Rule
Creates a WAFv2 Rule Group resource.
Example Usage
Simple
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementGeoMatchStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new RuleGroup("example", RuleGroupArgs.builder()
.capacity(2)
.rules(RuleGroupRuleArgs.builder()
.action(RuleGroupRuleActionArgs.builder()
.allow()
.build())
.name("rule-1")
.priority(1)
.statement(RuleGroupRuleStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementGeoMatchStatementArgs.builder()
.countryCodes(
"US",
"NL")
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-rule-metric-name")
.sampledRequestsEnabled(false)
.build())
.build())
.scope("REGIONAL")
.visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.build());
}
}Content copied to clipboard
Complex
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafv2.IpSet;
import com.pulumi.aws.wafv2.IpSetArgs;
import com.pulumi.aws.wafv2.RegexPatternSet;
import com.pulumi.aws.wafv2.RegexPatternSetArgs;
import com.pulumi.aws.wafv2.inputs.RegexPatternSetRegularExpressionArgs;
import com.pulumi.aws.wafv2.RuleGroup;
import com.pulumi.aws.wafv2.RuleGroupArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionBlockArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementNotStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleActionCountArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementOrStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleCaptchaConfigArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleCaptchaConfigImmunityTimePropertyArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementSizeConstraintStatementArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs;
import com.pulumi.aws.wafv2.inputs.RuleGroupVisibilityConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testIpSet = new IpSet("testIpSet", IpSetArgs.builder()
.scope("REGIONAL")
.ipAddressVersion("IPV4")
.addresses(
"1.1.1.1/32",
"2.2.2.2/32")
.build());
var testRegexPatternSet = new RegexPatternSet("testRegexPatternSet", RegexPatternSetArgs.builder()
.scope("REGIONAL")
.regularExpressions(RegexPatternSetRegularExpressionArgs.builder()
.regexString("one")
.build())
.build());
var example = new RuleGroup("example", RuleGroupArgs.builder()
.description("An rule group containing all statements")
.scope("REGIONAL")
.capacity(500)
.rules(
RuleGroupRuleArgs.builder()
.name("rule-1")
.priority(1)
.action(RuleGroupRuleActionArgs.builder()
.block()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.notStatement(RuleGroupRuleStatementNotStatementArgs.builder()
.statements(RuleGroupRuleStatementNotStatementStatementArgs.builder()
.andStatement(RuleGroupRuleStatementNotStatementStatementAndStatementArgs.builder()
.statements(
RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs.builder()
.geoMatchStatement(RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs.builder()
.countryCodes("US")
.build())
.build(),
RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs.builder()
.byteMatchStatement(RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs.builder()
.positionalConstraint("CONTAINS")
.searchString("word")
.fieldToMatch(RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs.builder()
.allQueryArguments()
.build())
.textTransformations(
RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs.builder()
.priority(5)
.type("CMD_LINE")
.build(),
RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs.builder()
.priority(2)
.type("LOWERCASE")
.build())
.build())
.build())
.build())
.build())
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("rule-1")
.sampledRequestsEnabled(false)
.build())
.build(),
RuleGroupRuleArgs.builder()
.name("rule-2")
.priority(2)
.action(RuleGroupRuleActionArgs.builder()
.count()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.orStatement(RuleGroupRuleStatementOrStatementArgs.builder()
.statements(
RuleGroupRuleStatementOrStatementStatementArgs.builder()
.regexMatchStatement(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementArgs.builder()
.regexString("a-z?")
.fieldToMatch(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchArgs.builder()
.singleHeader(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementFieldToMatchSingleHeaderArgs.builder()
.name("user-agent")
.build())
.build())
.textTransformations(RuleGroupRuleStatementOrStatementStatementRegexMatchStatementTextTransformationArgs.builder()
.priority(6)
.type("NONE")
.build())
.build())
.build(),
RuleGroupRuleStatementOrStatementStatementArgs.builder()
.sqliMatchStatement(RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs.builder()
.fieldToMatch(RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs.builder()
.body()
.build())
.textTransformations(
RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs.builder()
.priority(5)
.type("URL_DECODE")
.build(),
RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs.builder()
.priority(4)
.type("HTML_ENTITY_DECODE")
.build(),
RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs.builder()
.priority(3)
.type("COMPRESS_WHITE_SPACE")
.build())
.build())
.build(),
RuleGroupRuleStatementOrStatementStatementArgs.builder()
.xssMatchStatement(RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs.builder()
.fieldToMatch(RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs.builder()
.method()
.build())
.textTransformations(RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs.builder()
.priority(2)
.type("NONE")
.build())
.build())
.build())
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("rule-2")
.sampledRequestsEnabled(false)
.build())
.captchaConfig(RuleGroupRuleCaptchaConfigArgs.builder()
.immunityTimeProperty(RuleGroupRuleCaptchaConfigImmunityTimePropertyArgs.builder()
.immunityTime(240)
.build())
.build())
.build(),
RuleGroupRuleArgs.builder()
.name("rule-3")
.priority(3)
.action(RuleGroupRuleActionArgs.builder()
.block()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.sizeConstraintStatement(RuleGroupRuleStatementSizeConstraintStatementArgs.builder()
.comparisonOperator("GT")
.size(100)
.fieldToMatch(RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs.builder()
.singleQueryArgument(RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs.builder()
.name("username")
.build())
.build())
.textTransformations(RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs.builder()
.priority(5)
.type("NONE")
.build())
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("rule-3")
.sampledRequestsEnabled(false)
.build())
.build(),
RuleGroupRuleArgs.builder()
.name("rule-4")
.priority(4)
.action(RuleGroupRuleActionArgs.builder()
.block()
.build())
.statement(RuleGroupRuleStatementArgs.builder()
.orStatement(RuleGroupRuleStatementOrStatementArgs.builder()
.statements(
RuleGroupRuleStatementOrStatementStatementArgs.builder()
.ipSetReferenceStatement(RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs.builder()
.arn(testIpSet.arn())
.build())
.build(),
RuleGroupRuleStatementOrStatementStatementArgs.builder()
.regexPatternSetReferenceStatement(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs.builder()
.arn(testRegexPatternSet.arn())
.fieldToMatch(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs.builder()
.singleHeader(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs.builder()
.name("referer")
.build())
.build())
.textTransformations(RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs.builder()
.priority(2)
.type("NONE")
.build())
.build())
.build())
.build())
.build())
.visibilityConfig(RuleGroupRuleVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("rule-4")
.sampledRequestsEnabled(false)
.build())
.build())
.visibilityConfig(RuleGroupVisibilityConfigArgs.builder()
.cloudwatchMetricsEnabled(false)
.metricName("friendly-metric-name")
.sampledRequestsEnabled(false)
.build())
.captchaConfig(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.tags(Map.ofEntries(
Map.entry("Name", "example-and-statement"),
Map.entry("Code", "123456")
))
.build());
}
}Content copied to clipboard
Import
WAFv2 Rule Group can be imported using ID/name/scope e.g.,
$ pulumi import aws:wafv2/ruleGroup:RuleGroup example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONALContent copied to clipboard
Properties
Link copied to clipboard
Defines custom response bodies that can be referenced by custom_response actions. See Custom Response Body below for details.
Link copied to clipboard
A friendly description of the rule group.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The rule blocks used to identify the web requests that you want to allow, block, or count. See Rules below for details.
Link copied to clipboard
Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.