Top / Amazon Web Service / AWS WAF / SQL Injection Match Set

AWS WAF SQL Injection Match Set

This page shows how to write Terraform and CloudFormation for AWS WAF SQL Injection Match Set and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_waf_sql_injection_match_set (Terraform)

The SQL Injection Match Set in AWS WAF can be configured in Terraform with the resource name aws_waf_sql_injection_match_set. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "aws_waf_sql_injection_match_set" "this" {
  name = var.name

  dynamic "sql_injection_match_tuples" {
    for_each = var.sql_injection_match_tuples
    content {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a WAF SQL Injection Match Set Resource

>> from Terraform Registry

AWS::WAF::SqlInjectionMatchSet (CloudFormation)

The SqlInjectionMatchSet in WAF can be configured in CloudFormation with the resource name AWS::WAF::SqlInjectionMatchSet. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

api.yml#L65
    Type: AWS::WAF::SqlInjectionMatchSet
    Condition: SqlInjectionProtectionActivated
    Properties:
      Name:
        !Join
          - " - "
owasp_10_base.yml#L192
    Type: AWS::WAF::SqlInjectionMatchSet
    Condition: isGlobal
    Properties:
      Name: !Join ['-', [!Ref stackPrefix, 'detect-sqli']]
      SqlInjectionMatchTuples:
        - FieldToMatch:
waf-udagram.yml#L140
    Type: 'AWS::WAF::SqlInjectionMatchSet'
  XssMatchSet:
    Properties:
      Name: !Join
        - ''
        - - !Ref WebAppACL
waf.yml#L138
    Type: 'AWS::WAF::SqlInjectionMatchSet'
  XssMatchSet:
    Properties:
      Name: !Join
        - ''
        - - !Ref WebAppACL
aws-waf-cloudfront.yml#L102
    Type: 'AWS::WAF::SqlInjectionMatchSet'
    Condition: SqlInjectionProtectionActivated
    Properties:
      Name: !Join [' - ', [!Ref 'AWS::StackName', 'SQL injection Detection']]
      SqlInjectionMatchTuples:
        - FieldToMatch:
WAFSqlInjectionMatchSetSpecification.json#L3
    "AWS::WAF::SqlInjectionMatchSet.FieldToMatch": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-bytematchset-bytematchtuples-fieldtomatch.html",
      "Properties": {
        "Data": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-bytematchset-bytematchtuples-fieldtomatch.html#cfn-waf-sizeconstraintset-sizeconstraint-fieldtomatch-data",
          "PrimitiveType": "String",
WAFSqlInjectionMatchSetSpecification.json#L3
    "AWS::WAF::SqlInjectionMatchSet.FieldToMatch": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-bytematchset-bytematchtuples-fieldtomatch.html",
      "Properties": {
        "Data": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-bytematchset-bytematchtuples-fieldtomatch.html#cfn-waf-sizeconstraintset-sizeconstraint-fieldtomatch-data",
          "PrimitiveType": "String",
cfn_waf-sqli_1_v1.json#L22
      "Type": "AWS::WAF::SqlInjectionMatchSet",
      "Properties": {
        "Name": {
          "Ref": "SQLiCondition1"
        },
        "SqlInjectionMatchTuples": [
cfn_waf-sqli_1_v1.json#L22
      "Type": "AWS::WAF::SqlInjectionMatchSet",
      "Properties": {
        "Name": {
          "Ref": "SQLiCondition1"
        },
        "SqlInjectionMatchTuples": [
cfn_waf-sqli_1_v1.json#L22
      "Type": "AWS::WAF::SqlInjectionMatchSet",
      "Properties": {
        "Name": {
          "Ref": "SQLiCondition1"
        },
        "SqlInjectionMatchTuples": [

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A complex type that contains SqlInjectionMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a SqlInjectionMatchSet contains more than one SqlInjectionMatchTuple object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.

>> from AWS CloudFormation Documentation

The Other Related AWS WAF Resources

Frequently asked questions

What is AWS WAF SQL Injection Match Set?

AWS WAF SQL Injection Match Set is a resource for WAF of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF SQL Injection Match Set?

For Terraform, the niveklabs/aws source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the azjones/cloudformation, gaurangdavda/CloudNote and divuu/CloudFormation-Scripts source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents