Skip to content

Resource: awsWafregionalRateBasedRule

Provides a WAF Rate Based Rule Resource

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsWafregionalIpsetIpset = new aws.wafregionalIpset.WafregionalIpset(
  this,
  "ipset",
  {
    ipSetDescriptor: [
      {
        type: "IPV4",
        value: "192.0.7.0/24",
      },
    ],
    name: "tfIPSet",
  }
);
new aws.wafregionalRateBasedRule.WafregionalRateBasedRule(this, "wafrule", {
  depends_on: [`\${${awsWafregionalIpsetIpset.fqn}}`],
  metricName: "tfWAFRule",
  name: "tfWAFRule",
  predicate: [
    {
      dataId: awsWafregionalIpsetIpset.id,
      negated: false,
      type: "IPMatch",
    },
  ],
  rateKey: "IP",
  rateLimit: 100,
});

Argument Reference

The following arguments are supported:

  • metricName - (Required) The name or description for the Amazon CloudWatch metric of this rule.
  • name - (Required) The name or description of the rule.
  • rateKey - (Required) Valid value is IP.
  • rateLimit - (Required) The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.
  • predicate - (Optional) The objects to include in a rule (documented below).
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Nested Blocks

predicate

See the WAF Documentation for more information.

Arguments

  • negated - (Required) Set this to false if you want to allow, block, or count requests based on the settings in the specified byteMatchSet, ipSet, sqlInjectionMatchSet, xssMatchSet, or sizeConstraintSet. For example, if an IPSet includes the IP address 1920244, AWS WAF will allow or block requests based on that IP address. If set to true, AWS WAF will allow, block, or count requests based on all IP addresses except 1920244.
  • dataId - (Required) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
  • type - (Required) The type of predicate in a rule. Valid values: byteMatch, geoMatch, ipMatch, regexMatch, sizeConstraint, sqlInjectionMatch, or xssMatch.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the WAF Regional Rate Based Rule.
  • arn - The ARN of the WAF Regional Rate Based Rule.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

WAF Regional Rate Based Rule can be imported using the id, e.g.,

$ terraform import aws_wafregional_rate_based_rule.wafrule a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc