AWS WAF Rule Group

This page shows how to write Terraform and CloudFormation for AWS WAF Rule Group and write them securely.

aws_waf_rule_group (Terraform)

The Rule Group in AWS WAF can be configured in Terraform with the resource name aws_waf_rule_group. The following sections describe 3 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L21
resource "aws_waf_rule_group" "xss_rule_group_tf" {
  name        = "xss_rule_group_tf"
  metric_name = "xssrulegrouptf"

  activated_rule {
    action {
main.tf#L7
resource "aws_waf_rule_group" "this" {
  metric_name = var.metric_name
  name        = var.name
  tags        = var.tags

  dynamic "activated_rule" {
waf-rulegroup-owasp.tf#L58
resource "aws_waf_rule_group" "owasp_top_10" {
  depends_on = [
    aws_waf_rule.owasp_auth_tokens,
    aws_waf_rule.owasp_csrf,
    aws_waf_rule.owasp_injection_sql,
    aws_waf_rule.owasp_path_traversal,

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a WAF Rule Group Resource

AWS::WAF::Rule (CloudFormation)

The Rule in WAF can be configured in CloudFormation with the resource name AWS::WAF::Rule. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

waf-udagram.yml#L55
    Type: 'AWS::WAF::Rule'
  XssRule:
    Properties:
      Name: !Join
        - ''
        - - !Ref WebAppACL
waf.yml#L53
    Type: 'AWS::WAF::Rule'
  XssRule:
    Properties:
      Name: !Join
        - ''
        - - !Ref WebAppACL
waf-sample.yml#L29
    Type: AWS::WAF::Rule
    Properties:
      Name: IpBlacklist
      MetricName: IpBlacklist
      Predicates:
        - DataId: !Ref IpBlacklistIpSet
owasp_10_base.yml#L234
    Type: AWS::WAF::Rule
    Condition: isGlobal
    Properties:
      MetricName: !Join ['', [!Ref stackPrefix, 'mitigatesqli']]
      Name: !Join ['-', [!Ref stackPrefix, 'mitigate-sqli']]
      Predicates:
aws-waf-cloudfront.yml#L176
    Type: 'AWS::WAF::Rule'
    Properties:
      Name: !Join [' - ', [!Ref 'AWS::StackName', 'Whitelist Rule']]
      MetricName: !Join ['', [!Join ['', !Split ['-', !Ref 'AWS::StackName']], 'WhitelistRule']]
      Predicates:
        - DataId: !Ref WAFWhitelistSet
waf-attacks.json#L94
      "Type": "AWS::WAF::Rule"
    },
    "XssRule": {
      "Properties": {
        "Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] },
        "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]},
was-waf.json#L93
      "Type": "AWS::WAF::Rule"
    },
    "XssRule": {
      "Properties": {
        "Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] },
        "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]},
ip.json#L93
      "Type": "AWS::WAF::Rule"
    },
    "XssRule": {
      "Properties": {
        "Name": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]] },
        "MetricName": { "Fn::Join" : [ "", [{"Ref" : "WebACLName"}, "XssRule"]]},
waf-shiftmanprd.json#L135
      "Type": "AWS::WAF::Rule"
    },
    "XssRule": {
      "Properties": {
        "Name": {
          "Fn::Join": [
ProtectionCommonAttacks.json#L117
            "Type": "AWS::WAF::Rule"
        },
        "XssRule": {
            "Properties": {
                "Name": {
                    "Fn::Join": [

Parameters

Explanation in CloudFormation Registry

Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:+ An IPSet that causes AWS WAF to search for web requests that originate from the IP address 192.0.2.44 + A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot.

To match the settings in this Rule, a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot.

Frequently asked questions

What is AWS WAF Rule Group?

AWS WAF Rule Group is a resource for WAF of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF Rule Group?

For Terraform, the andrzejsydor/aws, niveklabs/aws and appzen-oss/terraform-aws-waf-global-rules source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the divuu/CloudFormation-Scripts, ade-mola/Deploy-Web-App-Using-CloudFormation and PRX/Infrastructure source code examples are useful. See the CloudFormation Example section for further details.