AWS WAF Regional Regional Rate Based Rule
This page shows how to write Terraform and CloudFormation for AWS WAF Regional Regional Rate Based Rule and write them securely.
aws_wafregional_rate_based_rule (Terraform)
The Regional Rate Based Rule in AWS WAF Regional can be configured in Terraform with the resource name aws_wafregional_rate_based_rule
. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_wafregional_rate_based_rule" "this" {
metric_name = var.metric_name
name = var.name
rate_key = var.rate_key
rate_limit = var.rate_limit
tags = var.tags
resource "aws_wafregional_rate_based_rule" "ddos_ip_rule" {
name = format("%s-ddos-ip", var.waf_name)
metric_name = "SecurityAutomationsHttpFloodRule"
rate_key = "IP"
rate_limit = var.request_threshold
resource "aws_wafregional_rate_based_rule" "wafrule" {
depends_on = [aws_wafregional_byte_match_set.wafrule]
name = "AlfNomsSearchWafRateRule"
metric_name = "AlfNomsSearchWafRateRule"
rate_key = "IP"
Parameters
-
arn
optional computed - string -
id
optional computed - string -
metric_name
required - string -
name
required - string -
rate_key
required - string -
rate_limit
required - number -
tags
optional - map from string to string -
predicate
set block
Explanation in Terraform Registry
Provides a WAF Rate Based Rule Resource
AWS::WAFRegional::RateBasedRule (CloudFormation)
The RateBasedRule in WAFRegional can be configured in CloudFormation with the resource name AWS::WAFRegional::RateBasedRule
. The following sections describe 8 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
Type: AWS::WAFRegional::RateBasedRule
Description: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-ratebasedrule.html
Properties:
MetricName: !Ref 'MetricName'
RateLimit: !Ref 'RateLimit'
RateKey: !Ref 'RateKey'
"resourceType": "AWS::WAFRegional::RateBasedRule",
"filePath": null
},
{
"resourceType": "AWS::WAFRegional::SqlInjectionMatchSet",
"filePath": null
"AWS::WAFRegional::RateBasedRule": {
"Type": "AWS::WAFRegional::RateBasedRule",
"Properties": {}
},
"AWS::AppIntegrations::EventIntegration": {
"Type": "AWS::AppIntegrations::EventIntegration",
"AWS::WAFRegional::RateBasedRule.Predicate": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-ratebasedrule-predicate.html",
"Properties": {
"Type": {
"Required": true,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-ratebasedrule-predicate.html#cfn-wafregional-ratebasedrule-predicate-type",
Parameters
-
MetricName
required - String -
RateLimit
required - Integer -
MatchPredicates
optional - List of Predicate -
RateKey
required - String -
Name
required - String
Explanation in CloudFormation Registry
Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A
RateBasedRule
is identical to a regularRule
, with one addition: aRateBasedRule
counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create aRateBasedRule
that includes the following conditions: + The requests come from 192.
- They contain the value
BadBot
in theUser-Agent
header.In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.
Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL.
Frequently asked questions
What is AWS WAF Regional Regional Rate Based Rule?
AWS WAF Regional Regional Rate Based Rule is a resource for WAF Regional of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS WAF Regional Regional Rate Based Rule?
For Terraform, the niveklabs/aws, msfidelis/awswaf-production-automation and ministryofjustice/hmpps-delius-alfresco-shared-terraform source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the awslabs/aws-service-catalog-products, awslabs/aws-service-catalog-products and awslabs/aws-service-catalog-products source code examples are useful. See the CloudFormation Example section for further details.