set_descriptors=[{
    "type": "IPV4",
    "value": "192.0.7.0/24",
}])
wafrule = aws.waf.RateBasedRule("wafrule",
    metric_name="tfWAFRule",
    predicates=[{
        "dataId": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }],
    rate_key="IP",
    rate_limit=100,
    opts=ResourceOptions(depends_on=["aws_waf_ipset.ipset"]))

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.RateBasedRule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
    rateKey: "IP",
    rateLimit: 100,
}, { dependsOn: [ipset] });

Create a RateBasedRule Resource

new RateBasedRule(name: string, args: RateBasedRuleArgs, opts?: CustomResourceOptions);

def RateBasedRule(resource_name, opts=None, metric_name=None, name=None, predicates=None, rate_key=None, rate_limit=None, tags=None, __props__=None);

func NewRateBasedRule(ctx *Context, name string, args RateBasedRuleArgs, opts ...ResourceOption) (*RateBasedRule, error)

public RateBasedRule(string name, RateBasedRuleArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args RateBasedRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RateBasedRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RateBasedRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

RateBasedRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The RateBasedRule resource accepts the following input properties:

MetricName string: The name or description for the Amazon CloudWatch metric of this rule.
RateKey string: Valid value is IP.
RateLimit int: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
Name string: The name or description of the rule.
Predicates List<RateBasedRulePredicateArgs>: The objects to include in a rule (documented below).
Tags Dictionary<string, string>: Key-value map of resource tags

MetricName string: The name or description for the Amazon CloudWatch metric of this rule.
RateKey string: Valid value is IP.
RateLimit int: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
Name string: The name or description of the rule.
Predicates []RateBasedRulePredicate: The objects to include in a rule (documented below).
Tags map[string]string: Key-value map of resource tags

metricName string: The name or description for the Amazon CloudWatch metric of this rule.
rateKey string: Valid value is IP.
rateLimit number: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
name string: The name or description of the rule.
predicates RateBasedRulePredicate[]: The objects to include in a rule (documented below).
tags {[key: string]: string}: Key-value map of resource tags

metric_name str: The name or description for the Amazon CloudWatch metric of this rule.
rate_key str: Valid value is IP.
rate_limit float: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
name str: The name or description of the rule.
predicates List[RateBasedRulePredicate]: The objects to include in a rule (documented below).
tags Dict[str, str]: Key-value map of resource tags

Outputs

All input properties are implicitly available as output properties. Additionally, the RateBasedRule resource produces the following output properties:

Arn string: Amazon Resource Name (ARN)
Id string: The provider-assigned unique ID for this managed resource.

Arn string: Amazon Resource Name (ARN)
Id string: The provider-assigned unique ID for this managed resource.

arn string: Amazon Resource Name (ARN)
id string: The provider-assigned unique ID for this managed resource.

arn str: Amazon Resource Name (ARN)
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing RateBasedRule Resource

Get an existing RateBasedRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RateBasedRuleState, opts?: CustomResourceOptions): RateBasedRule

static get(resource_name, id, opts=None, arn=None, metric_name=None, name=None, predicates=None, rate_key=None, rate_limit=None, tags=None, __props__=None);

func GetRateBasedRule(ctx *Context, name string, id IDInput, state *RateBasedRuleState, opts ...ResourceOption) (*RateBasedRule, error)

public static RateBasedRule Get(string name, Input<string> id, RateBasedRuleState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: Amazon Resource Name (ARN)
MetricName string: The name or description for the Amazon CloudWatch metric of this rule.
Name string: The name or description of the rule.
Predicates List<RateBasedRulePredicateArgs>: The objects to include in a rule (documented below).
RateKey string: Valid value is IP.
RateLimit int: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
Tags Dictionary<string, string>: Key-value map of resource tags

Arn string: Amazon Resource Name (ARN)
MetricName string: The name or description for the Amazon CloudWatch metric of this rule.
Name string: The name or description of the rule.
Predicates []RateBasedRulePredicate: The objects to include in a rule (documented below).
RateKey string: Valid value is IP.
RateLimit int: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
Tags map[string]string: Key-value map of resource tags

arn string: Amazon Resource Name (ARN)
metricName string: The name or description for the Amazon CloudWatch metric of this rule.
name string: The name or description of the rule.
predicates RateBasedRulePredicate[]: The objects to include in a rule (documented below).
rateKey string: Valid value is IP.
rateLimit number: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
tags {[key: string]: string}: Key-value map of resource tags

arn str: Amazon Resource Name (ARN)
metric_name str: The name or description for the Amazon CloudWatch metric of this rule.
name str: The name or description of the rule.
predicates List[RateBasedRulePredicate]: The objects to include in a rule (documented below).
rate_key str: Valid value is IP.
rate_limit float: The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
tags Dict[str, str]: Key-value map of resource tags

Supporting Types

RateBasedRulePredicate

See the input and output API doc for this type.

DataId string: A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
Negated bool: Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.
Type string: The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

DataId string: A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
Negated bool: Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.
Type string: The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

dataId string: A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
negated boolean: Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.
type string: The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

dataId str: A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
negated bool: Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.
type str: The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud