AWS::WAFRegional::WebACL Rule - AWS CloudFormation

AWS::WAFRegional::WebACL Rule

A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:

  • An IPSet that causes AWS WAF to search for web requests that originate from the IP address

  • A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot.

To match the settings in this Rule, a request must originate from AND include a User-Agent header for which the value is BadBot.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Action" : Action, "Priority" : Integer, "RuleId" : String }


Action: Action Priority: Integer RuleId: String



The action that AWS WAF takes when a web request matches all conditions in the rule, such as allow, block, or count the request.

Required: Yes

Type: Action

Update requires: No interruption


The order in which AWS WAF evaluates the rules in a web ACL. AWS WAF evaluates rules with a lower value before rules with a higher value. The value must be a unique integer. If you have multiple rules in a web ACL, the priority numbers do not need to be consecutive.

Required: Yes

Type: Integer

Update requires: No interruption


The ID of an AWS WAF Regional rule to associate with a web ACL.

Required: Yes

Type: String

Pattern: .*\S.*

Minimum: 1

Maximum: 128

Update requires: No interruption