Class CfnWebACL
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.core.Construct
software.amazon.awscdk.core.CfnElement
software.amazon.awscdk.core.CfnRefElement
software.amazon.awscdk.core.CfnResource
software.amazon.awscdk.services.wafv2.CfnWebACL
- All Implemented Interfaces:
IConstruct,IDependable,IInspectable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct
@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
date="2023-06-19T16:30:36.371Z")
@Stability(Stable)
public class CfnWebACL
extends CfnResource
implements IInspectable
A CloudFormation
AWS::WAFv2::WebACL.
This is the latest version of AWS WAF , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide .
Use an WebACL to define a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you specify a default action to take (allow, block) for any request that doesn't match any of the rules. The rules in a web ACL can contain rule statements that you define explicitly and rule statements that reference rule groups and managed rule groups. You can associate a web ACL with one or more AWS resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer , an AWS AppSync GraphQL API , an Amazon Cognito user pool, or an AWS App Runner service.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.wafv2.*;
Object all;
Object allQueryArguments;
Object count;
Object method;
Object none;
Object queryString;
Object singleHeader;
Object singleQueryArgument;
StatementProperty statementProperty_;
Object uriPath;
CfnWebACL cfnWebACL = CfnWebACL.Builder.create(this, "MyCfnWebACL")
.defaultAction(DefaultActionProperty.builder()
.allow(AllowActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.block(BlockActionProperty.builder()
.customResponse(CustomResponseProperty.builder()
.responseCode(123)
// the properties below are optional
.customResponseBodyKey("customResponseBodyKey")
.responseHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.build())
.scope("scope")
.visibilityConfig(VisibilityConfigProperty.builder()
.cloudWatchMetricsEnabled(false)
.metricName("metricName")
.sampledRequestsEnabled(false)
.build())
// the properties below are optional
.captchaConfig(CaptchaConfigProperty.builder()
.immunityTimeProperty(ImmunityTimePropertyProperty.builder()
.immunityTime(123)
.build())
.build())
.challengeConfig(ChallengeConfigProperty.builder()
.immunityTimeProperty(ImmunityTimePropertyProperty.builder()
.immunityTime(123)
.build())
.build())
.customResponseBodies(Map.of(
"customResponseBodiesKey", CustomResponseBodyProperty.builder()
.content("content")
.contentType("contentType")
.build()))
.description("description")
.name("name")
.rules(List.of(RuleProperty.builder()
.name("name")
.priority(123)
.statement(StatementProperty.builder()
.andStatement(AndStatementProperty.builder()
.statements(List.of(statementProperty_))
.build())
.byteMatchStatement(ByteMatchStatementProperty.builder()
.fieldToMatch(FieldToMatchProperty.builder()
.allQueryArguments(allQueryArguments)
.body(BodyProperty.builder()
.oversizeHandling("oversizeHandling")
.build())
.cookies(CookiesProperty.builder()
.matchPattern(CookieMatchPatternProperty.builder()
.all(all)
.excludedCookies(List.of("excludedCookies"))
.includedCookies(List.of("includedCookies"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.headers(HeadersProperty.builder()
.matchPattern(HeaderMatchPatternProperty.builder()
.all(all)
.excludedHeaders(List.of("excludedHeaders"))
.includedHeaders(List.of("includedHeaders"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.jsonBody(JsonBodyProperty.builder()
.matchPattern(JsonMatchPatternProperty.builder()
.all(all)
.includedPaths(List.of("includedPaths"))
.build())
.matchScope("matchScope")
// the properties below are optional
.invalidFallbackBehavior("invalidFallbackBehavior")
.oversizeHandling("oversizeHandling")
.build())
.method(method)
.queryString(queryString)
.singleHeader(singleHeader)
.singleQueryArgument(singleQueryArgument)
.uriPath(uriPath)
.build())
.positionalConstraint("positionalConstraint")
.textTransformations(List.of(TextTransformationProperty.builder()
.priority(123)
.type("type")
.build()))
// the properties below are optional
.searchString("searchString")
.searchStringBase64("searchStringBase64")
.build())
.geoMatchStatement(GeoMatchStatementProperty.builder()
.countryCodes(List.of("countryCodes"))
.forwardedIpConfig(ForwardedIPConfigurationProperty.builder()
.fallbackBehavior("fallbackBehavior")
.headerName("headerName")
.build())
.build())
.ipSetReferenceStatement(Map.of(
"arn", "arn",
// the properties below are optional
"ipSetForwardedIpConfig", Map.of(
"fallbackBehavior", "fallbackBehavior",
"headerName", "headerName",
"position", "position")))
.labelMatchStatement(LabelMatchStatementProperty.builder()
.key("key")
.scope("scope")
.build())
.managedRuleGroupStatement(ManagedRuleGroupStatementProperty.builder()
.name("name")
.vendorName("vendorName")
// the properties below are optional
.excludedRules(List.of(ExcludedRuleProperty.builder()
.name("name")
.build()))
.managedRuleGroupConfigs(List.of(ManagedRuleGroupConfigProperty.builder()
.awsManagedRulesAtpRuleSet(AWSManagedRulesATPRuleSetProperty.builder()
.loginPath("loginPath")
// the properties below are optional
.requestInspection(RequestInspectionProperty.builder()
.passwordField(FieldIdentifierProperty.builder()
.identifier("identifier")
.build())
.payloadType("payloadType")
.usernameField(FieldIdentifierProperty.builder()
.identifier("identifier")
.build())
.build())
.responseInspection(ResponseInspectionProperty.builder()
.bodyContains(ResponseInspectionBodyContainsProperty.builder()
.failureStrings(List.of("failureStrings"))
.successStrings(List.of("successStrings"))
.build())
.header(ResponseInspectionHeaderProperty.builder()
.failureValues(List.of("failureValues"))
.name("name")
.successValues(List.of("successValues"))
.build())
.json(ResponseInspectionJsonProperty.builder()
.failureValues(List.of("failureValues"))
.identifier("identifier")
.successValues(List.of("successValues"))
.build())
.statusCode(ResponseInspectionStatusCodeProperty.builder()
.failureCodes(List.of(123))
.successCodes(List.of(123))
.build())
.build())
.build())
.awsManagedRulesBotControlRuleSet(AWSManagedRulesBotControlRuleSetProperty.builder()
.inspectionLevel("inspectionLevel")
.build())
.loginPath("loginPath")
.passwordField(FieldIdentifierProperty.builder()
.identifier("identifier")
.build())
.payloadType("payloadType")
.usernameField(FieldIdentifierProperty.builder()
.identifier("identifier")
.build())
.build()))
.ruleActionOverrides(List.of(RuleActionOverrideProperty.builder()
.actionToUse(RuleActionProperty.builder()
.allow(AllowActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.block(BlockActionProperty.builder()
.customResponse(CustomResponseProperty.builder()
.responseCode(123)
// the properties below are optional
.customResponseBodyKey("customResponseBodyKey")
.responseHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.captcha(CaptchaActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.challenge(ChallengeActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.count(CountActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.build())
.name("name")
.build()))
.scopeDownStatement(statementProperty_)
.version("version")
.build())
.notStatement(NotStatementProperty.builder()
.statement(statementProperty_)
.build())
.orStatement(OrStatementProperty.builder()
.statements(List.of(statementProperty_))
.build())
.rateBasedStatement(RateBasedStatementProperty.builder()
.aggregateKeyType("aggregateKeyType")
.limit(123)
// the properties below are optional
.forwardedIpConfig(ForwardedIPConfigurationProperty.builder()
.fallbackBehavior("fallbackBehavior")
.headerName("headerName")
.build())
.scopeDownStatement(statementProperty_)
.build())
.regexMatchStatement(RegexMatchStatementProperty.builder()
.fieldToMatch(FieldToMatchProperty.builder()
.allQueryArguments(allQueryArguments)
.body(BodyProperty.builder()
.oversizeHandling("oversizeHandling")
.build())
.cookies(CookiesProperty.builder()
.matchPattern(CookieMatchPatternProperty.builder()
.all(all)
.excludedCookies(List.of("excludedCookies"))
.includedCookies(List.of("includedCookies"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.headers(HeadersProperty.builder()
.matchPattern(HeaderMatchPatternProperty.builder()
.all(all)
.excludedHeaders(List.of("excludedHeaders"))
.includedHeaders(List.of("includedHeaders"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.jsonBody(JsonBodyProperty.builder()
.matchPattern(JsonMatchPatternProperty.builder()
.all(all)
.includedPaths(List.of("includedPaths"))
.build())
.matchScope("matchScope")
// the properties below are optional
.invalidFallbackBehavior("invalidFallbackBehavior")
.oversizeHandling("oversizeHandling")
.build())
.method(method)
.queryString(queryString)
.singleHeader(singleHeader)
.singleQueryArgument(singleQueryArgument)
.uriPath(uriPath)
.build())
.regexString("regexString")
.textTransformations(List.of(TextTransformationProperty.builder()
.priority(123)
.type("type")
.build()))
.build())
.regexPatternSetReferenceStatement(RegexPatternSetReferenceStatementProperty.builder()
.arn("arn")
.fieldToMatch(FieldToMatchProperty.builder()
.allQueryArguments(allQueryArguments)
.body(BodyProperty.builder()
.oversizeHandling("oversizeHandling")
.build())
.cookies(CookiesProperty.builder()
.matchPattern(CookieMatchPatternProperty.builder()
.all(all)
.excludedCookies(List.of("excludedCookies"))
.includedCookies(List.of("includedCookies"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.headers(HeadersProperty.builder()
.matchPattern(HeaderMatchPatternProperty.builder()
.all(all)
.excludedHeaders(List.of("excludedHeaders"))
.includedHeaders(List.of("includedHeaders"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.jsonBody(JsonBodyProperty.builder()
.matchPattern(JsonMatchPatternProperty.builder()
.all(all)
.includedPaths(List.of("includedPaths"))
.build())
.matchScope("matchScope")
// the properties below are optional
.invalidFallbackBehavior("invalidFallbackBehavior")
.oversizeHandling("oversizeHandling")
.build())
.method(method)
.queryString(queryString)
.singleHeader(singleHeader)
.singleQueryArgument(singleQueryArgument)
.uriPath(uriPath)
.build())
.textTransformations(List.of(TextTransformationProperty.builder()
.priority(123)
.type("type")
.build()))
.build())
.ruleGroupReferenceStatement(RuleGroupReferenceStatementProperty.builder()
.arn("arn")
// the properties below are optional
.excludedRules(List.of(ExcludedRuleProperty.builder()
.name("name")
.build()))
.ruleActionOverrides(List.of(RuleActionOverrideProperty.builder()
.actionToUse(RuleActionProperty.builder()
.allow(AllowActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.block(BlockActionProperty.builder()
.customResponse(CustomResponseProperty.builder()
.responseCode(123)
// the properties below are optional
.customResponseBodyKey("customResponseBodyKey")
.responseHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.captcha(CaptchaActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.challenge(ChallengeActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.count(CountActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.build())
.name("name")
.build()))
.build())
.sizeConstraintStatement(SizeConstraintStatementProperty.builder()
.comparisonOperator("comparisonOperator")
.fieldToMatch(FieldToMatchProperty.builder()
.allQueryArguments(allQueryArguments)
.body(BodyProperty.builder()
.oversizeHandling("oversizeHandling")
.build())
.cookies(CookiesProperty.builder()
.matchPattern(CookieMatchPatternProperty.builder()
.all(all)
.excludedCookies(List.of("excludedCookies"))
.includedCookies(List.of("includedCookies"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.headers(HeadersProperty.builder()
.matchPattern(HeaderMatchPatternProperty.builder()
.all(all)
.excludedHeaders(List.of("excludedHeaders"))
.includedHeaders(List.of("includedHeaders"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.jsonBody(JsonBodyProperty.builder()
.matchPattern(JsonMatchPatternProperty.builder()
.all(all)
.includedPaths(List.of("includedPaths"))
.build())
.matchScope("matchScope")
// the properties below are optional
.invalidFallbackBehavior("invalidFallbackBehavior")
.oversizeHandling("oversizeHandling")
.build())
.method(method)
.queryString(queryString)
.singleHeader(singleHeader)
.singleQueryArgument(singleQueryArgument)
.uriPath(uriPath)
.build())
.size(123)
.textTransformations(List.of(TextTransformationProperty.builder()
.priority(123)
.type("type")
.build()))
.build())
.sqliMatchStatement(SqliMatchStatementProperty.builder()
.fieldToMatch(FieldToMatchProperty.builder()
.allQueryArguments(allQueryArguments)
.body(BodyProperty.builder()
.oversizeHandling("oversizeHandling")
.build())
.cookies(CookiesProperty.builder()
.matchPattern(CookieMatchPatternProperty.builder()
.all(all)
.excludedCookies(List.of("excludedCookies"))
.includedCookies(List.of("includedCookies"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.headers(HeadersProperty.builder()
.matchPattern(HeaderMatchPatternProperty.builder()
.all(all)
.excludedHeaders(List.of("excludedHeaders"))
.includedHeaders(List.of("includedHeaders"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.jsonBody(JsonBodyProperty.builder()
.matchPattern(JsonMatchPatternProperty.builder()
.all(all)
.includedPaths(List.of("includedPaths"))
.build())
.matchScope("matchScope")
// the properties below are optional
.invalidFallbackBehavior("invalidFallbackBehavior")
.oversizeHandling("oversizeHandling")
.build())
.method(method)
.queryString(queryString)
.singleHeader(singleHeader)
.singleQueryArgument(singleQueryArgument)
.uriPath(uriPath)
.build())
.textTransformations(List.of(TextTransformationProperty.builder()
.priority(123)
.type("type")
.build()))
// the properties below are optional
.sensitivityLevel("sensitivityLevel")
.build())
.xssMatchStatement(XssMatchStatementProperty.builder()
.fieldToMatch(FieldToMatchProperty.builder()
.allQueryArguments(allQueryArguments)
.body(BodyProperty.builder()
.oversizeHandling("oversizeHandling")
.build())
.cookies(CookiesProperty.builder()
.matchPattern(CookieMatchPatternProperty.builder()
.all(all)
.excludedCookies(List.of("excludedCookies"))
.includedCookies(List.of("includedCookies"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.headers(HeadersProperty.builder()
.matchPattern(HeaderMatchPatternProperty.builder()
.all(all)
.excludedHeaders(List.of("excludedHeaders"))
.includedHeaders(List.of("includedHeaders"))
.build())
.matchScope("matchScope")
.oversizeHandling("oversizeHandling")
.build())
.jsonBody(JsonBodyProperty.builder()
.matchPattern(JsonMatchPatternProperty.builder()
.all(all)
.includedPaths(List.of("includedPaths"))
.build())
.matchScope("matchScope")
// the properties below are optional
.invalidFallbackBehavior("invalidFallbackBehavior")
.oversizeHandling("oversizeHandling")
.build())
.method(method)
.queryString(queryString)
.singleHeader(singleHeader)
.singleQueryArgument(singleQueryArgument)
.uriPath(uriPath)
.build())
.textTransformations(List.of(TextTransformationProperty.builder()
.priority(123)
.type("type")
.build()))
.build())
.build())
.visibilityConfig(VisibilityConfigProperty.builder()
.cloudWatchMetricsEnabled(false)
.metricName("metricName")
.sampledRequestsEnabled(false)
.build())
// the properties below are optional
.action(RuleActionProperty.builder()
.allow(AllowActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.block(BlockActionProperty.builder()
.customResponse(CustomResponseProperty.builder()
.responseCode(123)
// the properties below are optional
.customResponseBodyKey("customResponseBodyKey")
.responseHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.captcha(CaptchaActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.challenge(ChallengeActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.count(CountActionProperty.builder()
.customRequestHandling(CustomRequestHandlingProperty.builder()
.insertHeaders(List.of(CustomHTTPHeaderProperty.builder()
.name("name")
.value("value")
.build()))
.build())
.build())
.build())
.captchaConfig(CaptchaConfigProperty.builder()
.immunityTimeProperty(ImmunityTimePropertyProperty.builder()
.immunityTime(123)
.build())
.build())
.challengeConfig(ChallengeConfigProperty.builder()
.immunityTimeProperty(ImmunityTimePropertyProperty.builder()
.immunityTime(123)
.build())
.build())
.overrideAction(OverrideActionProperty.builder()
.count(count)
.none(none)
.build())
.ruleLabels(List.of(LabelProperty.builder()
.name("name")
.build()))
.build()))
.tags(List.of(CfnTag.builder()
.key("key")
.value("value")
.build()))
.tokenDomains(List.of("tokenDomains"))
.build();
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceSpecifies that AWS WAF should allow the request and optionally defines additional custom handling for the request.static interfaceA logical rule statement used to combine other rule statements with AND logic.static interfaceDetails for your use of the account takeover prevention managed rule group,AWSManagedRulesATPRuleSet.static interfaceDetails for your use of the Bot Control managed rule group, used inManagedRuleGroupConfig.static interfaceSpecifies that AWS WAF should block the request and optionally defines additional custom handling for the response to the web request.static interfaceInspect the body of the web request.static final classA fluent builder forCfnWebACL.static interfaceA rule statement that defines a string match search for AWS WAF to apply to web requests.static interfaceSpecifies that AWS WAF should run aCAPTCHAcheck against the request:.static interfaceSpecifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.static interfaceSpecifies that AWS WAF should run aChallengecheck against the request to verify that the request is coming from a legitimate client session: - If the request includes a valid, unexpired challenge token, AWS WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to aCountAction.static interfaceSpecifies how AWS WAF should handleChallengeevaluations.static interfaceThe filter to use to identify the subset of cookies to inspect in a web request.static interfaceInspect the cookies in the web request.static interfaceSpecifies that AWS WAF should count the request.static interfaceA custom header for custom request and response handling.static interfaceCustom request handling behavior that inserts custom headers into a web request.static interfaceThe response body to use in a custom response to a web request.static interfaceA custom response to send to the client.static interfaceIn aWebACL, this is the action that you want AWS WAF to perform when a web request doesn't match any of the rules in theWebACL.static interfaceSpecifies a single rule in a rule group whose action you want to override toCount.static interfaceThe identifier of the username or password field, used in theManagedRuleGroupConfigsettings.static interfaceThe part of the web request that you want AWS WAF to inspect.static interfaceThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.static interfaceA rule statement that labels web requests by country and region and that matches against web requests based on country code.static interfaceThe filter to use to identify the subset of headers to inspect in a web request.static interfaceInspect all headers in the web request.static interfaceUsed for CAPTCHA and challenge token settings.static interfaceThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.static interfaceA rule statement used to detect web requests coming from particular IP addresses or address ranges.static interfaceInspect the body of the web request as JSON.static interfaceThe patterns to look for in the JSON body.static interfaceA rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.static interfaceA single label container.static interfaceAdditional information that's used by a managed rule group.static interfaceA rule statement used to run the rules that are defined in a managed rule group.static interfaceA logical rule statement used to negate the results of another rule statement.static interfaceA logical rule statement used to combine other rule statements with OR logic.static interfaceThe action to use in the place of the action that results from the rule group evaluation.static interfaceA rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span.static interfaceA rule statement used to search web request components for a match against a single regular expression.static interfaceA rule statement used to search web request components for matches with regular expressions.static interfaceThe criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.static interfaceConfigures inspection of the response body.static interfaceConfigures inspection of the response header.static interfaceConfigures inspection of the response JSON.static interfaceThe criteria for inspecting responses to login requests and account creation requests, used by the ATP and ACFP rule groups to track login and account creation success and failure rates.static interfaceConfigures inspection of the response status code.static interfaceAction setting to use in the place of a rule action that is configured inside the rule group.static interfaceThe action that AWS WAF should take on a web request when it matches a rule's statement.static interfaceA rule statement used to run the rules that are defined in aRuleGroup.static interfaceA single rule, which you can use in aWebACLorRuleGroupto identify web requests that you want to allow, block, or count.static interfaceInspect one of the headers in the web request, identified by name, for example,User-AgentorReferer.static interfaceInspect one query argument in the web request, identified by name, for example UserName or SalesRegion .static interfaceA rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<).static interfaceA rule statement that inspects for malicious SQL code.static interfaceThe processing guidance for a rule, used by AWS WAF to determine whether a web request matches the rule.static interfaceText transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.static interfaceDefines and enables Amazon CloudWatch metrics and web request sample collection.static interfaceA rule statement that inspects for cross-site scripting (XSS) attacks.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionThe Amazon Resource Name (ARN) of the web ACL.The web ACL capacity units (WCUs) currently being used by this web ACL.The ID of the web ACL.The label namespace prefix for this web ACL.Specifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.Specifies how AWS WAF should handle challenge evaluations for rules that don't have their ownChallengeConfigsettings.A map of custom response keys and content bodies.The action to perform if none of theRulescontained in theWebACLmatch.A description of the web ACL that helps with identification.getName()The name of the web ACL.getRules()The rule statements used to identify the web requests that you want to allow, block, or count.getScope()Specifies whether this is for an Amazon CloudFront distribution or for a regional application.getTags()Key:value pairs associated with an AWS resource.Specifies the domains that AWS WAF should accept in a web request token.Defines and enables Amazon CloudWatch metrics and web request sample collection.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties(Map<String, Object> props) voidsetCaptchaConfig(IResolvable value) Specifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.voidSpecifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.voidsetChallengeConfig(IResolvable value) Specifies how AWS WAF should handle challenge evaluations for rules that don't have their ownChallengeConfigsettings.voidSpecifies how AWS WAF should handle challenge evaluations for rules that don't have their ownChallengeConfigsettings.voidsetCustomResponseBodies(Map<String, Object> value) A map of custom response keys and content bodies.voidA map of custom response keys and content bodies.voidsetDefaultAction(IResolvable value) The action to perform if none of theRulescontained in theWebACLmatch.voidThe action to perform if none of theRulescontained in theWebACLmatch.voidsetDescription(String value) A description of the web ACL that helps with identification.voidThe name of the web ACL.voidThe rule statements used to identify the web requests that you want to allow, block, or count.voidsetRules(IResolvable value) The rule statements used to identify the web requests that you want to allow, block, or count.voidSpecifies whether this is for an Amazon CloudFront distribution or for a regional application.voidsetTokenDomains(List<String> value) Specifies the domains that AWS WAF should accept in a web request token.voidsetVisibilityConfig(IResolvable value) Defines and enables Amazon CloudWatch metrics and web request sample collection.voidDefines and enables Amazon CloudWatch metrics and web request sample collection.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.core.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validateMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnWebACL
protected CfnWebACL(software.amazon.jsii.JsiiObjectRef objRef) -
CfnWebACL
protected CfnWebACL(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnWebACL
@Stability(Stable) public CfnWebACL(@NotNull Construct scope, @NotNull String id, @NotNull CfnWebACLProps props) Create a newAWS::WAFv2::WebACL.- Parameters:
scope-- scope in which this resource is defined.
id-- scoped id of the resource.
props-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrArn
The Amazon Resource Name (ARN) of the web ACL. -
getAttrCapacity
The web ACL capacity units (WCUs) currently being used by this web ACL.AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
-
getAttrId
The ID of the web ACL. -
getAttrLabelNamespace
The label namespace prefix for this web ACL.All labels added by rules in this web ACL have this prefix.
The syntax for the label namespace prefix for a web ACL is the following:
awswaf:<account ID>:webacl:<web ACL name>:When a rule with a label matches a web request, AWS WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon.
-
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getTags
Key:value pairs associated with an AWS resource.The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
-
getDefaultAction
The action to perform if none of theRulescontained in theWebACLmatch. -
setDefaultAction
The action to perform if none of theRulescontained in theWebACLmatch. -
setDefaultAction
The action to perform if none of theRulescontained in theWebACLmatch. -
getScope
Specifies whether this is for an Amazon CloudFront distribution or for a regional application.A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are
CLOUDFRONTandREGIONAL.For
CLOUDFRONT, you must create your WAFv2 resources in the US East (N. Virginia) Region,us-east-1.For information about how to define the association of the web ACL with your resource, see
WebACLAssociation. -
setScope
Specifies whether this is for an Amazon CloudFront distribution or for a regional application.A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are
CLOUDFRONTandREGIONAL.For
CLOUDFRONT, you must create your WAFv2 resources in the US East (N. Virginia) Region,us-east-1.For information about how to define the association of the web ACL with your resource, see
WebACLAssociation. -
getVisibilityConfig
Defines and enables Amazon CloudWatch metrics and web request sample collection. -
setVisibilityConfig
Defines and enables Amazon CloudWatch metrics and web request sample collection. -
setVisibilityConfig
@Stability(Stable) public void setVisibilityConfig(@NotNull CfnWebACL.VisibilityConfigProperty value) Defines and enables Amazon CloudWatch metrics and web request sample collection. -
getCaptchaConfig
Specifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.If you don't specify this, AWS WAF uses its default settings for
CaptchaConfig. -
setCaptchaConfig
Specifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.If you don't specify this, AWS WAF uses its default settings for
CaptchaConfig. -
setCaptchaConfig
Specifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.If you don't specify this, AWS WAF uses its default settings for
CaptchaConfig. -
getChallengeConfig
Specifies how AWS WAF should handle challenge evaluations for rules that don't have their ownChallengeConfigsettings.If you don't specify this, AWS WAF uses its default settings for
ChallengeConfig. -
setChallengeConfig
Specifies how AWS WAF should handle challenge evaluations for rules that don't have their ownChallengeConfigsettings.If you don't specify this, AWS WAF uses its default settings for
ChallengeConfig. -
setChallengeConfig
@Stability(Stable) public void setChallengeConfig(@Nullable CfnWebACL.ChallengeConfigProperty value) Specifies how AWS WAF should handle challenge evaluations for rules that don't have their ownChallengeConfigsettings.If you don't specify this, AWS WAF uses its default settings for
ChallengeConfig. -
getCustomResponseBodies
A map of custom response keys and content bodies.When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL.
For information about customizing web requests and responses, see Customizing web requests and responses in AWS WAF in the AWS WAF Developer Guide .
For information about the limits on count and size for custom request and response settings, see AWS WAF quotas in the AWS WAF Developer Guide .
-
setCustomResponseBodies
A map of custom response keys and content bodies.When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL.
For information about customizing web requests and responses, see Customizing web requests and responses in AWS WAF in the AWS WAF Developer Guide .
For information about the limits on count and size for custom request and response settings, see AWS WAF quotas in the AWS WAF Developer Guide .
-
setCustomResponseBodies
A map of custom response keys and content bodies.When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL.
For information about customizing web requests and responses, see Customizing web requests and responses in AWS WAF in the AWS WAF Developer Guide .
For information about the limits on count and size for custom request and response settings, see AWS WAF quotas in the AWS WAF Developer Guide .
-
getDescription
A description of the web ACL that helps with identification. -
setDescription
A description of the web ACL that helps with identification. -
getName
The name of the web ACL.You cannot change the name of a web ACL after you create it.
-
setName
The name of the web ACL.You cannot change the name of a web ACL after you create it.
-
getRules
The rule statements used to identify the web requests that you want to allow, block, or count.Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
-
setRules
The rule statements used to identify the web requests that you want to allow, block, or count.Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
-
setRules
The rule statements used to identify the web requests that you want to allow, block, or count.Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
-
getTokenDomains
Specifies the domains that AWS WAF should accept in a web request token.This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
-
setTokenDomains
Specifies the domains that AWS WAF should accept in a web request token.This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
-