AWS::WAFv2::WebACL RateBasedStatementCustomKey - AWS CloudFormation
SyntaxProperties

AWS::WAFv2::WebACL RateBasedStatementCustomKey

Specifies a single custom aggregate key for a rate-base rule.

Note

Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

Properties

Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.

Required: No

Type: RateLimitCookie

Update requires: No interruption

ForwardedIP

Use the first IP address in an HTTP header as an aggregate key. Each distinct forwarded IP address contributes to the aggregation instance.

When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the forwarded IP address by specifying FORWARDED_IP in your rate-based statement's AggregateKeyType.

With this option, you must specify the header to use in the rate-based rule's ForwardedIPConfig property.

Required: No

Type: Json

Update requires: No interruption

Header

Use the value of a header in the request as an aggregate key. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.

Required: No

Type: RateLimitHeader

Update requires: No interruption

HTTPMethod

Use the request's HTTP method as an aggregate key. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.

Required: No

Type: Json

Update requires: No interruption

IP

Use the request's originating IP address as an aggregate key. Each distinct IP address contributes to the aggregation instance.

When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the IP address by specifying IP in your rate-based statement's AggregateKeyType.

Required: No

Type: Json

Update requires: No interruption

LabelNamespace

Use the specified label namespace as an aggregate key. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance.

This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL.

For information about label namespaces and names, see Label syntax and naming requirements in the AWS WAF Developer Guide.

Required: No

Type: RateLimitLabelNamespace

Update requires: No interruption

QueryArgument

Use the specified query argument as an aggregate key. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.

Required: No

Type: RateLimitQueryArgument

Update requires: No interruption

QueryString

Use the request's query string as an aggregate key. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.

Required: No

Type: RateLimitQueryString

Update requires: No interruption

UriPath

Use the request's URI path as an aggregate key. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance.

Required: No

Type: RateLimitUriPath

Update requires: No interruption