Skip to content

API for AWS WAFV2

ABAP Package /AWS1/API_WA2_IMPL
ABAP SDK "TLA" WA2
ABAP Interface /AWS1/IF_WA2

The "TLA" is a Three Letter Abbreviation that appears in ABAP class names, data dictionary objects and other ABAP objects throughout the AWS SDK for SAP ABAP. The TLA for AWS WAFV2 is WA2. This TLA helps squeeze ABAP objects into the 30-character length limit of the ABAP data dictionary.

Installation

To install the AWS SDK for SAP ABAP, import the Core transport, along with the transport for the WAFV2 module and other API modules you are interested in. A few modules are included in the Core transport itself. For more information, see the Developer Guide guide.

About The Service

WAF

This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like "V2" or "v2", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.

If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. You can access your old rules, web ACLs, and other WAF resources only through the WAF Classic APIs. The WAF Classic APIs have retained the prior names, endpoints, and namespaces.

For information, including how to migrate your WAF resources to this version, see the WAF Developer Guide.

WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.

This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.

You can make calls using the endpoints listed in WAF endpoints and quotas.

  • For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

  • For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.

Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.

We currently provide two versions of the WAF API: this API and the prior versions, the classic WAF APIs. This new API provides the same functionality as the older versions, with the following major improvements:

  • You use one API for both global and regional applications. Where you need to distinguish the scope, you specify a Scope parameter and set it to CLOUDFRONT or REGIONAL.

  • You can define a web ACL or rule group with a single call, and update it with a single call. You define all rule specifications in JSON format, and pass them to your rule group or web ACL calls.

  • The limits WAF places on the use of rules more closely reflects the cost of running each type of rule. Rule groups include capacity settings, so you know the maximum cost of a rule group when you use it.

Using the SDK

In your code, create a client using the SDK module for AWS WAFV2, which is created with factory method /AWS1/CL_WA2_FACTORY=>create(). In this example we will assume you have configured an SDK profile in transaction /AWS1/IMG called ZFINANCE.

DATA(go_session)   = /aws1/cl_rt_session_aws=>create( 'ZFINANCE' ).
DATA(go_wa2)       = /aws1/cl_wa2_factory=>create( go_session ).

Your variable go_wa2 is an instance of /AWS1/IF_WA2, and all of the operations in the AWS WAFV2 service are accessed by calling methods in /AWS1/IF_WA2.

API Operations

For an overview of ABAP method calls corresponding to API operations in AWS WAFV2, see the Operation List.

Factory Method

/AWS1/CL_WA2_FACTORY=>create( )

Creates an object of type /AWS1/IF_WA2.

IMPORTING

Optional arguments:

IV_PROTOCOL TYPE /AWS1/RT_PROTOCOL

IO_SESSION TYPE REF TO /AWS1/CL_RT_SESSION_BASE

IV_REGION TYPE /AWS1/RT_REGION_ID

IV_CUSTOM_ENDPOINT TYPE /AWS1/RT_ENDPOINT

RETURNING

OO_CLIENT TYPE REF TO /AWS1/IF_WA2

/AWS1/IF_WA2 represents the ABAP client for the WAFV2 service, representing each operation as a method call. For more information see the API Page page.

Configuring Programmatically

DATA(lo_config) = DATA(go_wa2)->get_config( ).

lo_config is a variable of type /AWS1/CL_WA2_CONFIG. See the documentation for /AWS1/CL_WA2_CONFIG for details on the settings that can be configured.