AWS::WAFv2::RuleGroup Rule - AWS CloudFormation

AWS::WAFv2::RuleGroup Rule


This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to allow, block, or count. Each rule includes one top-level Statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Action" : RuleAction, "Name" : String, "Priority" : Integer, "Statement" : StatementOne, "VisibilityConfig" : VisibilityConfig }



The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the web ACL level can override the rule action setting.

Required: No

Type: RuleAction

Update requires: No interruption


A friendly name of the rule. You can't change the name of a Rule after you create it.

Required: Yes

Type: String

Minimum: 1

Maximum: 128

Pattern: ^[\w\-]+$

Update requires: No interruption


If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the Rules in order based on the value of Priority. AWS WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.

Required: Yes

Type: Integer

Minimum: 0

Update requires: No interruption


The AWS WAF processing statement for the rule, for example ByteMatchStatement or SizeConstraintStatement.

Required: Yes

Type: StatementOne

Update requires: No interruption


Defines and enables Amazon CloudWatch metrics and web request sample collection.

Required: Yes

Type: VisibilityConfig

Update requires: No interruption