AWS WAF Regional Regional Rate Based Rule
This page shows how to write Terraform and CloudFormation for AWS WAF Regional Regional Rate Based Rule and write them securely.
aws_wafregional_rate_based_rule (Terraform)
The Regional Rate Based Rule in AWS WAF Regional can be configured in Terraform with the resource name aws_wafregional_rate_based_rule. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_wafregional_rate_based_rule" "this" {
metric_name = var.metric_name
name = var.name
rate_key = var.rate_key
rate_limit = var.rate_limit
tags = var.tags
resource "aws_wafregional_rate_based_rule" "ddos_ip_rule" {
name = format("%s-ddos-ip", var.waf_name)
metric_name = "SecurityAutomationsHttpFloodRule"
rate_key = "IP"
rate_limit = var.request_threshold
resource "aws_wafregional_rate_based_rule" "wafrule" {
depends_on = [aws_wafregional_byte_match_set.wafrule]
name = "AlfNomsSearchWafRateRule"
metric_name = "AlfNomsSearchWafRateRule"
rate_key = "IP"
Parameters
-
arnoptional computed - string -
idoptional computed - string -
metric_namerequired - string -
namerequired - string -
rate_keyrequired - string -
rate_limitrequired - number -
tagsoptional - map from string to string -
predicateset block
Explanation in Terraform Registry
Provides a WAF Rate Based Rule Resource
AWS::WAFRegional::RateBasedRule (CloudFormation)
The RateBasedRule in WAFRegional can be configured in CloudFormation with the resource name AWS::WAFRegional::RateBasedRule. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
"resourceType": "AWS::WAFRegional::RateBasedRule",
"filePath": null
},
{
"resourceType": "AWS::WAFRegional::SqlInjectionMatchSet",
"filePath": null
"AWS::WAFRegional::RateBasedRule": {
"Type": "AWS::WAFRegional::RateBasedRule",
"Properties": {}
},
"AWS::AppIntegrations::EventIntegration": {
"Type": "AWS::AppIntegrations::EventIntegration",
"AWS::WAFRegional::RateBasedRule.Predicate": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-ratebasedrule-predicate.html",
"Properties": {
"Type": {
"Required": true,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-ratebasedrule-predicate.html#cfn-wafregional-ratebasedrule-predicate-type",
Parameters
-
MetricNamerequired - String -
RateLimitrequired - Integer -
MatchPredicatesoptional - List of Predicate -
RateKeyrequired - String -
Namerequired - String
Explanation in CloudFormation Registry
Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A
RateBasedRuleis identical to a regularRule, with one addition: aRateBasedRulecounts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create aRateBasedRulethat includes the following conditions: + The requests come from 192.
- They contain the value
BadBotin theUser-Agentheader.In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.
Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL.
Frequently asked questions
What is AWS WAF Regional Regional Rate Based Rule?
AWS WAF Regional Regional Rate Based Rule is a resource for WAF Regional of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS WAF Regional Regional Rate Based Rule?
For Terraform, the niveklabs/aws, msfidelis/awswaf-production-automation and ministryofjustice/hmpps-delius-alfresco-shared-terraform source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the awslabs/aws-service-catalog-products, awslabs/aws-service-catalog-products and awslabs/aws-service-catalog-products source code examples are useful. See the CloudFormation Example section for further details.
