Skip to content

Resource: awsWafByteMatchSet

Provides a WAF Byte Match Set Resource

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.wafByteMatchSet.WafByteMatchSet(this, "byte_set", {
  byteMatchTuples: [
    {
      fieldToMatch: {
        data: "referer",
        type: "HEADER",
      },
      positionalConstraint: "CONTAINS",
      targetString: "badrefer1",
      textTransformation: "NONE",
    },
  ],
  name: "tf_waf_byte_match_set",
});

Argument Reference

The following arguments are supported:

  • name - (Required) The name or description of the Byte Match Set.
  • byteMatchTuples - Specifies the bytes (typically a string that corresponds with ASCII characters) that you want to search for in web requests, the location in requests that you want to search, and other settings.

Nested blocks

byteMatchTuples

Arguments

  • fieldToMatch - (Required) The part of a web request that you want to search, such as a specified header or a query string.
  • positionalConstraint - (Required) Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want to search. e.g., contains, CONTAINS_WORD or exactly. See docs for all supported values.
  • targetString - (Optional) The value that you want to search for within the field specified by fieldToMatch, e.g., badrefer1. See docs for all supported values.
  • textTransformation - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on targetString before inspecting a request for a match. e.g., CMD_LINE, HTML_ENTITY_DECODE or none. See docs for all supported values.

fieldToMatch

Arguments

  • data - (Optional) When type is header, enter the name of the header that you want to search, e.g., userAgent or referer. If type is any other value, omit this field.
  • type - (Required) The part of the web request that you want AWS WAF to search for a specified string. e.g., header, method or body. See docs for all supported values.

Remarks

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the WAF Byte Match Set.

Import

WAF Byte Match Set can be imported using the id, e.g.,

$ terraform import aws_waf_byte_match_set.byte_set a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc