AWS CloudFormation
User Guide (Version )

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS::WAFRegional::GeoMatchSet

Contains one or more countries that AWS WAF will search for.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::WAFRegional::GeoMatchSet", "Properties" : { "GeoMatchConstraints" : [ GeoMatchConstraint, ... ], "Name" : String } }

YAML

Type: AWS::WAFRegional::GeoMatchSet Properties: GeoMatchConstraints: - GeoMatchConstraint Name: String

Properties

GeoMatchConstraints

An array of GeoMatchConstraint objects, which contain the country that you want AWS WAF to search for.

Required: No

Type: List of GeoMatchConstraint

Update requires: No interruption

Name

A friendly name or description of the AWS::WAFRegional::GeoMatchSet. You can't change the name of an GeoMatchSet after you create it.

Required: Yes

Type: String

Minimum: 1

Maximum: 128

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Examples

Define Geographic Constraints

The following example defines a set of GeoMatchConstraints for a web access control list (ACL) rule.

JSON

"MyGeoConstraints": { "Type": "AWS::WAFRegional::GeoMatchSet", "Properties": { "Name": "GeoMatchSet for restricted countries", "GeoMatchConstraints": [ { "Type" : "Country", "Value" : "AE" }, { "Type" : "Country", "Value" : "ZW" } ] } }

YAML

MyGeoConstraints: Type: "AWS::WAFRegional::GeoMatchSet" Properties: Name: "GeoMatchSet for restricted countries" GeoMatchConstraints: - Type: "Country" Value: "AE" - Type: "Country" Value: "AE"

Associate a GeoMatchSet with a Web ACL Rule

The following example associates the MyGeoConstraints with a web ACL rule.

JSON

"MyGeoMatchRule" : { "Type": "AWS::WAFRegional::Rule", "Properties": { "Name": "MyGeoMatchRule", "MetricName" : "MyGeoMatchRule", "Predicates": [ { "DataId" : { "Ref" : "MyGeoConstraints" }, "Negated" : false, "Type" : "GeoMatch" } ] } }

YAML

MyGeoMatchRule: Type: "AWS::WAFRegional::Rule" Properties: Name: "MyGeoMatchRule" MetricName: "MyGeoMatchRule" Predicates: - DataId: Ref: "MyGeoConstraints" Negated: false Type: "GeoMatch"

Create a Web ACL

The following example associates the MyGeoMatchRule rule with a web ACL. The web ACL allows requests that originate from all countries except for those that are defined in the MyGeoMatchRule.

JSON

"MyWebACL": { "Type": "AWS::WAFRegional::WebACL", "Properties": { "Name": "WebACL to block restricted countries", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "MyWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "MyGeoMatchRule" } } ] } }

YAML

MyWebACL: Type: "AWS::WAFRegional::WebACL" Properties: Name: "WebACL to block restricted countries" DefaultAction: Type: "ALLOW" MetricName: "MyWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "MyGeoMatchRule"