pulumi-aws-kotlin/com.pulumi.aws.waf.kotlin/WebAclArgs

WebAclArgs

data class WebAclArgs(val defaultAction: Output<WebAclDefaultActionArgs>? = null, val loggingConfiguration: Output<WebAclLoggingConfigurationArgs>? = null, val metricName: Output<String>? = null, val name: Output<String>? = null, val rules: Output<List<WebAclRuleArgs>>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<WebAclArgs>

Provides a WAF Web ACL Resource

Example Usage

This example blocks requests coming from 192.0.7.0/24 and allows everything else.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.waf.IpSet;
import com.pulumi.aws.waf.IpSetArgs;
import com.pulumi.aws.waf.inputs.IpSetIpSetDescriptorArgs;
import com.pulumi.aws.waf.Rule;
import com.pulumi.aws.waf.RuleArgs;
import com.pulumi.aws.waf.inputs.RulePredicateArgs;
import com.pulumi.aws.waf.WebAcl;
import com.pulumi.aws.waf.WebAclArgs;
import com.pulumi.aws.waf.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.waf.inputs.WebAclRuleArgs;
import com.pulumi.aws.waf.inputs.WebAclRuleActionArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var ipset = new IpSet("ipset", IpSetArgs.builder()
            .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()
                .type("IPV4")
                .value("192.0.7.0/24")
                .build())
            .build());
        var wafrule = new Rule("wafrule", RuleArgs.builder()
            .metricName("tfWAFRule")
            .predicates(RulePredicateArgs.builder()
                .dataId(ipset.id())
                .negated(false)
                .type("IPMatch")
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(ipset)
                .build());
        var wafAcl = new WebAcl("wafAcl", WebAclArgs.builder()
            .metricName("tfWebACL")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .type("ALLOW")
                .build())
            .rules(WebAclRuleArgs.builder()
                .action(WebAclRuleActionArgs.builder()
                    .type("BLOCK")
                    .build())
                .priority(1)
                .ruleId(wafrule.id())
                .type("REGULAR")
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    ipset,
                    wafrule)
                .build());
    }
}
Content copied to clipboard

Logging

NOTE: The Kinesis Firehose Delivery Stream name must begin with aws-waf-logs- and be located in us-east-1 region. See the AWS WAF Developer Guide for more information about enabling WAF logging.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.waf.WebAcl;
import com.pulumi.aws.waf.WebAclArgs;
import com.pulumi.aws.waf.inputs.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.waf.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()
            .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()
                .logDestination(aws_kinesis_firehose_delivery_stream.example().arn())
                .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()
                    .fieldToMatches(
                        WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                            .type("URI")
                            .build(),
                        WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                            .data("referer")
                            .type("HEADER")
                            .build())
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

WAF Web ACL can be imported using the id, e.g.,

$ pulumi import aws:waf/webAcl:WebAcl main 0c8e583e-18f3-4c13-9e2a-67c4805d2f94
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(defaultAction: Output<WebAclDefaultActionArgs>? = null, loggingConfiguration: Output<WebAclLoggingConfigurationArgs>? = null, metricName: Output<String>? = null, name: Output<String>? = null, rules: Output<List<WebAclRuleArgs>>? = null, tags: Output<Map<String, String>>? = null)

Properties

Link copied to clipboard
val defaultAction: Output<WebAclDefaultActionArgs>? = null

Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.

Link copied to clipboard
val loggingConfiguration: Output<WebAclLoggingConfigurationArgs>? = null

Configuration block to enable WAF logging. Detailed below.

Link copied to clipboard
val metricName: Output<String>? = null

The name or description for the Amazon CloudWatch metric of this web ACL.

Link copied to clipboard
val name: Output<String>? = null

The name or description of the web ACL.

Link copied to clipboard
val rules: Output<List<WebAclRuleArgs>>? = null

Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Functions

Link copied to clipboard
open override fun toJava(): WebAclArgs