1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. waf

Module waf

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Functions

Others

Resources

Resource ByteMatchSet

class ByteMatchSet extends CustomResource

Provides a WAF Byte Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byteSet = new aws.waf.ByteMatchSet("byte_set", {
    byteMatchTuples: [{
        fieldToMatch: {
            data: "referer",
            type: "HEADER",
        },
        positionalConstraint: "CONTAINS",
        targetString: "badrefer1",
        textTransformation: "NONE",
    }],
});

constructor

new ByteMatchSet(name: string, args?: ByteMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a ByteMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ByteMatchSetState, opts?: pulumi.CustomResourceOptions): ByteMatchSet

Get an existing ByteMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ByteMatchSet

Returns true if the given object is an instance of ByteMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property byteMatchTuples

public byteMatchTuples: pulumi.Output<ByteMatchSetByteMatchTuple[] | undefined>;

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Byte Match Set.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GeoMatchSet

class GeoMatchSet extends CustomResource

Provides a WAF Geo Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const geoMatchSet = new aws.waf.GeoMatchSet("geo_match_set", {
    geoMatchConstraints: [
        {
            type: "Country",
            value: "US",
        },
        {
            type: "Country",
            value: "CA",
        },
    ],
});

constructor

new GeoMatchSet(name: string, args?: GeoMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a GeoMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GeoMatchSetState, opts?: pulumi.CustomResourceOptions): GeoMatchSet

Get an existing GeoMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GeoMatchSet

Returns true if the given object is an instance of GeoMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN)

property geoMatchConstraints

public geoMatchConstraints: pulumi.Output<GeoMatchSetGeoMatchConstraint[] | undefined>;

The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the GeoMatchSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IpSet

class IpSet extends CustomResource

Provides a WAF IPSet Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [
        {
            type: "IPV4",
            value: "192.0.7.0/24",
        },
        {
            type: "IPV4",
            value: "10.16.16.0/16",
        },
    ],
});

constructor

new IpSet(name: string, args?: IpSetArgs, opts?: pulumi.CustomResourceOptions)

Create a IpSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IpSetState, opts?: pulumi.CustomResourceOptions): IpSet

Get an existing IpSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IpSet

Returns true if the given object is an instance of IpSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the WAF IPSet.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipSetDescriptors

public ipSetDescriptors: pulumi.Output<IpSetIpSetDescriptor[] | undefined>;

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.

property name

public name: pulumi.Output<string>;

The name or description of the IPSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RateBasedRule

class RateBasedRule extends CustomResource

Provides a WAF Rate Based Rule Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.RateBasedRule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
    rateKey: "IP",
    rateLimit: 100,
}, { dependsOn: [ipset] });

constructor

new RateBasedRule(name: string, args: RateBasedRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a RateBasedRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RateBasedRuleState, opts?: pulumi.CustomResourceOptions): RateBasedRule

Get an existing RateBasedRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RateBasedRule

Returns true if the given object is an instance of RateBasedRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metricName

public metricName: pulumi.Output<string>;

The name or description for the Amazon CloudWatch metric of this rule.

property name

public name: pulumi.Output<string>;

The name or description of the rule.

property predicates

public predicates: pulumi.Output<RateBasedRulePredicate[] | undefined>;

The objects to include in a rule (documented below).

property rateKey

public rateKey: pulumi.Output<string>;

Valid value is IP.

property rateLimit

public rateLimit: pulumi.Output<number>;

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value map of resource tags

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RegexMatchSet

class RegexMatchSet extends CustomResource

Provides a WAF Regex Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRegexPatternSet = new aws.waf.RegexPatternSet("example", {
    regexPatternStrings: [
        "one",
        "two",
    ],
});
const exampleRegexMatchSet = new aws.waf.RegexMatchSet("example", {
    regexMatchTuples: [{
        fieldToMatch: {
            data: "User-Agent",
            type: "HEADER",
        },
        regexPatternSetId: exampleRegexPatternSet.id,
        textTransformation: "NONE",
    }],
});

constructor

new RegexMatchSet(name: string, args?: RegexMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a RegexMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegexMatchSetState, opts?: pulumi.CustomResourceOptions): RegexMatchSet

Get an existing RegexMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RegexMatchSet

Returns true if the given object is an instance of RegexMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Regex Match Set.

property regexMatchTuples

public regexMatchTuples: pulumi.Output<RegexMatchSetRegexMatchTuple[] | undefined>;

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RegexPatternSet

class RegexPatternSet extends CustomResource

Provides a WAF Regex Pattern Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.waf.RegexPatternSet("example", {
    regexPatternStrings: [
        "one",
        "two",
    ],
});

constructor

new RegexPatternSet(name: string, args?: RegexPatternSetArgs, opts?: pulumi.CustomResourceOptions)

Create a RegexPatternSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RegexPatternSetState, opts?: pulumi.CustomResourceOptions): RegexPatternSet

Get an existing RegexPatternSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RegexPatternSet

Returns true if the given object is an instance of RegexPatternSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Regex Pattern Set.

property regexPatternStrings

public regexPatternStrings: pulumi.Output<string[] | undefined>;

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Rule

class Rule extends CustomResource

Provides a WAF Rule Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.Rule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
}, { dependsOn: [ipset] });

constructor

new Rule(name: string, args: RuleArgs, opts?: pulumi.CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleState, opts?: pulumi.CustomResourceOptions): Rule

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Rule

Returns true if the given object is an instance of Rule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the WAF rule.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metricName

public metricName: pulumi.Output<string>;

The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can’t contain whitespace.

property name

public name: pulumi.Output<string>;

The name or description of the rule.

property predicates

public predicates: pulumi.Output<RulePredicate[] | undefined>;

The objects to include in a rule (documented below).

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value map of resource tags

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RuleGroup

class RuleGroup extends CustomResource

Provides a WAF Rule Group Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRule = new aws.waf.Rule("example", {
    metricName: "example",
});
const exampleRuleGroup = new aws.waf.RuleGroup("example", {
    activatedRules: [{
        action: {
            type: "COUNT",
        },
        priority: 50,
        ruleId: exampleRule.id,
    }],
    metricName: "example",
});

constructor

new RuleGroup(name: string, args: RuleGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a RuleGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleGroupState, opts?: pulumi.CustomResourceOptions): RuleGroup

Get an existing RuleGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RuleGroup

Returns true if the given object is an instance of RuleGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activatedRules

public activatedRules: pulumi.Output<RuleGroupActivatedRule[] | undefined>;

A list of activated rules, see below

property arn

public arn: pulumi.Output<string>;

The ARN of the WAF rule group.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metricName

public metricName: pulumi.Output<string>;

A friendly name for the metrics from the rule group

property name

public name: pulumi.Output<string>;

A friendly name of the rule group

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value map of resource tags

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SizeConstraintSet

class SizeConstraintSet extends CustomResource

Provides a WAF Size Constraint Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const sizeConstraintSet = new aws.waf.SizeConstraintSet("size_constraint_set", {
    sizeConstraints: [{
        comparisonOperator: "EQ",
        fieldToMatch: {
            type: "BODY",
        },
        size: 4096,
        textTransformation: "NONE",
    }],
});

constructor

new SizeConstraintSet(name: string, args?: SizeConstraintSetArgs, opts?: pulumi.CustomResourceOptions)

Create a SizeConstraintSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SizeConstraintSetState, opts?: pulumi.CustomResourceOptions): SizeConstraintSet

Get an existing SizeConstraintSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SizeConstraintSet

Returns true if the given object is an instance of SizeConstraintSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the Size Constraint Set.

property sizeConstraints

public sizeConstraints: pulumi.Output<SizeConstraintSetSizeConstraint[] | undefined>;

Specifies the parts of web requests that you want to inspect the size of.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SqlInjectionMatchSet

class SqlInjectionMatchSet extends CustomResource

Provides a WAF SQL Injection Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const sqlInjectionMatchSet = new aws.waf.SqlInjectionMatchSet("sql_injection_match_set", {
    sqlInjectionMatchTuples: [{
        fieldToMatch: {
            type: "QUERY_STRING",
        },
        textTransformation: "URL_DECODE",
    }],
});

constructor

new SqlInjectionMatchSet(name: string, args?: SqlInjectionMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a SqlInjectionMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SqlInjectionMatchSetState, opts?: pulumi.CustomResourceOptions): SqlInjectionMatchSet

Get an existing SqlInjectionMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SqlInjectionMatchSet

Returns true if the given object is an instance of SqlInjectionMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the SQL Injection Match Set.

property sqlInjectionMatchTuples

public sqlInjectionMatchTuples: pulumi.Output<SqlInjectionMatchSetSqlInjectionMatchTuple[] | undefined>;

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource WebAcl

class WebAcl extends CustomResource

Provides a WAF Web ACL Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.waf.IpSet("ipset", {
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.waf.Rule("wafrule", {
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
}, { dependsOn: [ipset] });
const wafAcl = new aws.waf.WebAcl("waf_acl", {
    defaultAction: {
        type: "ALLOW",
    },
    metricName: "tfWebACL",
    rules: [{
        action: {
            type: "BLOCK",
        },
        priority: 1,
        ruleId: wafrule.id,
        type: "REGULAR",
    }],
}, { dependsOn: [ipset, wafrule] });
Logging
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.waf.WebAcl("example", {
    // ... other configuration ...
    loggingConfiguration: {
        logDestination: aws_kinesis_firehose_delivery_stream_example.arn,
        redactedFields: {
            fieldToMatches: [
                {
                    type: "URI",
                },
                {
                    data: "referer",
                    type: "HEADER",
                },
            ],
        },
    },
});

constructor

new WebAcl(name: string, args: WebAclArgs, opts?: pulumi.CustomResourceOptions)

Create a WebAcl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebAclState, opts?: pulumi.CustomResourceOptions): WebAcl

Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is WebAcl

Returns true if the given object is an instance of WebAcl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the WAF WebACL.

property defaultAction

public defaultAction: pulumi.Output<WebAclDefaultAction>;

Configuration block with action that you want AWS WAF to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL. Detailed below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property loggingConfiguration

public loggingConfiguration: pulumi.Output<WebAclLoggingConfiguration | undefined>;

Configuration block to enable WAF logging. Detailed below.

property metricName

public metricName: pulumi.Output<string>;

The name or description for the Amazon CloudWatch metric of this web ACL.

property name

public name: pulumi.Output<string>;

The name or description of the web ACL.

property rules

public rules: pulumi.Output<WebAclRule[] | undefined>;

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value map of resource tags

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource XssMatchSet

class XssMatchSet extends CustomResource

Provides a WAF XSS Match Set Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const xssMatchSet = new aws.waf.XssMatchSet("xss_match_set", {
    xssMatchTuples: [
        {
            fieldToMatch: {
                type: "URI",
            },
            textTransformation: "NONE",
        },
        {
            fieldToMatch: {
                type: "QUERY_STRING",
            },
            textTransformation: "NONE",
        },
    ],
});

constructor

new XssMatchSet(name: string, args?: XssMatchSetArgs, opts?: pulumi.CustomResourceOptions)

Create a XssMatchSet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: XssMatchSetState, opts?: pulumi.CustomResourceOptions): XssMatchSet

Get an existing XssMatchSet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is XssMatchSet

Returns true if the given object is an instance of XssMatchSet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name or description of the SizeConstraintSet.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property xssMatchTuples

public xssMatchTuples: pulumi.Output<XssMatchSetXssMatchTuple[] | undefined>;

The parts of web requests that you want to inspect for cross-site scripting attacks.

Functions

Function getIpset

getIpset(args: GetIpsetArgs, opts?: pulumi.InvokeOptions): Promise<GetIpsetResult>

aws.waf.IpSet Retrieves a WAF IP Set Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getIpset({
    name: "tfWAFIPSet",
}, { async: true }));

Function getRateBasedRule

getRateBasedRule(args: GetRateBasedRuleArgs, opts?: pulumi.InvokeOptions): Promise<GetRateBasedRuleResult>

aws.waf.RateBasedRule Retrieves a WAF Rate Based Rule Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getRateBasedRule({
    name: "tfWAFRateBasedRule",
}, { async: true }));

Function getRule

getRule(args: GetRuleArgs, opts?: pulumi.InvokeOptions): Promise<GetRuleResult>

aws.waf.Rule Retrieves a WAF Rule Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getRule({
    name: "tfWAFRule",
}, { async: true }));

Function getWebAcl

getWebAcl(args: GetWebAclArgs, opts?: pulumi.InvokeOptions): Promise<GetWebAclResult>

aws.waf.WebAcl Retrieves a WAF Web ACL Resource Id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.waf.getWebAcl({
    name: "tfWAFWebACL",
}, { async: true }));

Others

interface ByteMatchSetArgs

interface ByteMatchSetArgs

The set of arguments for constructing a ByteMatchSet resource.

property byteMatchTuples

byteMatchTuples?: pulumi.Input<pulumi.Input<ByteMatchSetByteMatchTuple>[]>;

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

property name

name?: pulumi.Input<string>;

The name or description of the Byte Match Set.

interface ByteMatchSetState

interface ByteMatchSetState

Input properties used for looking up and filtering ByteMatchSet resources.

property byteMatchTuples

byteMatchTuples?: pulumi.Input<pulumi.Input<ByteMatchSetByteMatchTuple>[]>;

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

property name

name?: pulumi.Input<string>;

The name or description of the Byte Match Set.

interface GeoMatchSetArgs

interface GeoMatchSetArgs

The set of arguments for constructing a GeoMatchSet resource.

property geoMatchConstraints

geoMatchConstraints?: pulumi.Input<pulumi.Input<GeoMatchSetGeoMatchConstraint>[]>;

The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.

property name

name?: pulumi.Input<string>;

The name or description of the GeoMatchSet.

interface GeoMatchSetState

interface GeoMatchSetState

Input properties used for looking up and filtering GeoMatchSet resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN)

property geoMatchConstraints

geoMatchConstraints?: pulumi.Input<pulumi.Input<GeoMatchSetGeoMatchConstraint>[]>;

The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.

property name

name?: pulumi.Input<string>;

The name or description of the GeoMatchSet.

interface GetIpsetArgs

interface GetIpsetArgs

A collection of arguments for invoking getIpset.

property name

name: string;

The name of the WAF IP set.

interface GetIpsetResult

interface GetIpsetResult

A collection of values returned by getIpset.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

interface GetRateBasedRuleArgs

interface GetRateBasedRuleArgs

A collection of arguments for invoking getRateBasedRule.

property name

name: string;

The name of the WAF rate based rule.

interface GetRateBasedRuleResult

interface GetRateBasedRuleResult

A collection of values returned by getRateBasedRule.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

interface GetRuleArgs

interface GetRuleArgs

A collection of arguments for invoking getRule.

property name

name: string;

The name of the WAF rule.

interface GetRuleResult

interface GetRuleResult

A collection of values returned by getRule.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

interface GetWebAclArgs

interface GetWebAclArgs

A collection of arguments for invoking getWebAcl.

property name

name: string;

The name of the WAF Web ACL.

interface GetWebAclResult

interface GetWebAclResult

A collection of values returned by getWebAcl.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

interface IpSetArgs

interface IpSetArgs

The set of arguments for constructing a IpSet resource.

property ipSetDescriptors

ipSetDescriptors?: pulumi.Input<pulumi.Input<IpSetIpSetDescriptor>[]>;

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.

property name

name?: pulumi.Input<string>;

The name or description of the IPSet.

interface IpSetState

interface IpSetState

Input properties used for looking up and filtering IpSet resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the WAF IPSet.

property ipSetDescriptors

ipSetDescriptors?: pulumi.Input<pulumi.Input<IpSetIpSetDescriptor>[]>;

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.

property name

name?: pulumi.Input<string>;

The name or description of the IPSet.

interface RateBasedRuleArgs

interface RateBasedRuleArgs

The set of arguments for constructing a RateBasedRule resource.

property metricName

metricName: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<RateBasedRulePredicate>[]>;

The objects to include in a rule (documented below).

property rateKey

rateKey: pulumi.Input<string>;

Valid value is IP.

property rateLimit

rateLimit: pulumi.Input<number>;

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface RateBasedRuleState

interface RateBasedRuleState

Input properties used for looking up and filtering RateBasedRule resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN)

property metricName

metricName?: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<RateBasedRulePredicate>[]>;

The objects to include in a rule (documented below).

property rateKey

rateKey?: pulumi.Input<string>;

Valid value is IP.

property rateLimit

rateLimit?: pulumi.Input<number>;

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface RegexMatchSetArgs

interface RegexMatchSetArgs

The set of arguments for constructing a RegexMatchSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the Regex Match Set.

property regexMatchTuples

regexMatchTuples?: pulumi.Input<pulumi.Input<RegexMatchSetRegexMatchTuple>[]>;

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

interface RegexMatchSetState

interface RegexMatchSetState

Input properties used for looking up and filtering RegexMatchSet resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN)

property name

name?: pulumi.Input<string>;

The name or description of the Regex Match Set.

property regexMatchTuples

regexMatchTuples?: pulumi.Input<pulumi.Input<RegexMatchSetRegexMatchTuple>[]>;

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

interface RegexPatternSetArgs

interface RegexPatternSetArgs

The set of arguments for constructing a RegexPatternSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the Regex Pattern Set.

property regexPatternStrings

regexPatternStrings?: pulumi.Input<pulumi.Input<string>[]>;

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

interface RegexPatternSetState

interface RegexPatternSetState

Input properties used for looking up and filtering RegexPatternSet resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN)

property name

name?: pulumi.Input<string>;

The name or description of the Regex Pattern Set.

property regexPatternStrings

regexPatternStrings?: pulumi.Input<pulumi.Input<string>[]>;

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

interface RuleArgs

interface RuleArgs

The set of arguments for constructing a Rule resource.

property metricName

metricName: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can’t contain whitespace.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<RulePredicate>[]>;

The objects to include in a rule (documented below).

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface RuleGroupArgs

interface RuleGroupArgs

The set of arguments for constructing a RuleGroup resource.

property activatedRules

activatedRules?: pulumi.Input<pulumi.Input<RuleGroupActivatedRule>[]>;

A list of activated rules, see below

property metricName

metricName: pulumi.Input<string>;

A friendly name for the metrics from the rule group

property name

name?: pulumi.Input<string>;

A friendly name of the rule group

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface RuleGroupState

interface RuleGroupState

Input properties used for looking up and filtering RuleGroup resources.

property activatedRules

activatedRules?: pulumi.Input<pulumi.Input<RuleGroupActivatedRule>[]>;

A list of activated rules, see below

property arn

arn?: pulumi.Input<string>;

The ARN of the WAF rule group.

property metricName

metricName?: pulumi.Input<string>;

A friendly name for the metrics from the rule group

property name

name?: pulumi.Input<string>;

A friendly name of the rule group

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface RuleState

interface RuleState

Input properties used for looking up and filtering Rule resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the WAF rule.

property metricName

metricName?: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can’t contain whitespace.

property name

name?: pulumi.Input<string>;

The name or description of the rule.

property predicates

predicates?: pulumi.Input<pulumi.Input<RulePredicate>[]>;

The objects to include in a rule (documented below).

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface SizeConstraintSetArgs

interface SizeConstraintSetArgs

The set of arguments for constructing a SizeConstraintSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the Size Constraint Set.

property sizeConstraints

sizeConstraints?: pulumi.Input<pulumi.Input<SizeConstraintSetSizeConstraint>[]>;

Specifies the parts of web requests that you want to inspect the size of.

interface SizeConstraintSetState

interface SizeConstraintSetState

Input properties used for looking up and filtering SizeConstraintSet resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN)

property name

name?: pulumi.Input<string>;

The name or description of the Size Constraint Set.

property sizeConstraints

sizeConstraints?: pulumi.Input<pulumi.Input<SizeConstraintSetSizeConstraint>[]>;

Specifies the parts of web requests that you want to inspect the size of.

interface SqlInjectionMatchSetArgs

interface SqlInjectionMatchSetArgs

The set of arguments for constructing a SqlInjectionMatchSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the SQL Injection Match Set.

property sqlInjectionMatchTuples

sqlInjectionMatchTuples?: pulumi.Input<pulumi.Input<SqlInjectionMatchSetSqlInjectionMatchTuple>[]>;

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

interface SqlInjectionMatchSetState

interface SqlInjectionMatchSetState

Input properties used for looking up and filtering SqlInjectionMatchSet resources.

property name

name?: pulumi.Input<string>;

The name or description of the SQL Injection Match Set.

property sqlInjectionMatchTuples

sqlInjectionMatchTuples?: pulumi.Input<pulumi.Input<SqlInjectionMatchSetSqlInjectionMatchTuple>[]>;

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

interface WebAclArgs

interface WebAclArgs

The set of arguments for constructing a WebAcl resource.

property defaultAction

defaultAction: pulumi.Input<WebAclDefaultAction>;

Configuration block with action that you want AWS WAF to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL. Detailed below.

property loggingConfiguration

loggingConfiguration?: pulumi.Input<WebAclLoggingConfiguration>;

Configuration block to enable WAF logging. Detailed below.

property metricName

metricName: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this web ACL.

property name

name?: pulumi.Input<string>;

The name or description of the web ACL.

property rules

rules?: pulumi.Input<pulumi.Input<WebAclRule>[]>;

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface WebAclState

interface WebAclState

Input properties used for looking up and filtering WebAcl resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the WAF WebACL.

property defaultAction

defaultAction?: pulumi.Input<WebAclDefaultAction>;

Configuration block with action that you want AWS WAF to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL. Detailed below.

property loggingConfiguration

loggingConfiguration?: pulumi.Input<WebAclLoggingConfiguration>;

Configuration block to enable WAF logging. Detailed below.

property metricName

metricName?: pulumi.Input<string>;

The name or description for the Amazon CloudWatch metric of this web ACL.

property name

name?: pulumi.Input<string>;

The name or description of the web ACL.

property rules

rules?: pulumi.Input<pulumi.Input<WebAclRule>[]>;

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Key-value map of resource tags

interface XssMatchSetArgs

interface XssMatchSetArgs

The set of arguments for constructing a XssMatchSet resource.

property name

name?: pulumi.Input<string>;

The name or description of the SizeConstraintSet.

property xssMatchTuples

xssMatchTuples?: pulumi.Input<pulumi.Input<XssMatchSetXssMatchTuple>[]>;

The parts of web requests that you want to inspect for cross-site scripting attacks.

interface XssMatchSetState

interface XssMatchSetState

Input properties used for looking up and filtering XssMatchSet resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN)

property name

name?: pulumi.Input<string>;

The name or description of the SizeConstraintSet.

property xssMatchTuples

xssMatchTuples?: pulumi.Input<pulumi.Input<XssMatchSetXssMatchTuple>[]>;

The parts of web requests that you want to inspect for cross-site scripting attacks.