software.amazon.awscdk.services.waf.regional

Class CfnRateBasedRule

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.waf.regional.CfnRateBasedRule

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.71.0 (build f1f58ae)",
           date="2022-11-29T04:32:18.083Z")
public class CfnRateBasedRule
extends CfnResource
implements IInspectable

A CloudFormation `AWS::WAFRegional::RateBasedRule`.

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAF V2 API and see the AWS WAF Developer Guide . With the latest version, AWS WAF has a single set of endpoints for regional and global use.

A RateBasedRule is identical to a regular Rule , with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule that includes the following conditions:

• The requests come from 192.0.2.44.
• They contain the value BadBot in the User-Agent header.

In the rule, you also define the rate limit as 15,000.

Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.

Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.waf.regional.*;
 CfnRateBasedRule cfnRateBasedRule = CfnRateBasedRule.Builder.create(this, "MyCfnRateBasedRule")
         .metricName("metricName")
         .name("name")
         .rateKey("rateKey")
         .rateLimit(123)
         // the properties below are optional
         .matchPredicates(List.of(PredicateProperty.builder()
                 .dataId("dataId")
                 .negated(false)
                 .type("type")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnRateBasedRule.Builder A fluent builder for CfnRateBasedRule.
static interface	CfnRateBasedRule.PredicateProperty Specifies the `ByteMatchSet` , `IPSet` , `SqlInjectionMatchSet` , `XssMatchSet` , `RegexMatchSet` , `GeoMatchSet` , and `SizeConstraintSet` objects that you want to add to a `Rule` and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnRateBasedRule(Construct scope, java.lang.String id, CfnRateBasedRuleProps props) Create a new `AWS::WAFRegional::RateBasedRule`.
protected	CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.Object	getMatchPredicates() The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
java.lang.String	getMetricName() A name for the metrics for a `RateBasedRule` .
java.lang.String	getName() A friendly name or description for a `RateBasedRule` .
java.lang.String	getRateKey() The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
java.lang.Number	getRateLimit() The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setMatchPredicates(IResolvable value) The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
void	setMatchPredicates(java.util.List<java.lang.Object> value) The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
void	setMetricName(java.lang.String value) A name for the metrics for a `RateBasedRule` .
void	setName(java.lang.String value) A friendly name or description for a `RateBasedRule` .
void	setRateKey(java.lang.String value) The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
void	setRateLimit(java.lang.Number value) The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnRateBasedRule

protected CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef)

CfnRateBasedRule

protected CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnRateBasedRule

public CfnRateBasedRule(Construct scope,
                        java.lang.String id,
                        CfnRateBasedRuleProps props)

Create a new `AWS::WAFRegional::RateBasedRule`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getMetricName

public java.lang.String getMetricName()

A name for the metrics for a `RateBasedRule` .

The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule .

setMetricName

public void setMetricName(java.lang.String value)

A name for the metrics for a `RateBasedRule` .

The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule .

getName

public java.lang.String getName()

A friendly name or description for a `RateBasedRule` .

You can't change the name of a RateBasedRule after you create it.

setName

public void setName(java.lang.String value)

A friendly name or description for a `RateBasedRule` .

You can't change the name of a RateBasedRule after you create it.

getRateKey

public java.lang.String getRateKey()

The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.

The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .

setRateKey

public void setRateKey(java.lang.String value)

The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.

The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .

getRateLimit

public java.lang.Number getRateLimit()

The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.

If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

setRateLimit

public void setRateLimit(java.lang.Number value)

The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.

If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

getMatchPredicates

public java.lang.Object getMatchPredicates()

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .

setMatchPredicates

public void setMatchPredicates(IResolvable value)

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .

setMatchPredicates

public void setMatchPredicates(java.util.List<java.lang.Object> value)

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .