pulumi-aws-kotlin/com.pulumi.aws.wafregional.kotlin/WebAclArgs

WebAclArgs

data class WebAclArgs(val defaultAction: Output<WebAclDefaultActionArgs>? = null, val loggingConfiguration: Output<WebAclLoggingConfigurationArgs>? = null, val metricName: Output<String>? = null, val name: Output<String>? = null, val rules: Output<List<WebAclRuleArgs>>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<WebAclArgs>

Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.

Example Usage

Regular Rule

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.IpSet;
import com.pulumi.aws.wafregional.IpSetArgs;
import com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;
import com.pulumi.aws.wafregional.Rule;
import com.pulumi.aws.wafregional.RuleArgs;
import com.pulumi.aws.wafregional.inputs.RulePredicateArgs;
import com.pulumi.aws.wafregional.WebAcl;
import com.pulumi.aws.wafregional.WebAclArgs;
import com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var ipset = new IpSet("ipset", IpSetArgs.builder()
            .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()
                .type("IPV4")
                .value("192.0.7.0/24")
                .build())
            .build());
        var wafrule = new Rule("wafrule", RuleArgs.builder()
            .metricName("tfWAFRule")
            .predicates(RulePredicateArgs.builder()
                .dataId(ipset.id())
                .negated(false)
                .type("IPMatch")
                .build())
            .build());
        var wafacl = new WebAcl("wafacl", WebAclArgs.builder()
            .metricName("tfWebACL")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .type("ALLOW")
                .build())
            .rules(WebAclRuleArgs.builder()
                .action(WebAclRuleActionArgs.builder()
                    .type("BLOCK")
                    .build())
                .priority(1)
                .ruleId(wafrule.id())
                .type("REGULAR")
                .build())
            .build());
    }
}
Content copied to clipboard

Group Rule

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.WebAcl;
import com.pulumi.aws.wafregional.WebAclArgs;
import com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleOverrideActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()
            .metricName("example")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .type("ALLOW")
                .build())
            .rules(WebAclRuleArgs.builder()
                .priority(1)
                .ruleId(aws_wafregional_rule_group.example().id())
                .type("GROUP")
                .overrideAction(WebAclRuleOverrideActionArgs.builder()
                    .type("NONE")
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Logging

NOTE: The Kinesis Firehose Delivery Stream name must begin with aws-waf-logs-. See the AWS WAF Developer Guide for more information about enabling WAF logging.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.WebAcl;
import com.pulumi.aws.wafregional.WebAclArgs;
import com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()
            .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()
                .logDestination(aws_kinesis_firehose_delivery_stream.example().arn())
                .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()
                    .fieldToMatches(
                        WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                            .type("URI")
                            .build(),
                        WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                            .data("referer")
                            .type("HEADER")
                            .build())
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

WAF Regional Web ACL can be imported using the id, e.g.,

$ pulumi import aws:wafregional/webAcl:WebAcl wafacl a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(defaultAction: Output<WebAclDefaultActionArgs>? = null, loggingConfiguration: Output<WebAclLoggingConfigurationArgs>? = null, metricName: Output<String>? = null, name: Output<String>? = null, rules: Output<List<WebAclRuleArgs>>? = null, tags: Output<Map<String, String>>? = null)

Properties

Link copied to clipboard
val defaultAction: Output<WebAclDefaultActionArgs>? = null

The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.

Link copied to clipboard
val loggingConfiguration: Output<WebAclLoggingConfigurationArgs>? = null

Configuration block to enable WAF logging. Detailed below.

Link copied to clipboard
val metricName: Output<String>? = null

The name or description for the Amazon CloudWatch metric of this web ACL.

Link copied to clipboard
val name: Output<String>? = null

The name or description of the web ACL.

Link copied to clipboard
val rules: Output<List<WebAclRuleArgs>>? = null

Set of configuration blocks containing rules for the web ACL. Detailed below.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Functions

Link copied to clipboard
open override fun toJava(): WebAclArgs