There are more AWS SDK examples available in the AWS Doc SDK Examples
Use CreateWebAcl with a CLI
The following code examples show how to use CreateWebAcl.
Action examples are code excerpts from larger programs and must be run in context. You can see this action in context in the following code example:
- CLI
-
- AWS CLI
-
To create a web ACL
The following
create-web-aclcommand creates a web ACL for regional use. The rule statements for the web ACL are provided in a JSON-formatted file.aws wafv2 create-web-acl \ --nameTestWebAcl\ --scopeREGIONAL\ --default-actionAllow={}\ --visibility-configSampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=TestWebAclMetrics\ --rulesfile://waf-rule.json\ --regionus-west-2Contents of file://waf-rule.json:
[ { "Name":"basic-rule", "Priority":0, "Statement":{ "AndStatement":{ "Statements":[ { "ByteMatchStatement":{ "SearchString":"example.com", "FieldToMatch":{ "SingleHeader":{ "Name":"host" } }, "TextTransformations":[ { "Priority":0, "Type":"LOWERCASE" } ], "PositionalConstraint":"EXACTLY" } }, { "GeoMatchStatement":{ "CountryCodes":[ "US", "IN" ] } } ] } }, "Action":{ "Allow":{ } }, "VisibilityConfig":{ "SampledRequestsEnabled":true, "CloudWatchMetricsEnabled":true, "MetricName":"basic-rule" } } ]Output:
{ "Summary":{ "ARN":"arn:aws:wafv2:us-west-2:123456789012:regional/webacl/TestWebAcl/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "Description":"", "Name":"TestWebAcl", "LockToken":"2294b3a1-eb60-4aa0-a86f-a3ae04329de9", "Id":"a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } }For more information, see Managing and Using a Web Access Control List (Web ACL) in the AWS WAF, AWS Firewall Manager, and AWS Shield Advanced Developer Guide.
-
For API details, see CreateWebAcl
in AWS CLI Command Reference.
-
- PowerShell
-
- Tools for PowerShell V4
-
Example 1: This command creates a new web ACL named "waf-test". Kindly note that as per service API documentation, 'DefaultAction' is a required property. Hence, value for either '-DefaultAction_Allow' and/or '-DefaultAction_Block' should be specified. Since '-DefaultAction_Allow' and '-DefaultAction_Block' are not the required properties, value '@{}' could be used as placeholder as shown in above example.
New-WAF2WebACL -Name "waf-test" -Scope REGIONAL -Region eu-west-1 -VisibilityConfig_CloudWatchMetricsEnabled $true -VisibilityConfig_SampledRequestsEnabled $true -VisibilityConfig_MetricName "waf-test" -Description "Test" -DefaultAction_Allow @{}Output:
ARN : arn:aws:wafv2:eu-west-1:139480602983:regional/webacl/waf-test/19460b3f-db14-4b9a-8e23-a417e1eb007f Description : Test Id : 19460b3f-db14-4b9a-8e23-a417e1eb007f LockToken : 5a0cd5eb-d911-4341-b313-b429e6d6b6ab Name : waf-test-
For API details, see CreateWebAcl in AWS Tools for PowerShell Cmdlet Reference (V4).
-
- Tools for PowerShell V5
-
Example 1: This command creates a new web ACL named "waf-test". Kindly note that as per service API documentation, 'DefaultAction' is a required property. Hence, value for either '-DefaultAction_Allow' and/or '-DefaultAction_Block' should be specified. Since '-DefaultAction_Allow' and '-DefaultAction_Block' are not the required properties, value '@{}' could be used as placeholder as shown in above example.
New-WAF2WebACL -Name "waf-test" -Scope REGIONAL -Region eu-west-1 -VisibilityConfig_CloudWatchMetricsEnabled $true -VisibilityConfig_SampledRequestsEnabled $true -VisibilityConfig_MetricName "waf-test" -Description "Test" -DefaultAction_Allow @{}Output:
ARN : arn:aws:wafv2:eu-west-1:139480602983:regional/webacl/waf-test/19460b3f-db14-4b9a-8e23-a417e1eb007f Description : Test Id : 19460b3f-db14-4b9a-8e23-a417e1eb007f LockToken : 5a0cd5eb-d911-4341-b313-b429e6d6b6ab Name : waf-test-
For API details, see CreateWebAcl in AWS Tools for PowerShell Cmdlet Reference (V5).
-
