1. Docs
  2. Reference
  3. API
  4. pulumi_aws
  5. wafregional

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

wafregional

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.wafregional.AwaitableGetIpsetResult(id=None, name=None)
class pulumi_aws.wafregional.AwaitableGetRateBasedModResult(id=None, name=None)
class pulumi_aws.wafregional.AwaitableGetRuleResult(id=None, name=None)
class pulumi_aws.wafregional.AwaitableGetWebAclResult(id=None, name=None)
class pulumi_aws.wafregional.ByteMatchSet(resource_name, opts=None, byte_match_tuples=None, name=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Byte Match Set Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

byte_set = aws.wafregional.ByteMatchSet("byteSet", byte_match_tuples=[{
    "fieldToMatch": {
        "data": "referer",
        "type": "HEADER",
    },
    "positionalConstraint": "CONTAINS",
    "targetString": "badrefer1",
    "textTransformation": "NONE",
}])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • byte_match_tuples (pulumi.Input[list]) – Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.

  • name (pulumi.Input[str]) – The name or description of the ByteMatchSet.

The byte_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - Settings for the ByteMatchTuple. FieldToMatch documented below.

    • data (pulumi.Input[str]) - When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string.

  • positionalConstraint (pulumi.Input[str]) - Within the portion of a web request that you want to search.

  • targetString (pulumi.Input[str]) - The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes.

  • textTransformation (pulumi.Input[str]) - The formatting way for web request.

byte_match_tuples: pulumi.Output[list] = None

Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.

  • fieldToMatch (dict) - Settings for the ByteMatchTuple. FieldToMatch documented below.

    • data (str) - When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data.

    • type (str) - The part of the web request that you want AWS WAF to search for a specified string.

  • positionalConstraint (str) - Within the portion of a web request that you want to search.

  • targetString (str) - The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes.

  • textTransformation (str) - The formatting way for web request.

name: pulumi.Output[str] = None

The name or description of the ByteMatchSet.

static get(resource_name, id, opts=None, byte_match_tuples=None, name=None)

Get an existing ByteMatchSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • byte_match_tuples (pulumi.Input[list]) – Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.

  • name (pulumi.Input[str]) – The name or description of the ByteMatchSet.

The byte_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - Settings for the ByteMatchTuple. FieldToMatch documented below.

    • data (pulumi.Input[str]) - When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string.

  • positionalConstraint (pulumi.Input[str]) - Within the portion of a web request that you want to search.

  • targetString (pulumi.Input[str]) - The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes.

  • textTransformation (pulumi.Input[str]) - The formatting way for web request.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.GeoMatchSet(resource_name, opts=None, geo_match_constraints=None, name=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Geo Match Set Resource

import pulumi
import pulumi_aws as aws

geo_match_set = aws.wafregional.GeoMatchSet("geoMatchSet", geo_match_constraints=[
    {
        "type": "Country",
        "value": "US",
    },
    {
        "type": "Country",
        "value": "CA",
    },
])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • geo_match_constraints (pulumi.Input[list]) – The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.

  • name (pulumi.Input[str]) – The name or description of the Geo Match Set.

The geo_match_constraints object supports the following:

  • type (pulumi.Input[str]) - The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.

  • value (pulumi.Input[str]) - The country that you want AWS WAF to search for. This is the two-letter country code, e.g. US, CA, RU, CN, etc. See docs for all supported values.

geo_match_constraints: pulumi.Output[list] = None

The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.

  • type (str) - The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.

  • value (str) - The country that you want AWS WAF to search for. This is the two-letter country code, e.g. US, CA, RU, CN, etc. See docs for all supported values.

name: pulumi.Output[str] = None

The name or description of the Geo Match Set.

static get(resource_name, id, opts=None, geo_match_constraints=None, name=None)

Get an existing GeoMatchSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • geo_match_constraints (pulumi.Input[list]) – The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.

  • name (pulumi.Input[str]) – The name or description of the Geo Match Set.

The geo_match_constraints object supports the following:

  • type (pulumi.Input[str]) - The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.

  • value (pulumi.Input[str]) - The country that you want AWS WAF to search for. This is the two-letter country code, e.g. US, CA, RU, CN, etc. See docs for all supported values.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.GetIpsetResult(id=None, name=None)

A collection of values returned by getIpset.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_aws.wafregional.GetRateBasedModResult(id=None, name=None)

A collection of values returned by getRateBasedMod.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_aws.wafregional.GetRuleResult(id=None, name=None)

A collection of values returned by getRule.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_aws.wafregional.GetWebAclResult(id=None, name=None)

A collection of values returned by getWebAcl.

id = None

The provider-assigned unique ID for this managed resource.

class pulumi_aws.wafregional.IpSet(resource_name, opts=None, ip_set_descriptors=None, name=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional IPSet Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset", ip_set_descriptors=[
    {
        "type": "IPV4",
        "value": "192.0.7.0/24",
    },
    {
        "type": "IPV4",
        "value": "10.16.16.0/16",
    },
])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • ip_set_descriptors (pulumi.Input[list]) – One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.

  • name (pulumi.Input[str]) – The name or description of the IPSet.

The ip_set_descriptors object supports the following:

  • type (pulumi.Input[str]) - The string like IPV4 or IPV6.

  • value (pulumi.Input[str]) - The CIDR notation.

arn: pulumi.Output[str] = None

The ARN of the WAF IPSet.

ip_set_descriptors: pulumi.Output[list] = None

One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.

  • type (str) - The string like IPV4 or IPV6.

  • value (str) - The CIDR notation.

name: pulumi.Output[str] = None

The name or description of the IPSet.

static get(resource_name, id, opts=None, arn=None, ip_set_descriptors=None, name=None)

Get an existing IpSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – The ARN of the WAF IPSet.

  • ip_set_descriptors (pulumi.Input[list]) – One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.

  • name (pulumi.Input[str]) – The name or description of the IPSet.

The ip_set_descriptors object supports the following:

  • type (pulumi.Input[str]) - The string like IPV4 or IPV6.

  • value (pulumi.Input[str]) - The CIDR notation.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.RateBasedRule(resource_name, opts=None, metric_name=None, name=None, predicates=None, rate_key=None, rate_limit=None, tags=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Rate Based Rule Resource

import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset", ip_set_descriptors=[{
    "type": "IPV4",
    "value": "192.0.7.0/24",
}])
wafrule = aws.wafregional.RateBasedRule("wafrule",
    metric_name="tfWAFRule",
    predicates=[{
        "dataId": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }],
    rate_key="IP",
    rate_limit=100)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • metric_name (pulumi.Input[str]) – The name or description for the Amazon CloudWatch metric of this rule.

  • name (pulumi.Input[str]) – The name or description of the rule.

  • predicates (pulumi.Input[list]) – The objects to include in a rule (documented below).

  • rate_key (pulumi.Input[str]) – Valid value is IP.

  • rate_limit (pulumi.Input[float]) – The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The predicates object supports the following:

  • dataId (pulumi.Input[str]) - A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.

  • negated (pulumi.Input[bool]) - Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.

  • type (pulumi.Input[str]) - The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

arn: pulumi.Output[str] = None

The ARN of the WAF Regional Rate Based Rule.

metric_name: pulumi.Output[str] = None

The name or description for the Amazon CloudWatch metric of this rule.

name: pulumi.Output[str] = None

The name or description of the rule.

predicates: pulumi.Output[list] = None

The objects to include in a rule (documented below).

  • dataId (str) - A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.

  • negated (bool) - Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.

  • type (str) - The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

rate_key: pulumi.Output[str] = None

Valid value is IP.

rate_limit: pulumi.Output[float] = None

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.

tags: pulumi.Output[dict] = None

Key-value map of resource tags

static get(resource_name, id, opts=None, arn=None, metric_name=None, name=None, predicates=None, rate_key=None, rate_limit=None, tags=None)

Get an existing RateBasedRule resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – The ARN of the WAF Regional Rate Based Rule.

  • metric_name (pulumi.Input[str]) – The name or description for the Amazon CloudWatch metric of this rule.

  • name (pulumi.Input[str]) – The name or description of the rule.

  • predicates (pulumi.Input[list]) – The objects to include in a rule (documented below).

  • rate_key (pulumi.Input[str]) – Valid value is IP.

  • rate_limit (pulumi.Input[float]) – The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The predicates object supports the following:

  • dataId (pulumi.Input[str]) - A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.

  • negated (pulumi.Input[bool]) - Set this to false if you want to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.

  • type (pulumi.Input[str]) - The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.RegexMatchSet(resource_name, opts=None, name=None, regex_match_tuples=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Regex Match Set Resource

import pulumi
import pulumi_aws as aws

example_regex_pattern_set = aws.wafregional.RegexPatternSet("exampleRegexPatternSet", regex_pattern_strings=[
    "one",
    "two",
])
example_regex_match_set = aws.wafregional.RegexMatchSet("exampleRegexMatchSet", regex_match_tuples=[{
    "fieldToMatch": {
        "data": "User-Agent",
        "type": "HEADER",
    },
    "regexPatternSetId": example_regex_pattern_set.id,
    "textTransformation": "NONE",
}])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the Regex Match Set.

  • regex_match_tuples (pulumi.Input[list]) – The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

The regex_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - The part of a web request that you want to search, such as a specified header or a query string.

    • data (pulumi.Input[str]) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • regexPatternSetId (pulumi.Input[str]) - The ID of a WAF Regex Pattern Set.

  • textTransformation (pulumi.Input[str]) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values.

name: pulumi.Output[str] = None

The name or description of the Regex Match Set.

regex_match_tuples: pulumi.Output[list] = None

The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

  • fieldToMatch (dict) - The part of a web request that you want to search, such as a specified header or a query string.

    • data (str) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (str) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • regexPatternSetId (str) - The ID of a WAF Regex Pattern Set.

  • textTransformation (str) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values.

static get(resource_name, id, opts=None, name=None, regex_match_tuples=None)

Get an existing RegexMatchSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the Regex Match Set.

  • regex_match_tuples (pulumi.Input[list]) – The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.

The regex_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - The part of a web request that you want to search, such as a specified header or a query string.

    • data (pulumi.Input[str]) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • regexPatternSetId (pulumi.Input[str]) - The ID of a WAF Regex Pattern Set.

  • textTransformation (pulumi.Input[str]) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.RegexPatternSet(resource_name, opts=None, name=None, regex_pattern_strings=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Regex Pattern Set Resource

import pulumi
import pulumi_aws as aws

example = aws.wafregional.RegexPatternSet("example", regex_pattern_strings=[
    "one",
    "two",
])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the Regex Pattern Set.

  • regex_pattern_strings (pulumi.Input[list]) – A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

name: pulumi.Output[str] = None

The name or description of the Regex Pattern Set.

regex_pattern_strings: pulumi.Output[list] = None

A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

static get(resource_name, id, opts=None, name=None, regex_pattern_strings=None)

Get an existing RegexPatternSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the Regex Pattern Set.

  • regex_pattern_strings (pulumi.Input[list]) – A list of regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.Rule(resource_name, opts=None, metric_name=None, name=None, predicates=None, tags=None, __props__=None, __name__=None, __opts__=None)

Provides an WAF Regional Rule Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset", ip_set_descriptors=[{
    "type": "IPV4",
    "value": "192.0.7.0/24",
}])
wafrule = aws.wafregional.Rule("wafrule",
    metric_name="tfWAFRule",
    predicates=[{
        "dataId": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }])

See the WAF Documentation for more information.

  • type - (Required) The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch

  • data_id - (Required) The unique identifier of a predicate, such as the ID of a ByteMatchSet or IPSet.

  • negated - (Required) Whether to use the settings or the negated settings that you specified in the objects.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • metric_name (pulumi.Input[str]) – The name or description for the Amazon CloudWatch metric of this rule.

  • name (pulumi.Input[str]) – The name or description of the rule.

  • predicates (pulumi.Input[list]) – The objects to include in a rule (documented below).

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The predicates object supports the following:

  • dataId (pulumi.Input[str])

  • negated (pulumi.Input[bool])

  • type (pulumi.Input[str])

arn: pulumi.Output[str] = None

The ARN of the WAF Regional Rule.

metric_name: pulumi.Output[str] = None

The name or description for the Amazon CloudWatch metric of this rule.

name: pulumi.Output[str] = None

The name or description of the rule.

predicates: pulumi.Output[list] = None

The objects to include in a rule (documented below).

  • dataId (str)

  • negated (bool)

  • type (str)

tags: pulumi.Output[dict] = None

Key-value map of resource tags

static get(resource_name, id, opts=None, arn=None, metric_name=None, name=None, predicates=None, tags=None)

Get an existing Rule resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – The ARN of the WAF Regional Rule.

  • metric_name (pulumi.Input[str]) – The name or description for the Amazon CloudWatch metric of this rule.

  • name (pulumi.Input[str]) – The name or description of the rule.

  • predicates (pulumi.Input[list]) – The objects to include in a rule (documented below).

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The predicates object supports the following:

  • dataId (pulumi.Input[str])

  • negated (pulumi.Input[bool])

  • type (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.RuleGroup(resource_name, opts=None, activated_rules=None, metric_name=None, name=None, tags=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Rule Group Resource

import pulumi
import pulumi_aws as aws

example_rule = aws.wafregional.Rule("exampleRule", metric_name="example")
example_rule_group = aws.wafregional.RuleGroup("exampleRuleGroup",
    activated_rules=[{
        "action": {
            "type": "COUNT",
        },
        "priority": 50,
        "rule_id": example_rule.id,
    }],
    metric_name="example")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • activated_rules (pulumi.Input[list]) – A list of activated rules, see below

  • metric_name (pulumi.Input[str]) – A friendly name for the metrics from the rule group

  • name (pulumi.Input[str]) – A friendly name of the rule group

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The activated_rules object supports the following:

  • action (pulumi.Input[dict]) - Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.

    • type (pulumi.Input[str]) - The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.

  • priority (pulumi.Input[float]) - Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.

  • rule_id (pulumi.Input[str]) - The ID of a waf_regional_rule

  • type (pulumi.Input[str]) - The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.

activated_rules: pulumi.Output[list] = None

A list of activated rules, see below

  • action (dict) - Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.

    • type (str) - The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.

  • priority (float) - Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.

  • rule_id (str) - The ID of a waf_regional_rule

  • type (str) - The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.

arn: pulumi.Output[str] = None

The ARN of the WAF Regional Rule Group.

metric_name: pulumi.Output[str] = None

A friendly name for the metrics from the rule group

name: pulumi.Output[str] = None

A friendly name of the rule group

tags: pulumi.Output[dict] = None

Key-value map of resource tags

static get(resource_name, id, opts=None, activated_rules=None, arn=None, metric_name=None, name=None, tags=None)

Get an existing RuleGroup resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • activated_rules (pulumi.Input[list]) – A list of activated rules, see below

  • arn (pulumi.Input[str]) – The ARN of the WAF Regional Rule Group.

  • metric_name (pulumi.Input[str]) – A friendly name for the metrics from the rule group

  • name (pulumi.Input[str]) – A friendly name of the rule group

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The activated_rules object supports the following:

  • action (pulumi.Input[dict]) - Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.

    • type (pulumi.Input[str]) - The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.

  • priority (pulumi.Input[float]) - Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.

  • rule_id (pulumi.Input[str]) - The ID of a waf_regional_rule

  • type (pulumi.Input[str]) - The rule type, either REGULAR, RATE_BASED, or GROUP. Defaults to REGULAR.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.SizeConstraintSet(resource_name, opts=None, name=None, size_constraints=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Size Constraint Set Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

size_constraint_set = aws.wafregional.SizeConstraintSet("sizeConstraintSet", size_constraints=[{
    "comparison_operator": "EQ",
    "fieldToMatch": {
        "type": "BODY",
    },
    "size": "4096",
    "textTransformation": "NONE",
}])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the Size Constraint Set.

  • size_constraints (pulumi.Input[list]) – Specifies the parts of web requests that you want to inspect the size of.

The size_constraints object supports the following:

  • comparison_operator (pulumi.Input[str]) - The type of comparison you want to perform. e.g. EQ, NE, LT, GT. See docs for all supported values.

  • fieldToMatch (pulumi.Input[dict]) - Specifies where in a web request to look for the size constraint.

    • data (pulumi.Input[str]) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • size (pulumi.Input[float]) - The size in bytes that you want to compare against the size of the specified field_to_match. Valid values are between 0 - 21474836480 bytes (0 - 20 GB).

  • textTransformation (pulumi.Input[str]) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values. Note: if you choose BODY as type, you must choose NONE because CloudFront forwards only the first 8192 bytes for inspection.

name: pulumi.Output[str] = None

The name or description of the Size Constraint Set.

size_constraints: pulumi.Output[list] = None

Specifies the parts of web requests that you want to inspect the size of.

  • comparison_operator (str) - The type of comparison you want to perform. e.g. EQ, NE, LT, GT. See docs for all supported values.

  • fieldToMatch (dict) - Specifies where in a web request to look for the size constraint.

    • data (str) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (str) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • size (float) - The size in bytes that you want to compare against the size of the specified field_to_match. Valid values are between 0 - 21474836480 bytes (0 - 20 GB).

  • textTransformation (str) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values. Note: if you choose BODY as type, you must choose NONE because CloudFront forwards only the first 8192 bytes for inspection.

static get(resource_name, id, opts=None, arn=None, name=None, size_constraints=None)

Get an existing SizeConstraintSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the Size Constraint Set.

  • size_constraints (pulumi.Input[list]) – Specifies the parts of web requests that you want to inspect the size of.

The size_constraints object supports the following:

  • comparison_operator (pulumi.Input[str]) - The type of comparison you want to perform. e.g. EQ, NE, LT, GT. See docs for all supported values.

  • fieldToMatch (pulumi.Input[dict]) - Specifies where in a web request to look for the size constraint.

    • data (pulumi.Input[str]) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • size (pulumi.Input[float]) - The size in bytes that you want to compare against the size of the specified field_to_match. Valid values are between 0 - 21474836480 bytes (0 - 20 GB).

  • textTransformation (pulumi.Input[str]) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values. Note: if you choose BODY as type, you must choose NONE because CloudFront forwards only the first 8192 bytes for inspection.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.SqlInjectionMatchSet(resource_name, opts=None, name=None, sql_injection_match_tuples=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional SQL Injection Match Set Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

sql_injection_match_set = aws.wafregional.SqlInjectionMatchSet("sqlInjectionMatchSet", sql_injection_match_tuples=[{
    "fieldToMatch": {
        "type": "QUERY_STRING",
    },
    "textTransformation": "URL_DECODE",
}])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the SizeConstraintSet.

  • sql_injection_match_tuples (pulumi.Input[list]) – The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

The sql_injection_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - Specifies where in a web request to look for snippets of malicious SQL code.

    • data (pulumi.Input[str]) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • textTransformation (pulumi.Input[str]) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values.

name: pulumi.Output[str] = None

The name or description of the SizeConstraintSet.

sql_injection_match_tuples: pulumi.Output[list] = None

The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

  • fieldToMatch (dict) - Specifies where in a web request to look for snippets of malicious SQL code.

    • data (str) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (str) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • textTransformation (str) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values.

static get(resource_name, id, opts=None, name=None, sql_injection_match_tuples=None)

Get an existing SqlInjectionMatchSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name or description of the SizeConstraintSet.

  • sql_injection_match_tuples (pulumi.Input[list]) – The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

The sql_injection_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - Specifies where in a web request to look for snippets of malicious SQL code.

    • data (pulumi.Input[str]) - When type is HEADER, enter the name of the header that you want to search, e.g. User-Agent or Referer. If type is any other value, omit this field.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER, METHOD or BODY. See docs for all supported values.

  • textTransformation (pulumi.Input[str]) - Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on field_to_match before inspecting a request for a match. e.g. CMD_LINE, HTML_ENTITY_DECODE or NONE. See docs for all supported values.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.WebAcl(resource_name, opts=None, default_action=None, logging_configuration=None, metric_name=None, name=None, rules=None, tags=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset", ip_set_descriptors=[{
    "type": "IPV4",
    "value": "192.0.7.0/24",
}])
wafrule = aws.wafregional.Rule("wafrule",
    metric_name="tfWAFRule",
    predicates=[{
        "dataId": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }])
wafacl = aws.wafregional.WebAcl("wafacl",
    default_action={
        "type": "ALLOW",
    },
    metric_name="tfWebACL",
    rules=[{
        "action": {
            "type": "BLOCK",
        },
        "priority": 1,
        "rule_id": wafrule.id,
        "type": "REGULAR",
    }])

import pulumi
import pulumi_aws as aws

example = aws.wafregional.WebAcl("example",
    default_action={
        "type": "ALLOW",
    },
    metric_name="example",
    rules=[{
        "overrideAction": {
            "type": "NONE",
        },
        "priority": 1,
        "rule_id": aws_wafregional_rule_group["example"]["id"],
        "type": "GROUP",
    }])

import pulumi
import pulumi_aws as aws

example = aws.wafregional.WebAcl("example", logging_configuration={
    "log_destination": aws_kinesis_firehose_delivery_stream["example"]["arn"],
    "redactedFields": {
        "fieldToMatch": [
            {
                "type": "URI",
            },
            {
                "data": "referer",
                "type": "HEADER",
            },
        ],
    },
})
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • default_action (pulumi.Input[dict]) – The action that you want AWS WAF Regional to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL.

  • logging_configuration (pulumi.Input[dict]) – Configuration block to enable WAF logging. Detailed below.

  • metric_name (pulumi.Input[str]) – The name or description for the Amazon CloudWatch metric of this web ACL.

  • name (pulumi.Input[str]) – The name or description of the web ACL.

  • rules (pulumi.Input[list]) – Set of configuration blocks containing rules for the web ACL. Detailed below.

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The default_action object supports the following:

  • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

The logging_configuration object supports the following:

  • log_destination (pulumi.Input[str]) - Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

  • redactedFields (pulumi.Input[dict]) - Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    • fieldToMatches (pulumi.Input[list]) - Set of configuration blocks for fields to redact. Detailed below.

      • data (pulumi.Input[str]) - When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

      • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

The rules object supports the following:

  • action (pulumi.Input[dict]) - Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.

    • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

  • overrideAction (pulumi.Input[dict]) - Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.

    • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

  • priority (pulumi.Input[float]) - Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

  • rule_id (pulumi.Input[str]) - ID of the associated WAF (Regional) rule (e.g. wafregional.Rule). WAF (Global) rules cannot be used.

  • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

arn: pulumi.Output[str] = None

Amazon Resource Name (ARN) of the WAF Regional WebACL.

default_action: pulumi.Output[dict] = None

The action that you want AWS WAF Regional to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL.

  • type (str) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

logging_configuration: pulumi.Output[dict] = None

Configuration block to enable WAF logging. Detailed below.

  • log_destination (str) - Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

  • redactedFields (dict) - Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    • fieldToMatches (list) - Set of configuration blocks for fields to redact. Detailed below.

      • data (str) - When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

      • type (str) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

metric_name: pulumi.Output[str] = None

The name or description for the Amazon CloudWatch metric of this web ACL.

name: pulumi.Output[str] = None

The name or description of the web ACL.

rules: pulumi.Output[list] = None

Set of configuration blocks containing rules for the web ACL. Detailed below.

  • action (dict) - Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.

    • type (str) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

  • overrideAction (dict) - Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.

    • type (str) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

  • priority (float) - Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

  • rule_id (str) - ID of the associated WAF (Regional) rule (e.g. wafregional.Rule). WAF (Global) rules cannot be used.

  • type (str) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

tags: pulumi.Output[dict] = None

Key-value map of resource tags

static get(resource_name, id, opts=None, arn=None, default_action=None, logging_configuration=None, metric_name=None, name=None, rules=None, tags=None)

Get an existing WebAcl resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the WAF Regional WebACL.

  • default_action (pulumi.Input[dict]) – The action that you want AWS WAF Regional to take when a request doesn’t match the criteria in any of the rules that are associated with the web ACL.

  • logging_configuration (pulumi.Input[dict]) – Configuration block to enable WAF logging. Detailed below.

  • metric_name (pulumi.Input[str]) – The name or description for the Amazon CloudWatch metric of this web ACL.

  • name (pulumi.Input[str]) – The name or description of the web ACL.

  • rules (pulumi.Input[list]) – Set of configuration blocks containing rules for the web ACL. Detailed below.

  • tags (pulumi.Input[dict]) – Key-value map of resource tags

The default_action object supports the following:

  • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

The logging_configuration object supports the following:

  • log_destination (pulumi.Input[str]) - Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream

  • redactedFields (pulumi.Input[dict]) - Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

    • fieldToMatches (pulumi.Input[list]) - Set of configuration blocks for fields to redact. Detailed below.

      • data (pulumi.Input[str]) - When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

      • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

The rules object supports the following:

  • action (pulumi.Input[dict]) - Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.

    • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

  • overrideAction (pulumi.Input[dict]) - Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.

    • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

  • priority (pulumi.Input[float]) - Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.

  • rule_id (pulumi.Input[str]) - ID of the associated WAF (Regional) rule (e.g. wafregional.Rule). WAF (Global) rules cannot be used.

  • type (pulumi.Input[str]) - Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.WebAclAssociation(resource_name, opts=None, resource_arn=None, web_acl_id=None, __props__=None, __name__=None, __opts__=None)

Manages an association with WAF Regional Web ACL.

Note: An Application Load Balancer can only be associated with one WAF Regional WebACL.

import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset", ip_set_descriptors=[{
    "type": "IPV4",
    "value": "192.0.7.0/24",
}])
foo_rule = aws.wafregional.Rule("fooRule",
    metric_name="tfWAFRule",
    predicates=[{
        "dataId": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }])
foo_web_acl = aws.wafregional.WebAcl("fooWebAcl",
    default_action={
        "type": "ALLOW",
    },
    metric_name="foo",
    rules=[{
        "action": {
            "type": "BLOCK",
        },
        "priority": 1,
        "rule_id": foo_rule.id,
    }])
foo_vpc = aws.ec2.Vpc("fooVpc", cidr_block="10.1.0.0/16")
available = aws.get_availability_zones()
foo_subnet = aws.ec2.Subnet("fooSubnet",
    availability_zone=available.names[0],
    cidr_block="10.1.1.0/24",
    vpc_id=foo_vpc.id)
bar = aws.ec2.Subnet("bar",
    availability_zone=available.names[1],
    cidr_block="10.1.2.0/24",
    vpc_id=foo_vpc.id)
foo_load_balancer = aws.alb.LoadBalancer("fooLoadBalancer",
    internal=True,
    subnets=[
        foo_subnet.id,
        bar.id,
    ])
foo_web_acl_association = aws.wafregional.WebAclAssociation("fooWebAclAssociation",
    resource_arn=foo_load_balancer.arn,
    web_acl_id=foo_web_acl.id)

import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset", ip_set_descriptors=[{
    "type": "IPV4",
    "value": "192.0.7.0/24",
}])
foo_rule = aws.wafregional.Rule("fooRule",
    metric_name="tfWAFRule",
    predicates=[{
        "dataId": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }])
foo_web_acl = aws.wafregional.WebAcl("fooWebAcl",
    default_action={
        "type": "ALLOW",
    },
    metric_name="foo",
    rules=[{
        "action": {
            "type": "BLOCK",
        },
        "priority": 1,
        "rule_id": foo_rule.id,
    }])
test_rest_api = aws.apigateway.RestApi("testRestApi")
test_resource = aws.apigateway.Resource("testResource",
    parent_id=test_rest_api.root_resource_id,
    path_part="test",
    rest_api=test_rest_api.id)
test_method = aws.apigateway.Method("testMethod",
    authorization="NONE",
    http_method="GET",
    resource_id=test_resource.id,
    rest_api=test_rest_api.id)
test_method_response = aws.apigateway.MethodResponse("testMethodResponse",
    http_method=test_method.http_method,
    resource_id=test_resource.id,
    rest_api=test_rest_api.id,
    status_code="400")
test_integration = aws.apigateway.Integration("testIntegration",
    http_method=test_method.http_method,
    integration_http_method="GET",
    resource_id=test_resource.id,
    rest_api=test_rest_api.id,
    type="HTTP",
    uri="http://www.example.com")
test_integration_response = aws.apigateway.IntegrationResponse("testIntegrationResponse",
    http_method=test_integration.http_method,
    resource_id=test_resource.id,
    rest_api=test_rest_api.id,
    status_code=test_method_response.status_code)
test_deployment = aws.apigateway.Deployment("testDeployment", rest_api=test_rest_api.id)
test_stage = aws.apigateway.Stage("testStage",
    deployment=test_deployment.id,
    rest_api=test_rest_api.id,
    stage_name="test")
association = aws.wafregional.WebAclAssociation("association",
    resource_arn=test_stage.arn,
    web_acl_id=foo_web_acl.id)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • resource_arn (pulumi.Input[str]) – ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.

  • web_acl_id (pulumi.Input[str]) – The ID of the WAF Regional WebACL to create an association.

resource_arn: pulumi.Output[str] = None

ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.

web_acl_id: pulumi.Output[str] = None

The ID of the WAF Regional WebACL to create an association.

static get(resource_name, id, opts=None, resource_arn=None, web_acl_id=None)

Get an existing WebAclAssociation resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • resource_arn (pulumi.Input[str]) – ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.

  • web_acl_id (pulumi.Input[str]) – The ID of the WAF Regional WebACL to create an association.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.wafregional.XssMatchSet(resource_name, opts=None, name=None, xss_match_tuples=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Regional XSS Match Set Resource for use with Application Load Balancer.

import pulumi
import pulumi_aws as aws

xss_match_set = aws.wafregional.XssMatchSet("xssMatchSet", xss_match_tuples=[
    {
        "fieldToMatch": {
            "type": "URI",
        },
        "textTransformation": "NONE",
    },
    {
        "fieldToMatch": {
            "type": "QUERY_STRING",
        },
        "textTransformation": "NONE",
    },
])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name of the set

  • xss_match_tuples (pulumi.Input[list]) – The parts of web requests that you want to inspect for cross-site scripting attacks.

The xss_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - Specifies where in a web request to look for cross-site scripting attacks.

    • data (pulumi.Input[str]) - When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER or METHOD

  • textTransformation (pulumi.Input[str]) - Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.

name: pulumi.Output[str] = None

The name of the set

xss_match_tuples: pulumi.Output[list] = None

The parts of web requests that you want to inspect for cross-site scripting attacks.

  • fieldToMatch (dict) - Specifies where in a web request to look for cross-site scripting attacks.

    • data (str) - When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    • type (str) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER or METHOD

  • textTransformation (str) - Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.

static get(resource_name, id, opts=None, name=None, xss_match_tuples=None)

Get an existing XssMatchSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • name (pulumi.Input[str]) – The name of the set

  • xss_match_tuples (pulumi.Input[list]) – The parts of web requests that you want to inspect for cross-site scripting attacks.

The xss_match_tuples object supports the following:

  • fieldToMatch (pulumi.Input[dict]) - Specifies where in a web request to look for cross-site scripting attacks.

    • data (pulumi.Input[str]) - When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

    • type (pulumi.Input[str]) - The part of the web request that you want AWS WAF to search for a specified string. e.g. HEADER or METHOD

  • textTransformation (pulumi.Input[str]) - Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_aws.wafregional.get_ipset(name=None, opts=None)

wafregional.IpSet Retrieves a WAF Regional IP Set Resource Id.

import pulumi
import pulumi_aws as aws

example = aws.wafregional.get_ipset(name="tfWAFRegionalIPSet")
Parameters

name (str) – The name of the WAF Regional IP set.

pulumi_aws.wafregional.get_rate_based_mod(name=None, opts=None)

wafregional.RateBasedRule Retrieves a WAF Regional Rate Based Rule Resource Id.

import pulumi
import pulumi_aws as aws

example = aws.wafregional.get_rate_based_mod(name="tfWAFRegionalRateBasedRule")
Parameters

name (str) – The name of the WAF Regional rate based rule.

pulumi_aws.wafregional.get_rule(name=None, opts=None)

wafregional.Rule Retrieves a WAF Regional Rule Resource Id.

import pulumi
import pulumi_aws as aws

example = aws.wafregional.get_rule(name="tfWAFRegionalRule")
Parameters

name (str) – The name of the WAF Regional rule.

pulumi_aws.wafregional.get_web_acl(name=None, opts=None)

wafregional.WebAcl Retrieves a WAF Regional Web ACL Resource Id.

import pulumi
import pulumi_aws as aws

example = aws.wafregional.get_web_acl(name="tfWAFRegionalWebACL")
Parameters

name (str) – The name of the WAF Regional Web ACL.