Package software.amazon.awscdk.services.waf.regional

Class CfnRateBasedRule

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.waf.regional.CfnRateBasedRule
All Implemented Interfaces:
IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)", date="2023-06-19T16:30:36.096Z") @Stability(Stable) public class CfnRateBasedRule extends CfnResource implements IInspectable
A CloudFormation AWS::WAFRegional::RateBasedRule.

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAF V2 API and see the AWS WAF Developer Guide . With the latest version, AWS WAF has a single set of endpoints for regional and global use.

A RateBasedRule is identical to a regular Rule , with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule that includes the following conditions:

  • The requests come from 192.0.2.44.
  • They contain the value BadBot in the User-Agent header.

In the rule, you also define the rate limit as 15,000.

Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.

Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.waf.regional.*;
 CfnRateBasedRule cfnRateBasedRule = CfnRateBasedRule.Builder.create(this, "MyCfnRateBasedRule")
         .metricName("metricName")
         .name("name")
         .rateKey("rateKey")
         .rateLimit(123)
         // the properties below are optional
         .matchPredicates(List.of(PredicateProperty.builder()
                 .dataId("dataId")
                 .negated(false)
                 .type("type")
                 .build()))
         .build();

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnRateBasedRule

      protected CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnRateBasedRule

      protected CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnRateBasedRule

      @Stability(Stable) public CfnRateBasedRule(@NotNull Construct scope, @NotNull String id, @NotNull CfnRateBasedRuleProps props)
      Create a new AWS::WAFRegional::RateBasedRule.

      Parameters:
      scope -
      • scope in which this resource is defined.
      This parameter is required.
      id -
      • scoped id of the resource.
      This parameter is required.
      props -
      • resource properties.
      This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector -
      • tree inspector to collect and process attributes.
      This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getMetricName

      @Stability(Stable) @NotNull public String getMetricName()
      A name for the metrics for a RateBasedRule .

      The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule .

    • setMetricName

      @Stability(Stable) public void setMetricName(@NotNull String value)
      A name for the metrics for a RateBasedRule .

      The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule .

    • getName

      @Stability(Stable) @NotNull public String getName()
      A friendly name or description for a RateBasedRule .

      You can't change the name of a RateBasedRule after you create it.

    • setName

      @Stability(Stable) public void setName(@NotNull String value)
      A friendly name or description for a RateBasedRule .

      You can't change the name of a RateBasedRule after you create it.

    • getRateKey

      @Stability(Stable) @NotNull public String getRateKey()
      The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.

      The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .

    • setRateKey

      @Stability(Stable) public void setRateKey(@NotNull String value)
      The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.

      The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .

    • getRateLimit

      @Stability(Stable) @NotNull public Number getRateLimit()
      The maximum number of requests, which have an identical value in the field specified by the RateKey , allowed in a five-minute period.

      If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

    • setRateLimit

      @Stability(Stable) public void setRateLimit(@NotNull Number value)
      The maximum number of requests, which have an identical value in the field specified by the RateKey , allowed in a five-minute period.

      If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

    • getMatchPredicates

      @Stability(Stable) @Nullable public Object getMatchPredicates()
      The Predicates object contains one Predicate element for each ByteMatchSet , IPSet , or SqlInjectionMatchSet> object that you want to include in a RateBasedRule .

    • setMatchPredicates

      @Stability(Stable) public void setMatchPredicates(@Nullable IResolvable value)
      The Predicates object contains one Predicate element for each ByteMatchSet , IPSet , or SqlInjectionMatchSet> object that you want to include in a RateBasedRule .

    • setMatchPredicates

      @Stability(Stable) public void setMatchPredicates(@Nullable List<Object> value)
      The Predicates object contains one Predicate element for each ByteMatchSet , IPSet , or SqlInjectionMatchSet> object that you want to include in a RateBasedRule .