Namespace Pulumi.Aws.WafRegional
Classes
ByteMatchSet
Provides a WAF Regional Byte Match Set Resource for use with Application Load Balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var byteSet = new Aws.WafRegional.ByteMatchSet("byteSet", new Aws.WafRegional.ByteMatchSetArgs
{
ByteMatchTuples =
{
new Aws.WafRegional.Inputs.ByteMatchSetByteMatchTupleArgs
{
FieldToMatch = new Aws.WafRegional.Inputs.ByteMatchSetByteMatchTupleFieldToMatchArgs
{
Data = "referer",
Type = "HEADER",
},
PositionalConstraint = "CONTAINS",
TargetString = "badrefer1",
TextTransformation = "NONE",
},
},
});
}
}
ByteMatchSetArgs
ByteMatchSetState
GeoMatchSet
Provides a WAF Regional Geo Match Set Resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var geoMatchSet = new Aws.WafRegional.GeoMatchSet("geoMatchSet", new Aws.WafRegional.GeoMatchSetArgs
{
GeoMatchConstraints =
{
new Aws.WafRegional.Inputs.GeoMatchSetGeoMatchConstraintArgs
{
Type = "Country",
Value = "US",
},
new Aws.WafRegional.Inputs.GeoMatchSetGeoMatchConstraintArgs
{
Type = "Country",
Value = "CA",
},
},
});
}
}
GeoMatchSetArgs
GeoMatchSetState
GetIpset
GetIpsetArgs
GetIpsetResult
GetRateBasedMod
GetRateBasedModArgs
GetRateBasedModResult
GetRule
GetRuleArgs
GetRuleResult
GetWebAcl
GetWebAclArgs
GetWebAclResult
IpSet
Provides a WAF Regional IPSet Resource for use with Application Load Balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "10.16.16.0/16",
},
},
});
}
}
IpSetArgs
IpSetState
RateBasedRule
Provides a WAF Rate Based Rule Resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var wafrule = new Aws.WafRegional.RateBasedRule("wafrule", new Aws.WafRegional.RateBasedRuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RateBasedRulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
RateKey = "IP",
RateLimit = 100,
});
}
}
RateBasedRuleArgs
RateBasedRuleState
RegexMatchSet
Provides a WAF Regional Regex Match Set Resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleRegexPatternSet = new Aws.WafRegional.RegexPatternSet("exampleRegexPatternSet", new Aws.WafRegional.RegexPatternSetArgs
{
RegexPatternStrings =
{
"one",
"two",
},
});
var exampleRegexMatchSet = new Aws.WafRegional.RegexMatchSet("exampleRegexMatchSet", new Aws.WafRegional.RegexMatchSetArgs
{
RegexMatchTuples =
{
new Aws.WafRegional.Inputs.RegexMatchSetRegexMatchTupleArgs
{
FieldToMatch = new Aws.WafRegional.Inputs.RegexMatchSetRegexMatchTupleFieldToMatchArgs
{
Data = "User-Agent",
Type = "HEADER",
},
RegexPatternSetId = exampleRegexPatternSet.Id,
TextTransformation = "NONE",
},
},
});
}
}
RegexMatchSetArgs
RegexMatchSetState
RegexPatternSet
Provides a WAF Regional Regex Pattern Set Resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.WafRegional.RegexPatternSet("example", new Aws.WafRegional.RegexPatternSetArgs
{
RegexPatternStrings =
{
"one",
"two",
},
});
}
}
RegexPatternSetArgs
RegexPatternSetState
Rule
Provides an WAF Regional Rule Resource for use with Application Load Balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var wafrule = new Aws.WafRegional.Rule("wafrule", new Aws.WafRegional.RuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
});
}
}
Nested Fields
predicate
See the WAF Documentation for more information.
Arguments
type- (Required) The type of predicate in a rule. Valid values:ByteMatch,GeoMatch,IPMatch,RegexMatch,SizeConstraint,SqlInjectionMatch, orXssMatchdata_id- (Required) The unique identifier of a predicate, such as the ID of aByteMatchSetorIPSet.negated- (Required) Whether to use the settings or the negated settings that you specified in the objects.
RuleArgs
RuleGroup
Provides a WAF Regional Rule Group Resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleRule = new Aws.WafRegional.Rule("exampleRule", new Aws.WafRegional.RuleArgs
{
MetricName = "example",
});
var exampleRuleGroup = new Aws.WafRegional.RuleGroup("exampleRuleGroup", new Aws.WafRegional.RuleGroupArgs
{
ActivatedRules =
{
new Aws.WafRegional.Inputs.RuleGroupActivatedRuleArgs
{
Action = new Aws.WafRegional.Inputs.RuleGroupActivatedRuleActionArgs
{
Type = "COUNT",
},
Priority = 50,
RuleId = exampleRule.Id,
},
},
MetricName = "example",
});
}
}
RuleGroupArgs
RuleGroupState
RuleState
SizeConstraintSet
Provides a WAF Regional Size Constraint Set Resource for use with Application Load Balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var sizeConstraintSet = new Aws.WafRegional.SizeConstraintSet("sizeConstraintSet", new Aws.WafRegional.SizeConstraintSetArgs
{
SizeConstraints =
{
new Aws.WafRegional.Inputs.SizeConstraintSetSizeConstraintArgs
{
ComparisonOperator = "EQ",
FieldToMatch = new Aws.WafRegional.Inputs.SizeConstraintSetSizeConstraintFieldToMatchArgs
{
Type = "BODY",
},
Size = "4096",
TextTransformation = "NONE",
},
},
});
}
}
SizeConstraintSetArgs
SizeConstraintSetState
SqlInjectionMatchSet
Provides a WAF Regional SQL Injection Match Set Resource for use with Application Load Balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var sqlInjectionMatchSet = new Aws.WafRegional.SqlInjectionMatchSet("sqlInjectionMatchSet", new Aws.WafRegional.SqlInjectionMatchSetArgs
{
SqlInjectionMatchTuples =
{
new Aws.WafRegional.Inputs.SqlInjectionMatchSetSqlInjectionMatchTupleArgs
{
FieldToMatch = new Aws.WafRegional.Inputs.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs
{
Type = "QUERY_STRING",
},
TextTransformation = "URL_DECODE",
},
},
});
}
}
SqlInjectionMatchSetArgs
SqlInjectionMatchSetState
WebAcl
Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.
Example Usage
Regular Rule
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var wafrule = new Aws.WafRegional.Rule("wafrule", new Aws.WafRegional.RuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
});
var wafacl = new Aws.WafRegional.WebAcl("wafacl", new Aws.WafRegional.WebAclArgs
{
DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
{
Type = "ALLOW",
},
MetricName = "tfWebACL",
Rules =
{
new Aws.WafRegional.Inputs.WebAclRuleArgs
{
Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
{
Type = "BLOCK",
},
Priority = 1,
RuleId = wafrule.Id,
Type = "REGULAR",
},
},
});
}
}
Group Rule
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.WafRegional.WebAcl("example", new Aws.WafRegional.WebAclArgs
{
DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
{
Type = "ALLOW",
},
MetricName = "example",
Rules =
{
new Aws.WafRegional.Inputs.WebAclRuleArgs
{
OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs
{
Type = "NONE",
},
Priority = 1,
RuleId = aws_wafregional_rule_group.Example.Id,
Type = "GROUP",
},
},
});
}
}
Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.WafRegional.WebAcl("example", new Aws.WafRegional.WebAclArgs
{
LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs
{
LogDestination = aws_kinesis_firehose_delivery_stream.Example.Arn,
RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs
{
FieldToMatch =
{
{
{ "type", "URI" },
},
{
{ "data", "referer" },
{ "type", "HEADER" },
},
},
},
},
});
}
}
WebAclArgs
WebAclAssociation
Manages an association with WAF Regional Web ACL.
Note: An Application Load Balancer can only be associated with one WAF Regional WebACL.
Application Load Balancer Association Example
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var fooRule = new Aws.WafRegional.Rule("fooRule", new Aws.WafRegional.RuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
});
var fooWebAcl = new Aws.WafRegional.WebAcl("fooWebAcl", new Aws.WafRegional.WebAclArgs
{
DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
{
Type = "ALLOW",
},
MetricName = "foo",
Rules =
{
new Aws.WafRegional.Inputs.WebAclRuleArgs
{
Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
{
Type = "BLOCK",
},
Priority = 1,
RuleId = fooRule.Id,
},
},
});
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync());
var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = available.Apply(available => available.Names[0]),
CidrBlock = "10.1.1.0/24",
VpcId = fooVpc.Id,
});
var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = available.Apply(available => available.Names[1]),
CidrBlock = "10.1.2.0/24",
VpcId = fooVpc.Id,
});
var fooLoadBalancer = new Aws.Alb.LoadBalancer("fooLoadBalancer", new Aws.Alb.LoadBalancerArgs
{
Internal = true,
Subnets =
{
fooSubnet.Id,
bar.Id,
},
});
var fooWebAclAssociation = new Aws.WafRegional.WebAclAssociation("fooWebAclAssociation", new Aws.WafRegional.WebAclAssociationArgs
{
ResourceArn = fooLoadBalancer.Arn,
WebAclId = fooWebAcl.Id,
});
}
}
API Gateway Association Example
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ipset = new Aws.WafRegional.IpSet("ipset", new Aws.WafRegional.IpSetArgs
{
IpSetDescriptors =
{
new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
{
Type = "IPV4",
Value = "192.0.7.0/24",
},
},
});
var fooRule = new Aws.WafRegional.Rule("fooRule", new Aws.WafRegional.RuleArgs
{
MetricName = "tfWAFRule",
Predicates =
{
new Aws.WafRegional.Inputs.RulePredicateArgs
{
DataId = ipset.Id,
Negated = false,
Type = "IPMatch",
},
},
});
var fooWebAcl = new Aws.WafRegional.WebAcl("fooWebAcl", new Aws.WafRegional.WebAclArgs
{
DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
{
Type = "ALLOW",
},
MetricName = "foo",
Rules =
{
new Aws.WafRegional.Inputs.WebAclRuleArgs
{
Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
{
Type = "BLOCK",
},
Priority = 1,
RuleId = fooRule.Id,
},
},
});
var testRestApi = new Aws.ApiGateway.RestApi("testRestApi", new Aws.ApiGateway.RestApiArgs
{
});
var testResource = new Aws.ApiGateway.Resource("testResource", new Aws.ApiGateway.ResourceArgs
{
ParentId = testRestApi.RootResourceId,
PathPart = "test",
RestApi = testRestApi.Id,
});
var testMethod = new Aws.ApiGateway.Method("testMethod", new Aws.ApiGateway.MethodArgs
{
Authorization = "NONE",
HttpMethod = "GET",
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
});
var testMethodResponse = new Aws.ApiGateway.MethodResponse("testMethodResponse", new Aws.ApiGateway.MethodResponseArgs
{
HttpMethod = testMethod.HttpMethod,
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
StatusCode = "400",
});
var testIntegration = new Aws.ApiGateway.Integration("testIntegration", new Aws.ApiGateway.IntegrationArgs
{
HttpMethod = testMethod.HttpMethod,
IntegrationHttpMethod = "GET",
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
Type = "HTTP",
Uri = "http://www.example.com",
});
var testIntegrationResponse = new Aws.ApiGateway.IntegrationResponse("testIntegrationResponse", new Aws.ApiGateway.IntegrationResponseArgs
{
HttpMethod = testIntegration.HttpMethod,
ResourceId = testResource.Id,
RestApi = testRestApi.Id,
StatusCode = testMethodResponse.StatusCode,
});
var testDeployment = new Aws.ApiGateway.Deployment("testDeployment", new Aws.ApiGateway.DeploymentArgs
{
RestApi = testRestApi.Id,
});
var testStage = new Aws.ApiGateway.Stage("testStage", new Aws.ApiGateway.StageArgs
{
Deployment = testDeployment.Id,
RestApi = testRestApi.Id,
StageName = "test",
});
var association = new Aws.WafRegional.WebAclAssociation("association", new Aws.WafRegional.WebAclAssociationArgs
{
ResourceArn = testStage.Arn,
WebAclId = fooWebAcl.Id,
});
}
}
WebAclAssociationArgs
WebAclAssociationState
WebAclState
XssMatchSet
Provides a WAF Regional XSS Match Set Resource for use with Application Load Balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var xssMatchSet = new Aws.WafRegional.XssMatchSet("xssMatchSet", new Aws.WafRegional.XssMatchSetArgs
{
XssMatchTuples =
{
new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleArgs
{
FieldToMatch = new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleFieldToMatchArgs
{
Type = "URI",
},
TextTransformation = "NONE",
},
new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleArgs
{
FieldToMatch = new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleFieldToMatchArgs
{
Type = "QUERY_STRING",
},
TextTransformation = "NONE",
},
},
});
}
}