AWS WAF Regional Regional Rate Based Rule

This page shows how to write Terraform and CloudFormation for AWS WAF Regional Regional Rate Based Rule and write them securely.

aws_wafregional_rate_based_rule (Terraform)

The Regional Rate Based Rule in AWS WAF Regional can be configured in Terraform with the resource name aws_wafregional_rate_based_rule. The following sections describe 3 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "aws_wafregional_rate_based_rule" "this" {
  metric_name = var.metric_name
  name        = var.name
  rate_key    = var.rate_key
  rate_limit  = var.rate_limit
  tags        = var.tags
ddos.tf#L5
resource "aws_wafregional_rate_based_rule" "ddos_ip_rule" {
  name        = format("%s-ddos-ip", var.waf_name)
  metric_name = "SecurityAutomationsHttpFloodRule"

  rate_key   = "IP"
  rate_limit = var.request_threshold
rules.tf#L13
resource "aws_wafregional_rate_based_rule" "wafrule" {
  depends_on  = [aws_wafregional_byte_match_set.wafrule]
  name        = "AlfNomsSearchWafRateRule"
  metric_name = "AlfNomsSearchWafRateRule"

  rate_key   = "IP"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a WAF Rate Based Rule Resource

AWS::WAFRegional::RateBasedRule (CloudFormation)

The RateBasedRule in WAFRegional can be configured in CloudFormation with the resource name AWS::WAFRegional::RateBasedRule. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

product.template-us-east-1.yaml#L18
    Type: AWS::WAFRegional::RateBasedRule
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
    Properties:
      MetricName: !Ref 'MetricName'
      RateLimit: !Ref 'RateLimit'
      RateKey: !Ref 'RateKey'
product.template-ap-southeast-2.yaml#L18
    Type: AWS::WAFRegional::RateBasedRule
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
    Properties:
      MetricName: !Ref 'MetricName'
      RateLimit: !Ref 'RateLimit'
      RateKey: !Ref 'RateKey'
product.template-eu-north-1.yaml#L18
    Type: AWS::WAFRegional::RateBasedRule
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
    Properties:
      MetricName: !Ref 'MetricName'
      RateLimit: !Ref 'RateLimit'
      RateKey: !Ref 'RateKey'
product.template-us-west-1.yaml#L18
    Type: AWS::WAFRegional::RateBasedRule
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
    Properties:
      MetricName: !Ref 'MetricName'
      RateLimit: !Ref 'RateLimit'
      RateKey: !Ref 'RateKey'
product.template-us-west-2.yaml#L18
    Type: AWS::WAFRegional::RateBasedRule
    Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
    Properties:
      MetricName: !Ref 'MetricName'
      RateLimit: !Ref 'RateLimit'
      RateKey: !Ref 'RateKey'
awsResouceIconMatches.json#L519
        "resourceType": "AWS::WAFRegional::RateBasedRule",
        "filePath": null
      },
      {
        "resourceType": "AWS::WAFRegional::SqlInjectionMatchSet",
        "filePath": null
template.json#L43
    "AWS::WAFRegional::RateBasedRule": {
      "Type": "AWS::WAFRegional::RateBasedRule",
      "Properties": {}
    },
    "AWS::AppIntegrations::EventIntegration": {
      "Type": "AWS::AppIntegrations::EventIntegration",
WAFRegionalRateBasedRuleSpecification.json#L3
    "AWS::WAFRegional::RateBasedRule.Predicate": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-ratebasedrule-predicate.html",
      "Properties": {
        "Type": {
          "Required": true,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-ratebasedrule-predicate.html#cfn-wafregional-ratebasedrule-predicate-type",

Parameters

Explanation in CloudFormation Registry

Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A RateBasedRule is identical to a regular Rule, with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule that includes the following conditions: + The requests come from 192.

  • They contain the value BadBot in the User-Agent header.

In the rule, you also define the rate limit as 15,000.

Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.

Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL.

Frequently asked questions

What is AWS WAF Regional Regional Rate Based Rule?

AWS WAF Regional Regional Rate Based Rule is a resource for WAF Regional of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF Regional Regional Rate Based Rule?

For Terraform, the niveklabs/aws, msfidelis/awswaf-production-automation and ministryofjustice/hmpps-delius-alfresco-shared-terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the awslabs/aws-service-catalog-products, awslabs/aws-service-catalog-products and awslabs/aws-service-catalog-products source code examples are useful. See the CloudFormation Example section for further details.