AWS WAF Rate Based Rule
This page shows how to write Terraform and CloudFormation for AWS WAF Rate Based Rule and write them securely.
aws_waf_rate_based_rule (Terraform)
The Rate Based Rule in AWS WAF can be configured in Terraform with the resource name aws_waf_rate_based_rule
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_waf_rate_based_rule" "prod_rate_limit" {
name = "prod_rate_limit"
metric_name = "ProdRateLimit"
rate_key = "IP"
rate_limit = 100
}
resource "aws_waf_rate_based_rule" "this" {
metric_name = var.metric_name
name = var.name
rate_key = var.rate_key
rate_limit = var.rate_limit
tags = var.tags
Parameters
-
arn
optional computed - string -
id
optional computed - string -
metric_name
required - string -
name
required - string -
rate_key
required - string -
rate_limit
required - number -
tags
optional - map from string to string -
predicates
set block
Explanation in Terraform Registry
Provides a WAF Rate Based Rule Resource
AWS::WAF::Rule (CloudFormation)
The Rule in WAF can be configured in CloudFormation with the resource name AWS::WAF::Rule
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: 'AWS::WAF::Rule'
XssRule:
Properties:
Name: !Join
- ''
- - !Ref WebAppACL
Type: 'AWS::WAF::Rule'
XssRule:
Properties:
Name: !Join
- ''
- - !Ref WebAppACL
Type: AWS::WAF::Rule
Properties:
Name: IpBlacklist
MetricName: IpBlacklist
Predicates:
- DataId: !Ref IpBlacklistIpSet
Type: AWS::WAF::Rule
Condition: isGlobal
Properties:
MetricName: !Join ['', [!Ref stackPrefix, 'mitigatesqli']]
Name: !Join ['-', [!Ref stackPrefix, 'mitigate-sqli']]
Predicates:
Type: 'AWS::WAF::Rule'
Properties:
Name: !Join [' - ', [!Ref 'AWS::StackName', 'Whitelist Rule']]
MetricName: !Join ['', [!Join ['', !Split ['-', !Ref 'AWS::StackName']], 'WhitelistRule']]
Predicates:
- DataId: !Ref WAFWhitelistSet
"Type": "AWS::WAF::Rule"
},
"XssRule": {
"Properties": {
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] },
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]},
"Type": "AWS::WAF::Rule"
},
"XssRule": {
"Properties": {
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] },
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]},
"Type": "AWS::WAF::Rule"
},
"XssRule": {
"Properties": {
"Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] },
"MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]},
"Type": "AWS::WAF::Rule"
},
"XssRule": {
"Properties": {
"Name": {
"Fn::Join": [
"Type": "AWS::WAF::Rule"
},
"XssRule": {
"Properties": {
"Name": {
"Fn::Join": [
Parameters
-
MetricName
required - String -
Name
required - String -
Predicates
optional - List of Predicate
Explanation in CloudFormation Registry
Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A combination of
ByteMatchSet
,IPSet
, and/orSqlInjectionMatchSet
objects that identify the web requests that you want to allow, block, or count. For example, you might create aRule
that includes the following predicates:+ AnIPSet
that causes AWS WAF to search for web requests that originate from the IP address192.0.2.44
+ AByteMatchSet
that causes AWS WAF to search for web requests for which the value of theUser-Agent
header isBadBot
.To match the settings in this
Rule
, a request must originate from192.0.2.44
AND include aUser-Agent
header for which the value isBadBot
.
Frequently asked questions
What is AWS WAF Rate Based Rule?
AWS WAF Rate Based Rule is a resource for WAF of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS WAF Rate Based Rule?
For Terraform, the HouzuoGuo/Terraform-S3-CDN-exercise and niveklabs/aws source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the divuu/CloudFormation-Scripts, ade-mola/Deploy-Web-App-Using-CloudFormation and PRX/Infrastructure source code examples are useful. See the CloudFormation Example section for further details.