WebAcl

The Amazon Resource Name (ARN) of the IP Set that this statement references.

Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.

Web ACL capacity units (WCUs) currently being used by this web ACL.

Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.

Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.

Action to perform if none of the rules contained in the WebACL match. See default_action below for details.

Friendly description of the WebACL.

Friendly name of the WebACL.

Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.

Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.

Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.