AWS WAF Web ACL

This page shows how to write Terraform and CloudFormation for AWS WAF Web ACL and write them securely.

aws_waf_web_acl (Terraform)

The Web ACL in AWS WAF can be configured in Terraform with the resource name aws_waf_web_acl. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

default_action_type.tf#L2
resource "aws_waf_web_acl" "default_action_type_set_to_block" {
  name        = "foo"
  metric_name = "foo"

  default_action {
    type = "BLOCK"
default_action_type.tf#L2
resource "aws_waf_web_acl" "default_action_type_set_to_block" {
  name        = "foo"
  metric_name = "foo"

  default_action {
    type = "BLOCK"
default_action_type.tf#L2
resource "aws_waf_web_acl" "default_action_type_set_to_block" {
  name        = "foo"
  metric_name = "foo"

  default_action {
    type = "BLOCK"
default_action_type.tf#L2
resource "aws_waf_web_acl" "default_action_type_set_to_block" {
  name        = "foo"
  metric_name = "foo"

  default_action {
    type = "BLOCK"
waf_web_acl_test.tf#L33
resource "aws_waf_web_acl" "my_waf" {
  depends_on = [
    aws_waf_ipset.ipset,
    aws_waf_rule.wafrule,
  ]
  name        = "tfWebACL"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a WAF Web ACL Resource

AWS::WAF::WebACL (CloudFormation)

The WebACL in WAF can be configured in CloudFormation with the resource name AWS::WAF::WebACL. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

serverless.yml#L44
      Type: AWS::WAF::WebACL
      Properties:
        Name: Master WebACL
        DefaultAction:
          Type: BLOCK
        MetricName: MasterWebACL
serverless.yml#L44
      Type: AWS::WAF::WebACL
      Properties:
        Name: Master WebACL
        DefaultAction:
          Type: BLOCK
        MetricName: MasterWebACL
serverless.yml#L44
      Type: AWS::WAF::WebACL
      Properties:
        Name: Master WebACL
        DefaultAction:
          Type: BLOCK
        MetricName: MasterWebACL
allow-get.yml#L38
    Type: 'AWS::WAF::WebACL'
    Properties:
      DefaultAction:
         Type: 'BLOCK'
      Name: 'mywebacl'
      MetricName: 'mywebacl'
waf_web_acl.cfn.yml#L12
    Type: "AWS::WAF::WebACL"
    Properties:
      Name: !Sub "${Environment} ${Platform} Web ACL to block traffic based on defined rules. "
      DefaultAction:
        Type: "ALLOW"
      MetricName: "WafWebACL"
positive2.json#L4
      "Type": "AWS::WAF::WebACL",
      "Properties": {
        "Name": "WebACL to with three rules",
        "DefaultAction": {
          "Type": "ALLOW"
        },
negative2.json#L4
      "Type": "AWS::WAF::WebACL",
      "Properties": {
        "Name": "WebACL to with one rule",
        "DefaultAction": {
          "Type": "BLOCK"
        },
positive2.json#L4
      "Type": "AWS::WAF::WebACL",
      "Properties": {
        "Name": "WebACL to with three rules",
        "DefaultAction": {
          "Type": "ALLOW"
        },
negative2.json#L4
      "Type": "AWS::WAF::WebACL",
      "Properties": {
        "Name": "WebACL to with one rule",
        "DefaultAction": {
          "Type": "BLOCK"
        },
WAF.json#L183
  "resourceType" : "AWS::WAF::WebACL",
  "properties" : [ {
    "propertyName" : "DefaultAction",
    "propertyType" : "AWS::WAF::WebACL::Action",
    "required" : true,
    "propertyHref" : "aws-properties-waf-webacl-action.html"

Parameters

Explanation in CloudFormation Registry

Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a WebACL, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a Amazon CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL, a request needs to match only one of the specifications to be allowed, blocked, or counted.

Frequently asked questions

What is AWS WAF Web ACL?

AWS WAF Web ACL is a resource for WAF of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF Web ACL?

For Terraform, the stelligent/config-lint, stelligent/config-lint and ffsclyh/config-lint source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the paullewallencom/javascript-978-1-7884-7041-4, DanteInc/js-cloud-native-cookbook and PacktPublishing/JavaScript-Cloud-Native-Development-Cookbook source code examples are useful. See the CloudFormation Example section for further details.