1. Packages
  2. AWS
  3. API Docs
  4. wafregional
  5. WebAcl
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.wafregional.WebAcl

Explore with Pulumi AI

Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.

Example Usage

Regular Rule

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ipset = new aws.wafregional.IpSet("ipset", {
    name: "tfIPSet",
    ipSetDescriptors: [{
        type: "IPV4",
        value: "192.0.7.0/24",
    }],
});
const wafrule = new aws.wafregional.Rule("wafrule", {
    name: "tfWAFRule",
    metricName: "tfWAFRule",
    predicates: [{
        dataId: ipset.id,
        negated: false,
        type: "IPMatch",
    }],
});
const wafacl = new aws.wafregional.WebAcl("wafacl", {
    name: "tfWebACL",
    metricName: "tfWebACL",
    defaultAction: {
        type: "ALLOW",
    },
    rules: [{
        action: {
            type: "BLOCK",
        },
        priority: 1,
        ruleId: wafrule.id,
        type: "REGULAR",
    }],
});
Copy
import pulumi
import pulumi_aws as aws

ipset = aws.wafregional.IpSet("ipset",
    name="tfIPSet",
    ip_set_descriptors=[{
        "type": "IPV4",
        "value": "192.0.7.0/24",
    }])
wafrule = aws.wafregional.Rule("wafrule",
    name="tfWAFRule",
    metric_name="tfWAFRule",
    predicates=[{
        "data_id": ipset.id,
        "negated": False,
        "type": "IPMatch",
    }])
wafacl = aws.wafregional.WebAcl("wafacl",
    name="tfWebACL",
    metric_name="tfWebACL",
    default_action={
        "type": "ALLOW",
    },
    rules=[{
        "action": {
            "type": "BLOCK",
        },
        "priority": 1,
        "rule_id": wafrule.id,
        "type": "REGULAR",
    }])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		ipset, err := wafregional.NewIpSet(ctx, "ipset", &wafregional.IpSetArgs{
			Name: pulumi.String("tfIPSet"),
			IpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{
				&wafregional.IpSetIpSetDescriptorArgs{
					Type:  pulumi.String("IPV4"),
					Value: pulumi.String("192.0.7.0/24"),
				},
			},
		})
		if err != nil {
			return err
		}
		wafrule, err := wafregional.NewRule(ctx, "wafrule", &wafregional.RuleArgs{
			Name:       pulumi.String("tfWAFRule"),
			MetricName: pulumi.String("tfWAFRule"),
			Predicates: wafregional.RulePredicateArray{
				&wafregional.RulePredicateArgs{
					DataId:  ipset.ID(),
					Negated: pulumi.Bool(false),
					Type:    pulumi.String("IPMatch"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = wafregional.NewWebAcl(ctx, "wafacl", &wafregional.WebAclArgs{
			Name:       pulumi.String("tfWebACL"),
			MetricName: pulumi.String("tfWebACL"),
			DefaultAction: &wafregional.WebAclDefaultActionArgs{
				Type: pulumi.String("ALLOW"),
			},
			Rules: wafregional.WebAclRuleArray{
				&wafregional.WebAclRuleArgs{
					Action: &wafregional.WebAclRuleActionArgs{
						Type: pulumi.String("BLOCK"),
					},
					Priority: pulumi.Int(1),
					RuleId:   wafrule.ID(),
					Type:     pulumi.String("REGULAR"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var ipset = new Aws.WafRegional.IpSet("ipset", new()
    {
        Name = "tfIPSet",
        IpSetDescriptors = new[]
        {
            new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs
            {
                Type = "IPV4",
                Value = "192.0.7.0/24",
            },
        },
    });

    var wafrule = new Aws.WafRegional.Rule("wafrule", new()
    {
        Name = "tfWAFRule",
        MetricName = "tfWAFRule",
        Predicates = new[]
        {
            new Aws.WafRegional.Inputs.RulePredicateArgs
            {
                DataId = ipset.Id,
                Negated = false,
                Type = "IPMatch",
            },
        },
    });

    var wafacl = new Aws.WafRegional.WebAcl("wafacl", new()
    {
        Name = "tfWebACL",
        MetricName = "tfWebACL",
        DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
        {
            Type = "ALLOW",
        },
        Rules = new[]
        {
            new Aws.WafRegional.Inputs.WebAclRuleArgs
            {
                Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
                {
                    Type = "BLOCK",
                },
                Priority = 1,
                RuleId = wafrule.Id,
                Type = "REGULAR",
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.IpSet;
import com.pulumi.aws.wafregional.IpSetArgs;
import com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;
import com.pulumi.aws.wafregional.Rule;
import com.pulumi.aws.wafregional.RuleArgs;
import com.pulumi.aws.wafregional.inputs.RulePredicateArgs;
import com.pulumi.aws.wafregional.WebAcl;
import com.pulumi.aws.wafregional.WebAclArgs;
import com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ipset = new IpSet("ipset", IpSetArgs.builder()
            .name("tfIPSet")
            .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()
                .type("IPV4")
                .value("192.0.7.0/24")
                .build())
            .build());

        var wafrule = new Rule("wafrule", RuleArgs.builder()
            .name("tfWAFRule")
            .metricName("tfWAFRule")
            .predicates(RulePredicateArgs.builder()
                .dataId(ipset.id())
                .negated(false)
                .type("IPMatch")
                .build())
            .build());

        var wafacl = new WebAcl("wafacl", WebAclArgs.builder()
            .name("tfWebACL")
            .metricName("tfWebACL")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .type("ALLOW")
                .build())
            .rules(WebAclRuleArgs.builder()
                .action(WebAclRuleActionArgs.builder()
                    .type("BLOCK")
                    .build())
                .priority(1)
                .ruleId(wafrule.id())
                .type("REGULAR")
                .build())
            .build());

    }
}
Copy
resources:
  ipset:
    type: aws:wafregional:IpSet
    properties:
      name: tfIPSet
      ipSetDescriptors:
        - type: IPV4
          value: 192.0.7.0/24
  wafrule:
    type: aws:wafregional:Rule
    properties:
      name: tfWAFRule
      metricName: tfWAFRule
      predicates:
        - dataId: ${ipset.id}
          negated: false
          type: IPMatch
  wafacl:
    type: aws:wafregional:WebAcl
    properties:
      name: tfWebACL
      metricName: tfWebACL
      defaultAction:
        type: ALLOW
      rules:
        - action:
            type: BLOCK
          priority: 1
          ruleId: ${wafrule.id}
          type: REGULAR
Copy

Group Rule

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafregional.WebAcl("example", {
    name: "example",
    metricName: "example",
    defaultAction: {
        type: "ALLOW",
    },
    rules: [{
        priority: 1,
        ruleId: exampleAwsWafregionalRuleGroup.id,
        type: "GROUP",
        overrideAction: {
            type: "NONE",
        },
    }],
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.wafregional.WebAcl("example",
    name="example",
    metric_name="example",
    default_action={
        "type": "ALLOW",
    },
    rules=[{
        "priority": 1,
        "rule_id": example_aws_wafregional_rule_group["id"],
        "type": "GROUP",
        "override_action": {
            "type": "NONE",
        },
    }])
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafregional.NewWebAcl(ctx, "example", &wafregional.WebAclArgs{
			Name:       pulumi.String("example"),
			MetricName: pulumi.String("example"),
			DefaultAction: &wafregional.WebAclDefaultActionArgs{
				Type: pulumi.String("ALLOW"),
			},
			Rules: wafregional.WebAclRuleArray{
				&wafregional.WebAclRuleArgs{
					Priority: pulumi.Int(1),
					RuleId:   pulumi.Any(exampleAwsWafregionalRuleGroup.Id),
					Type:     pulumi.String("GROUP"),
					OverrideAction: &wafregional.WebAclRuleOverrideActionArgs{
						Type: pulumi.String("NONE"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafRegional.WebAcl("example", new()
    {
        Name = "example",
        MetricName = "example",
        DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
        {
            Type = "ALLOW",
        },
        Rules = new[]
        {
            new Aws.WafRegional.Inputs.WebAclRuleArgs
            {
                Priority = 1,
                RuleId = exampleAwsWafregionalRuleGroup.Id,
                Type = "GROUP",
                OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs
                {
                    Type = "NONE",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.WebAcl;
import com.pulumi.aws.wafregional.WebAclArgs;
import com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafregional.inputs.WebAclRuleOverrideActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()
            .name("example")
            .metricName("example")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .type("ALLOW")
                .build())
            .rules(WebAclRuleArgs.builder()
                .priority(1)
                .ruleId(exampleAwsWafregionalRuleGroup.id())
                .type("GROUP")
                .overrideAction(WebAclRuleOverrideActionArgs.builder()
                    .type("NONE")
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:wafregional:WebAcl
    properties:
      name: example
      metricName: example
      defaultAction:
        type: ALLOW
      rules:
        - priority: 1
          ruleId: ${exampleAwsWafregionalRuleGroup.id}
          type: GROUP
          overrideAction:
            type: NONE
Copy

Logging

NOTE: The Kinesis Firehose Delivery Stream name must begin with aws-waf-logs-. See the AWS WAF Developer Guide for more information about enabling WAF logging.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.wafregional.WebAcl("example", {loggingConfiguration: {
    logDestination: exampleAwsKinesisFirehoseDeliveryStream.arn,
    redactedFields: {
        fieldToMatches: [
            {
                type: "URI",
            },
            {
                data: "referer",
                type: "HEADER",
            },
        ],
    },
}});
Copy
import pulumi
import pulumi_aws as aws

example = aws.wafregional.WebAcl("example", logging_configuration={
    "log_destination": example_aws_kinesis_firehose_delivery_stream["arn"],
    "redacted_fields": {
        "field_to_matches": [
            {
                "type": "URI",
            },
            {
                "data": "referer",
                "type": "HEADER",
            },
        ],
    },
})
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := wafregional.NewWebAcl(ctx, "example", &wafregional.WebAclArgs{
			LoggingConfiguration: &wafregional.WebAclLoggingConfigurationArgs{
				LogDestination: pulumi.Any(exampleAwsKinesisFirehoseDeliveryStream.Arn),
				RedactedFields: &wafregional.WebAclLoggingConfigurationRedactedFieldsArgs{
					FieldToMatches: wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{
						&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
							Type: pulumi.String("URI"),
						},
						&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
							Data: pulumi.String("referer"),
							Type: pulumi.String("HEADER"),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.WafRegional.WebAcl("example", new()
    {
        LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs
        {
            LogDestination = exampleAwsKinesisFirehoseDeliveryStream.Arn,
            RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs
            {
                FieldToMatches = new[]
                {
                    new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                    {
                        Type = "URI",
                    },
                    new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                    {
                        Data = "referer",
                        Type = "HEADER",
                    },
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.WebAcl;
import com.pulumi.aws.wafregional.WebAclArgs;
import com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationArgs;
import com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new WebAcl("example", WebAclArgs.builder()
            .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()
                .logDestination(exampleAwsKinesisFirehoseDeliveryStream.arn())
                .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()
                    .fieldToMatches(                    
                        WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                            .type("URI")
                            .build(),
                        WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                            .data("referer")
                            .type("HEADER")
                            .build())
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  example:
    type: aws:wafregional:WebAcl
    properties:
      loggingConfiguration:
        logDestination: ${exampleAwsKinesisFirehoseDeliveryStream.arn}
        redactedFields:
          fieldToMatches:
            - type: URI
            - data: referer
              type: HEADER
Copy

Create WebAcl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);
@overload
def WebAcl(resource_name: str,
           args: WebAclArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def WebAcl(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           default_action: Optional[WebAclDefaultActionArgs] = None,
           metric_name: Optional[str] = None,
           logging_configuration: Optional[WebAclLoggingConfigurationArgs] = None,
           name: Optional[str] = None,
           rules: Optional[Sequence[WebAclRuleArgs]] = None,
           tags: Optional[Mapping[str, str]] = None)
func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)
public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)
public WebAcl(String name, WebAclArgs args)
public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)
type: aws:wafregional:WebAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. WebAclArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. WebAclArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. WebAclArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. WebAclArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. WebAclArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var awsWebAclResource = new Aws.WafRegional.WebAcl("awsWebAclResource", new()
{
    DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs
    {
        Type = "string",
    },
    MetricName = "string",
    LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs
    {
        LogDestination = "string",
        RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs
        {
            FieldToMatches = new[]
            {
                new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs
                {
                    Type = "string",
                    Data = "string",
                },
            },
        },
    },
    Name = "string",
    Rules = new[]
    {
        new Aws.WafRegional.Inputs.WebAclRuleArgs
        {
            Priority = 0,
            RuleId = "string",
            Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs
            {
                Type = "string",
            },
            OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs
            {
                Type = "string",
            },
            Type = "string",
        },
    },
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := wafregional.NewWebAcl(ctx, "awsWebAclResource", &wafregional.WebAclArgs{
	DefaultAction: &wafregional.WebAclDefaultActionArgs{
		Type: pulumi.String("string"),
	},
	MetricName: pulumi.String("string"),
	LoggingConfiguration: &wafregional.WebAclLoggingConfigurationArgs{
		LogDestination: pulumi.String("string"),
		RedactedFields: &wafregional.WebAclLoggingConfigurationRedactedFieldsArgs{
			FieldToMatches: wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{
				&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{
					Type: pulumi.String("string"),
					Data: pulumi.String("string"),
				},
			},
		},
	},
	Name: pulumi.String("string"),
	Rules: wafregional.WebAclRuleArray{
		&wafregional.WebAclRuleArgs{
			Priority: pulumi.Int(0),
			RuleId:   pulumi.String("string"),
			Action: &wafregional.WebAclRuleActionArgs{
				Type: pulumi.String("string"),
			},
			OverrideAction: &wafregional.WebAclRuleOverrideActionArgs{
				Type: pulumi.String("string"),
			},
			Type: pulumi.String("string"),
		},
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var awsWebAclResource = new WebAcl("awsWebAclResource", WebAclArgs.builder()
    .defaultAction(WebAclDefaultActionArgs.builder()
        .type("string")
        .build())
    .metricName("string")
    .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()
        .logDestination("string")
        .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()
            .fieldToMatches(WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()
                .type("string")
                .data("string")
                .build())
            .build())
        .build())
    .name("string")
    .rules(WebAclRuleArgs.builder()
        .priority(0)
        .ruleId("string")
        .action(WebAclRuleActionArgs.builder()
            .type("string")
            .build())
        .overrideAction(WebAclRuleOverrideActionArgs.builder()
            .type("string")
            .build())
        .type("string")
        .build())
    .tags(Map.of("string", "string"))
    .build());
Copy
aws_web_acl_resource = aws.wafregional.WebAcl("awsWebAclResource",
    default_action={
        "type": "string",
    },
    metric_name="string",
    logging_configuration={
        "log_destination": "string",
        "redacted_fields": {
            "field_to_matches": [{
                "type": "string",
                "data": "string",
            }],
        },
    },
    name="string",
    rules=[{
        "priority": 0,
        "rule_id": "string",
        "action": {
            "type": "string",
        },
        "override_action": {
            "type": "string",
        },
        "type": "string",
    }],
    tags={
        "string": "string",
    })
Copy
const awsWebAclResource = new aws.wafregional.WebAcl("awsWebAclResource", {
    defaultAction: {
        type: "string",
    },
    metricName: "string",
    loggingConfiguration: {
        logDestination: "string",
        redactedFields: {
            fieldToMatches: [{
                type: "string",
                data: "string",
            }],
        },
    },
    name: "string",
    rules: [{
        priority: 0,
        ruleId: "string",
        action: {
            type: "string",
        },
        overrideAction: {
            type: "string",
        },
        type: "string",
    }],
    tags: {
        string: "string",
    },
});
Copy
type: aws:wafregional:WebAcl
properties:
    defaultAction:
        type: string
    loggingConfiguration:
        logDestination: string
        redactedFields:
            fieldToMatches:
                - data: string
                  type: string
    metricName: string
    name: string
    rules:
        - action:
            type: string
          overrideAction:
            type: string
          priority: 0
          ruleId: string
          type: string
    tags:
        string: string
Copy

WebAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The WebAcl resource accepts the following input properties:

DefaultAction This property is required. WebAclDefaultAction
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
MetricName
This property is required.
Changes to this property will trigger replacement.
string
The name or description for the Amazon CloudWatch metric of this web ACL.
LoggingConfiguration WebAclLoggingConfiguration
Configuration block to enable WAF logging. Detailed below.
Name Changes to this property will trigger replacement. string
The name or description of the web ACL.
Rules List<WebAclRule>
Set of configuration blocks containing rules for the web ACL. Detailed below.
Tags Dictionary<string, string>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
DefaultAction This property is required. WebAclDefaultActionArgs
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
MetricName
This property is required.
Changes to this property will trigger replacement.
string
The name or description for the Amazon CloudWatch metric of this web ACL.
LoggingConfiguration WebAclLoggingConfigurationArgs
Configuration block to enable WAF logging. Detailed below.
Name Changes to this property will trigger replacement. string
The name or description of the web ACL.
Rules []WebAclRuleArgs
Set of configuration blocks containing rules for the web ACL. Detailed below.
Tags map[string]string
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
defaultAction This property is required. WebAclDefaultAction
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
metricName
This property is required.
Changes to this property will trigger replacement.
String
The name or description for the Amazon CloudWatch metric of this web ACL.
loggingConfiguration WebAclLoggingConfiguration
Configuration block to enable WAF logging. Detailed below.
name Changes to this property will trigger replacement. String
The name or description of the web ACL.
rules List<WebAclRule>
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags Map<String,String>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
defaultAction This property is required. WebAclDefaultAction
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
metricName
This property is required.
Changes to this property will trigger replacement.
string
The name or description for the Amazon CloudWatch metric of this web ACL.
loggingConfiguration WebAclLoggingConfiguration
Configuration block to enable WAF logging. Detailed below.
name Changes to this property will trigger replacement. string
The name or description of the web ACL.
rules WebAclRule[]
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags {[key: string]: string}
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
default_action This property is required. WebAclDefaultActionArgs
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
metric_name
This property is required.
Changes to this property will trigger replacement.
str
The name or description for the Amazon CloudWatch metric of this web ACL.
logging_configuration WebAclLoggingConfigurationArgs
Configuration block to enable WAF logging. Detailed below.
name Changes to this property will trigger replacement. str
The name or description of the web ACL.
rules Sequence[WebAclRuleArgs]
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags Mapping[str, str]
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
defaultAction This property is required. Property Map
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
metricName
This property is required.
Changes to this property will trigger replacement.
String
The name or description for the Amazon CloudWatch metric of this web ACL.
loggingConfiguration Property Map
Configuration block to enable WAF logging. Detailed below.
name Changes to this property will trigger replacement. String
The name or description of the web ACL.
rules List<Property Map>
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags Map<String>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

Arn string
Amazon Resource Name (ARN) of the WAF Regional WebACL.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Arn string
Amazon Resource Name (ARN) of the WAF Regional WebACL.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the WAF Regional WebACL.
id String
The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn string
Amazon Resource Name (ARN) of the WAF Regional WebACL.
id string
The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn str
Amazon Resource Name (ARN) of the WAF Regional WebACL.
id str
The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the WAF Regional WebACL.
id String
The provider-assigned unique ID for this managed resource.
tagsAll Map<String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Look up Existing WebAcl Resource

Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        default_action: Optional[WebAclDefaultActionArgs] = None,
        logging_configuration: Optional[WebAclLoggingConfigurationArgs] = None,
        metric_name: Optional[str] = None,
        name: Optional[str] = None,
        rules: Optional[Sequence[WebAclRuleArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> WebAcl
func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)
public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)
public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)
resources:  _:    type: aws:wafregional:WebAcl    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string
Amazon Resource Name (ARN) of the WAF Regional WebACL.
DefaultAction WebAclDefaultAction
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
LoggingConfiguration WebAclLoggingConfiguration
Configuration block to enable WAF logging. Detailed below.
MetricName Changes to this property will trigger replacement. string
The name or description for the Amazon CloudWatch metric of this web ACL.
Name Changes to this property will trigger replacement. string
The name or description of the web ACL.
Rules List<WebAclRule>
Set of configuration blocks containing rules for the web ACL. Detailed below.
Tags Dictionary<string, string>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Arn string
Amazon Resource Name (ARN) of the WAF Regional WebACL.
DefaultAction WebAclDefaultActionArgs
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
LoggingConfiguration WebAclLoggingConfigurationArgs
Configuration block to enable WAF logging. Detailed below.
MetricName Changes to this property will trigger replacement. string
The name or description for the Amazon CloudWatch metric of this web ACL.
Name Changes to this property will trigger replacement. string
The name or description of the web ACL.
Rules []WebAclRuleArgs
Set of configuration blocks containing rules for the web ACL. Detailed below.
Tags map[string]string
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the WAF Regional WebACL.
defaultAction WebAclDefaultAction
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
loggingConfiguration WebAclLoggingConfiguration
Configuration block to enable WAF logging. Detailed below.
metricName Changes to this property will trigger replacement. String
The name or description for the Amazon CloudWatch metric of this web ACL.
name Changes to this property will trigger replacement. String
The name or description of the web ACL.
rules List<WebAclRule>
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags Map<String,String>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn string
Amazon Resource Name (ARN) of the WAF Regional WebACL.
defaultAction WebAclDefaultAction
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
loggingConfiguration WebAclLoggingConfiguration
Configuration block to enable WAF logging. Detailed below.
metricName Changes to this property will trigger replacement. string
The name or description for the Amazon CloudWatch metric of this web ACL.
name Changes to this property will trigger replacement. string
The name or description of the web ACL.
rules WebAclRule[]
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags {[key: string]: string}
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn str
Amazon Resource Name (ARN) of the WAF Regional WebACL.
default_action WebAclDefaultActionArgs
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
logging_configuration WebAclLoggingConfigurationArgs
Configuration block to enable WAF logging. Detailed below.
metric_name Changes to this property will trigger replacement. str
The name or description for the Amazon CloudWatch metric of this web ACL.
name Changes to this property will trigger replacement. str
The name or description of the web ACL.
rules Sequence[WebAclRuleArgs]
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags Mapping[str, str]
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

arn String
Amazon Resource Name (ARN) of the WAF Regional WebACL.
defaultAction Property Map
The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
loggingConfiguration Property Map
Configuration block to enable WAF logging. Detailed below.
metricName Changes to this property will trigger replacement. String
The name or description for the Amazon CloudWatch metric of this web ACL.
name Changes to this property will trigger replacement. String
The name or description of the web ACL.
rules List<Property Map>
Set of configuration blocks containing rules for the web ACL. Detailed below.
tags Map<String>
Key-value map of resource tags. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Supporting Types

WebAclDefaultAction
, WebAclDefaultActionArgs

Type This property is required. string
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
Type This property is required. string
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
type This property is required. String
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
type This property is required. string
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
type This property is required. str
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT
type This property is required. String
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a ruleE.g., ALLOW, BLOCK or COUNT

WebAclLoggingConfiguration
, WebAclLoggingConfigurationArgs

LogDestination This property is required. string
Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
RedactedFields WebAclLoggingConfigurationRedactedFields
Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
LogDestination This property is required. string
Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
RedactedFields WebAclLoggingConfigurationRedactedFields
Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
logDestination This property is required. String
Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
redactedFields WebAclLoggingConfigurationRedactedFields
Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
logDestination This property is required. string
Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
redactedFields WebAclLoggingConfigurationRedactedFields
Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
log_destination This property is required. str
Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
redacted_fields WebAclLoggingConfigurationRedactedFields
Configuration block containing parts of the request that you want redacted from the logs. Detailed below.
logDestination This property is required. String
Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream
redactedFields Property Map
Configuration block containing parts of the request that you want redacted from the logs. Detailed below.

WebAclLoggingConfigurationRedactedFields
, WebAclLoggingConfigurationRedactedFieldsArgs

FieldToMatches This property is required. List<WebAclLoggingConfigurationRedactedFieldsFieldToMatch>
Set of configuration blocks for fields to redact. Detailed below.
FieldToMatches This property is required. []WebAclLoggingConfigurationRedactedFieldsFieldToMatch
Set of configuration blocks for fields to redact. Detailed below.
fieldToMatches This property is required. List<WebAclLoggingConfigurationRedactedFieldsFieldToMatch>
Set of configuration blocks for fields to redact. Detailed below.
fieldToMatches This property is required. WebAclLoggingConfigurationRedactedFieldsFieldToMatch[]
Set of configuration blocks for fields to redact. Detailed below.
field_to_matches This property is required. Sequence[WebAclLoggingConfigurationRedactedFieldsFieldToMatch]
Set of configuration blocks for fields to redact. Detailed below.
fieldToMatches This property is required. List<Property Map>
Set of configuration blocks for fields to redact. Detailed below.

WebAclLoggingConfigurationRedactedFieldsFieldToMatch
, WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs

Type This property is required. string
The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
Data string
When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
Type This property is required. string
The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
Data string
When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
type This property is required. String
The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
data String
When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
type This property is required. string
The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
data string
When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
type This property is required. str
The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
data str
When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.
type This property is required. String
The part of the web request that you want AWS WAF to search for a specified stringE.g., HEADER or METHOD
data String
When the value of type is HEADER, enter the name of the header that you want the WAF to search, for example, User-Agent or Referer. If the value of type is any other value, omit data.

WebAclRule
, WebAclRuleArgs

Priority This property is required. int
Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
RuleId This property is required. string
ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
Action WebAclRuleAction
Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
OverrideAction WebAclRuleOverrideAction
Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
Type string
The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
Priority This property is required. int
Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
RuleId This property is required. string
ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
Action WebAclRuleAction
Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
OverrideAction WebAclRuleOverrideAction
Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
Type string
The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
priority This property is required. Integer
Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
ruleId This property is required. String
ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
action WebAclRuleAction
Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
overrideAction WebAclRuleOverrideAction
Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
type String
The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
priority This property is required. number
Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
ruleId This property is required. string
ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
action WebAclRuleAction
Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
overrideAction WebAclRuleOverrideAction
Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
type string
The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
priority This property is required. int
Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
rule_id This property is required. str
ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
action WebAclRuleAction
Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
override_action WebAclRuleOverrideAction
Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
type str
The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.
priority This property is required. Number
Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
ruleId This property is required. String
ID of the associated WAF (Regional) rule (e.g., aws.wafregional.Rule). WAF (Global) rules cannot be used.
action Property Map
Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP. Detailed below.
overrideAction Property Map
Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP. Detailed below.
type String
The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

WebAclRuleAction
, WebAclRuleActionArgs

Type This property is required. string
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
Type This property is required. string
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
type This property is required. String
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
type This property is required. string
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
type This property is required. str
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.
type This property is required. String
Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. Valid values for action are ALLOW, BLOCK or COUNT. Valid values for override_action are COUNT and NONE.

WebAclRuleOverrideAction
, WebAclRuleOverrideActionArgs

Type This property is required. string
Type This property is required. string
type This property is required. String
type This property is required. string
type This property is required. str
type This property is required. String

Import

Using pulumi import, import WAF Regional Web ACL using the id. For example:

$ pulumi import aws:wafregional/webAcl:WebAcl wafacl a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.