Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::WAF::SizeConstraintSet

The AWS::WAF::SizeConstraintSet resource specifies a size constraint that AWS WAF uses to check the size of a web request and which parts of the request to check. For more information, see CreateSizeConstraintSet in the AWS WAF API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::WAF::SizeConstraintSet", "Properties" : { "Name" : String, "SizeConstraints" : [ SizeConstraint, ... ] } }

YAML

Copy
Type: "AWS::WAF::SizeConstraintSet" Properties: Name: String SizeConstraints: - SizeConstraint

Properties

Name

A friendly name or description for the SizeConstraintSet.

Required: Yes

Type: String

Update requires: Replacement

SizeConstraints

The size constraint and the part of the web request to check.

Required: Yes

Type: List of AWS WAF SizeConstraintSet SizeConstraint

Update requires: No interruption

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Examples

The following examples show you how to define a size constraint, add it to a rule, and add the rule to a web access control list (ACL).

Define a Size Constraint

The following example checks that the body of an HTTP request equals 4096 bytes.

JSON

Copy
"MySizeConstraint": { "Type": "AWS::WAF::SizeConstraintSet", "Properties": { "Name": "SizeConstraints", "SizeConstraints": [ { "ComparisonOperator": "EQ", "FieldToMatch": { "Type": "BODY" }, "Size": "4096", "TextTransformation": "NONE" } ] } }

YAML

Copy
MySizeConstraint: Type: "AWS::WAF::SizeConstraintSet" Properties: Name: "SizeConstraints" SizeConstraints: - ComparisonOperator: "EQ" FieldToMatch: Type: "BODY" Size: "4096" TextTransformation: "NONE"

Associate a SizeConstraintSet with a Web ACL Rule

The following example associates the MySizeConstraint object with a web ACL rule.

JSON

Copy
"SizeConstraintRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "SizeConstraintRule", "MetricName" : "SizeConstraintRule", "Predicates": [ { "DataId" : { "Ref" : "MySizeConstraint" }, "Negated" : false, "Type" : "SizeConstraint" } ] } }

YAML

Copy
SizeConstraintRule: Type: "AWS::WAF::Rule" Properties: Name: "SizeConstraintRule" MetricName: "SizeConstraintRule" Predicates: - DataId: Ref: "MySizeConstraint" Negated: false Type: "SizeConstraint"

Create a Web ACL

The following example associates the SizeConstraintRule rule with a web ACL. The web ACL blocks all requests except for requests with a body size equal to 4096 bytes.

JSON

Copy
"MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "Web ACL to allow requests with a specific size", "DefaultAction": { "Type": "BLOCK" }, "MetricName" : "SizeConstraintWebACL", "Rules": [ { "Action" : { "Type" : "ALLOW" }, "Priority" : 1, "RuleId" : { "Ref" : "SizeConstraintRule" } } ] } }

YAML

Copy
MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "Web ACL to allow requests with a specific size" DefaultAction: Type: "BLOCK" MetricName: "SizeConstraintWebACL" Rules: - Action: Type: "ALLOW" Priority: 1 RuleId: Ref: "SizeConstraintRule"