CfnWebACLLogsMixin
- class aws_cdk.mixins_preview.aws_wafv2.mixins.CfnWebACLLogsMixin(log_type, log_delivery)
Bases:
MixinThis is the latest version of AWS WAF , named AWS WAF V2, released in November, 2019.
For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF developer guide .
Use an
WebACLto define a collection of rules to use to inspect and control web requests. Each rule in a web ACL has a statement that defines what to look for in web requests and an action that AWS WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that doesn’t match any of the rules.The rules in a web ACL can be a combination of explicitly defined rules and rule groups that you reference from the web ACL. The rule groups can be rule groups that you manage or rule groups that are managed by others.
You can associate a web ACL with one or more AWS resources to protect. The resources can be an Amazon CloudFront distribution, an REST API, an Application Load Balancer , an AWS AppSync GraphQL API , an Amazon Cognito user pool, an AWS App Runner service, an AWS Amplify application, or an AWS Verified Access instance.
For more information, see Web access control lists (web ACLs) in the AWS WAF developer guide .
Web ACLs used in AWS Shield Advanced automatic application layer DDoS mitigation
If you use Shield Advanced automatic application layer DDoS mitigation, the web ACLs that you use with automatic mitigation have a rule group rule whose name starts with
ShieldMitigationRuleGroup. This rule is used for automatic mitigations and it’s managed for you in the web ACL by Shield Advanced and AWS WAF . You’ll see the rule listed among the web ACL rules when you view the web ACL through the AWS WAF interfaces.When you manage the web ACL through CloudFormation interfaces, you won’t see the Shield Advanced rule. CloudFormation doesn’t include this type of rule in the stack drift status between the actual configuration of the web ACL and your web ACL template.
Don’t add the Shield Advanced rule group rule to your web ACL template. The rule shouldn’t be in your template. When you update the web ACL template in a stack, the Shield Advanced rule is maintained for you by AWS WAF in the resulting web ACL.
For more information, see Shield Advanced automatic application layer DDoS mitigation in the AWS Shield Advanced developer guide .
- see:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html
- cloudformationResource:
AWS::WAFv2::WebACL
- mixin:
true
- exampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import aws_logs as logs from aws_cdk.mixins_preview.aws_wafv2 import mixins as wafv2_mixins # logs_delivery: logs.ILogsDelivery cfn_web_aCLLogs_mixin = wafv2_mixins.CfnWebACLLogsMixin("logType", logs_delivery)
Create a mixin to enable vended logs for
AWS::WAFv2::WebACL.- Parameters:
log_type (
str) – Type of logs that are getting vended.log_delivery (
ILogsDelivery) – Object in charge of setting up the delivery destination and delivery connection.
Methods
- apply_to(resource)
Apply vended logs configuration to the construct.
- Parameters:
resource (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct (has vendedLogs property).
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- ACCESS_LOGS = <aws_cdk.mixins_preview.aws_wafv2.mixins.CfnWebACLAccessLogs object>
- TOKEN_LOGS = <aws_cdk.mixins_preview.aws_wafv2.mixins.CfnWebACLTokenLogs object>
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental