Package software.amazon.awscdk.services.wafv2

Interface CfnWebACL.ManagedRuleGroupStatementProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnWebACL.ManagedRuleGroupStatementProperty.Jsii$Proxy

Enclosing class:

CfnWebACL

@Stability(Stable)
public static interface CfnWebACL.ManagedRuleGroupStatementProperty
extends software.amazon.jsii.JsiiSerializable

A rule statement used to run the rules that are defined in a managed rule group.

To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names through the API call ListAvailableManagedRuleGroups .

You cannot nest a ManagedRuleGroupStatement , for example for use inside a NotStatement or OrStatement . You cannot use a managed rule group statement inside another rule group. You can only use a managed rule group statement as a top-level statement in a rule that you define in a web ACL.

You are charged additional fees when you use the AWS WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet , the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet , or the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet . For more information, see AWS WAF Pricing .

Example:

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnWebACL.ManagedRuleGroupStatementProperty.Builder	A builder for CfnWebACL.ManagedRuleGroupStatementProperty
static final class	CfnWebACL.ManagedRuleGroupStatementProperty.Jsii$Proxy	An implementation for CfnWebACL.ManagedRuleGroupStatementProperty

Method Summary

Modifier and Type	Method	Description
static CfnWebACL.ManagedRuleGroupStatementProperty.Builder	builder()
default Object	getExcludedRules()	Rules in the referenced rule group whose actions are set to Count .
default Object	getManagedRuleGroupConfigs()	Additional information that's used by a managed rule group.
String	getName()	The name of the managed rule group.
default Object	getRuleActionOverrides()	Action settings to use in the place of the rule actions that are configured inside the rule group.
default Object	getScopeDownStatement()	An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.
String	getVendorName()	The name of the managed rule group vendor.
default String	getVersion()	The version of the managed rule group to use.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getName

@Stability(Stable)
@NotNull
String getName()

The name of the managed rule group.

You use this, along with the vendor name, to identify the rule group.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-name

getVendorName

@Stability(Stable)
@NotNull
String getVendorName()

The name of the managed rule group vendor.

You use this, along with the rule group name, to identify a rule group.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-vendorname

getExcludedRules

@Stability(Stable)
@Nullable
default Object getExcludedRules()

Rules in the referenced rule group whose actions are set to Count .

Instead of this option, use RuleActionOverrides . It accepts any valid action setting, including Count .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-excludedrules

getManagedRuleGroupConfigs

@Stability(Stable)
@Nullable
default Object getManagedRuleGroupConfigs()

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

The rule groups used for intelligent threat mitigation require additional configuration:

• Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.
• Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.
• Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-managedrulegroupconfigs

getRuleActionOverrides

@Stability(Stable)
@Nullable
default Object getRuleActionOverrides()

Action settings to use in the place of the rule actions that are configured inside the rule group.

You specify one override for each rule whose action you want to change.

Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.

You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-ruleactionoverrides

getScopeDownStatement

@Stability(Stable)
@Nullable
default Object getScopeDownStatement()

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.

Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-scopedownstatement

getVersion

@Stability(Stable)
@Nullable
default String getVersion()

The version of the managed rule group to use.

If you specify this, the version setting is fixed until you change it. If you don't specify this, AWS WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-version

builder

@Stability(Stable)
static CfnWebACL.ManagedRuleGroupStatementProperty.Builder builder()

Returns:

a CfnWebACL.ManagedRuleGroupStatementProperty.Builder of CfnWebACL.ManagedRuleGroupStatementProperty