AWS WAF XSS Match Set
This page shows how to write Terraform and CloudFormation for AWS WAF XSS Match Set and write them securely.
aws_waf_xss_match_set (Terraform)
The XSS Match Set in AWS WAF can be configured in Terraform with the resource name aws_waf_xss_match_set
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_waf_xss_match_set" "this" {
name = var.name
dynamic "xss_match_tuples" {
for_each = var.xss_match_tuples
content {
Parameters
-
arn
optional computed - string -
id
optional computed - string -
name
required - string -
xss_match_tuples
set block-
text_transformation
required - string -
field_to_match
list block
-
Explanation in Terraform Registry
Provides a WAF XSS Match Set Resource
AWS::WAF::XssMatchSet (CloudFormation)
The XssMatchSet in WAF can be configured in CloudFormation with the resource name AWS::WAF::XssMatchSet
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: "AWS::WAF::XssMatchSet"
Properties:
Name: !Sub "${Environment} ${Platform} XssMatchSet"
XssMatchTuples:
-
FieldToMatch:
Type: 'AWS::WAF::XssMatchSet'
Outputs:
UdagramACL:
Description: The Waf rule name
Value: !Ref UdagramACL
Type: 'AWS::WAF::XssMatchSet'
Outputs:
UdagramACL:
Description: The Waf rule name
Value: !Ref UdagramACL
Type: 'AWS::WAF::XssMatchSet'
Condition: CrossSiteScriptingProtectionActivated
Properties:
Name: !Join [' - ', [!Ref 'AWS::StackName', 'XSS Detection Detection']]
XssMatchTuples:
- FieldToMatch:
Type: AWS::WAF::XssMatchSet
Condition: CrossSiteScriptingProtectionActivated
Properties:
Name:
!Join
- " - "
"AWS::WAF::XssMatchSet.FieldToMatch": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html",
"Properties": {
"Data": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html#cfn-waf-xssmatchset-xssmatchtuple-fieldtomatch-data",
"PrimitiveType": "String",
"AWS::WAF::XssMatchSet.FieldToMatch": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html",
"Properties": {
"Data": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html#cfn-waf-xssmatchset-xssmatchtuple-fieldtomatch-data",
"PrimitiveType": "String",
"resourceType" : "AWS::WAF::XssMatchSet",
"properties" : [ {
"propertyName" : "Name",
"propertyType" : "String",
"required" : true
}, {
"Type": "AWS::WAF::XssMatchSet",
"Properties": {
"Name": {
"Ref": "XssCondition1"
},
"XssMatchTuples": [
"Type": "AWS::WAF::XssMatchSet",
"Properties": {
"Name": {
"Ref": "XssCondition1"
},
"XssMatchTuples": [
Parameters
-
Name
required - String -
XssMatchTuples
required - List of XssMatchTuple
Explanation in CloudFormation Registry
Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A complex type that contains
XssMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If aXssMatchSet
contains more than oneXssMatchTuple
object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.
Frequently asked questions
What is AWS WAF XSS Match Set?
AWS WAF XSS Match Set is a resource for WAF of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS WAF XSS Match Set?
For Terraform, the niveklabs/aws source code example is useful. See the Terraform Example section for further details.
For CloudFormation, the qld-gov-au/ckan-qld-infrastructure, divuu/CloudFormation-Scripts and ade-mola/Deploy-Web-App-Using-CloudFormation source code examples are useful. See the CloudFormation Example section for further details.