Class WebAclAssociation
Manages an association with WAF Regional Web ACL.
Note: An Application Load Balancer can only be associated with one WAF Regional WebACL.
Application Load Balancer Association Example
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var fooRule = new Aws.WafRegional.Rule("fooRule", new Aws.WafRegional.RuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
});
var fooWebAcl = new Aws.WafRegional.WebAcl("fooWebAcl", new Aws.WafRegional.WebAclArgs
{
DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
{
Type = "ALLOW",
},
MetricName = "foo",
Rules =
{
new Aws.WafRegional.Inputs.WebAclRuleArgs
{
Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
{
Type = "BLOCK",
},
Priority = 1,
RuleId = fooRule.Id,
},
},
});
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync());
var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = available.Apply(available => available.Names[0]),
CidrBlock = "10.1.1.0/24",
VpcId = fooVpc.Id,
});
var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = available.Apply(available => available.Names[1]),
CidrBlock = "10.1.2.0/24",
VpcId = fooVpc.Id,
});
var fooLoadBalancer = new Aws.Alb.LoadBalancer("fooLoadBalancer", new Aws.Alb.LoadBalancerArgs
{
Internal = true,
Subnets =
{
fooSubnet.Id,
bar.Id,
},
});
var fooWebAclAssociation = new Aws.WafRegional.WebAclAssociation("fooWebAclAssociation", new Aws.WafRegional.WebAclAssociationArgs
{
ResourceArn = fooLoadBalancer.Arn,
WebAclId = fooWebAcl.Id,
});
}
}
API Gateway Association Example
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var fooRule = new Aws.WafRegional.Rule("fooRule", new Aws.WafRegional.RuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
});
var fooWebAcl = new Aws.WafRegional.WebAcl("fooWebAcl", new Aws.WafRegional.WebAclArgs
{
DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
{
Type = "ALLOW",
},
MetricName = "foo",
Rules =
{
new Aws.WafRegional.Inputs.WebAclRuleArgs
{
Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
{
Type = "BLOCK",
},
Priority = 1,
RuleId = fooRule.Id,
},
},
});
var testRestApi = new Aws.ApiGateway.RestApi("testRestApi", new Aws.ApiGateway.RestApiArgs
{
});
var testResource = new Aws.ApiGateway.Resource("testResource", new Aws.ApiGateway.ResourceArgs
{
ParentId = testRestApi.RootResourceId,
PathPart = "test",
RestApi = testRestApi.Id,
});
var testMethod = new Aws.ApiGateway.Method("testMethod", new Aws.ApiGateway.MethodArgs
{
Authorization = "NONE",
HttpMethod = "GET",
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
});
var testMethodResponse = new Aws.ApiGateway.MethodResponse("testMethodResponse", new Aws.ApiGateway.MethodResponseArgs
{
HttpMethod = testMethod.HttpMethod,
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
StatusCode = "400",
});
var testIntegration = new Aws.ApiGateway.Integration("testIntegration", new Aws.ApiGateway.IntegrationArgs
{
HttpMethod = testMethod.HttpMethod,
IntegrationHttpMethod = "GET",
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
Type = "HTTP",
Uri = "http://www.example.com",
});
var testIntegrationResponse = new Aws.ApiGateway.IntegrationResponse("testIntegrationResponse", new Aws.ApiGateway.IntegrationResponseArgs
{
HttpMethod = testIntegration.HttpMethod,
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
StatusCode = testMethodResponse.StatusCode,
});
var testDeployment = new Aws.ApiGateway.Deployment("testDeployment", new Aws.ApiGateway.DeploymentArgs
{
RestApi = testRestApi.Id,
});
var testStage = new Aws.ApiGateway.Stage("testStage", new Aws.ApiGateway.StageArgs
{
Deployment = testDeployment.Id,
RestApi = testRestApi.Id,
StageName = "test",
});
var association = new Aws.WafRegional.WebAclAssociation("association", new Aws.WafRegional.WebAclAssociationArgs
{
ResourceArn = testStage.Arn,
WebAclId = fooWebAcl.Id,
});
}
}
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.WafRegional
Assembly: Pulumi.Aws.dll
Syntax
public class WebAclAssociation : CustomResourceConstructors
View SourceWebAclAssociation(String, WebAclAssociationArgs, CustomResourceOptions)
Create a WebAclAssociation resource with the given unique name, arguments, and options.
Declaration
public WebAclAssociation(string name, WebAclAssociationArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| WebAclAssociationArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceResourceArn
ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.
Declaration
public Output<string> ResourceArn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
WebAclId
The ID of the WAF Regional WebACL to create an association.
Declaration
public Output<string> WebAclId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, WebAclAssociationState, CustomResourceOptions)
Get an existing WebAclAssociation resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static WebAclAssociation Get(string name, Input<string> id, WebAclAssociationState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| WebAclAssociationState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| WebAclAssociation |