Resource: awsWafRateBasedRule
Provides a WAF Rate Based Rule Resource
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsWafIpsetIpset = new aws.wafIpset.WafIpset(this, "ipset", {
ipSetDescriptors: [
{
type: "IPV4",
value: "192.0.7.0/24",
},
],
name: "tfIPSet",
});
new aws.wafRateBasedRule.WafRateBasedRule(this, "wafrule", {
depends_on: [`\${${awsWafIpsetIpset.fqn}}`],
metricName: "tfWAFRule",
name: "tfWAFRule",
predicates: [
{
dataId: awsWafIpsetIpset.id,
negated: false,
type: "IPMatch",
},
],
rateKey: "IP",
rateLimit: 100,
});
Argument Reference
The following arguments are supported:
metricName
- (Required) The name or description for the Amazon CloudWatch metric of this rule.name
- (Required) The name or description of the rule.rateKey
- (Required) Valid value is IP.rateLimit
- (Required) The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.predicates
- (Optional) The objects to include in a rule (documented below).tags
- (Optional) Key-value map of resource tags. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Nested Blocks
predicates
See the WAF Documentation for more information.
Arguments
negated
- (Required) Set this tofalse
if you want to allow, block, or count requests based on the settings in the specifiedbyteMatchSet
,ipSet
,sqlInjectionMatchSet
,xssMatchSet
, orsizeConstraintSet
. For example, if an IPSet includes the IP address1920244
, AWS WAF will allow or block requests based on that IP address. If set totrue
, AWS WAF will allow, block, or count requests based on all IP addresses except1920244
.dataId
- (Required) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.type
- (Required) The type of predicate in a rule. Valid values:byteMatch
,geoMatch
,ipMatch
,regexMatch
,sizeConstraint
,sqlInjectionMatch
, orxssMatch
.
Remarks
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the WAF rule.arn
- Amazon Resource Name (ARN)tagsAll
- A map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
WAF Rated Based Rule can be imported using the id, e.g.,