AWS WAF Regional Regional Web ACL
This page shows how to write Terraform and CloudFormation for AWS WAF Regional Regional Web ACL and write them securely.
aws_wafregional_web_acl (Terraform)
The Regional Web ACL in AWS WAF Regional can be configured in Terraform with the resource name aws_wafregional_web_acl. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_wafregional_web_acl" "pass" {
name = "tfWebACLregional"
metric_name = "tfWebACLregional"
default_action {
type = "ALLOW"
resource "aws_wafregional_web_acl" "enforce_cloudfront" {
name = "WACLEnforceCloudfront"
metric_name = "WACLEnforceCloudfront"
default_action {
type = "BLOCK"
}
resource "aws_wafregional_web_acl" "pass" {
name = "tfWebACLregional"
metric_name = "tfWebACLregional"
default_action {
type = "ALLOW"
resource "aws_wafregional_web_acl" "ip_whitelist" {
name = var.acl_name
metric_name = var.metric_name
default_action {
Parameters
-
arnoptional computed - string -
idoptional computed - string -
metric_namerequired - string -
namerequired - string -
tagsoptional - map from string to string -
default_actionlist block-
typerequired - string
-
-
logging_configurationlist block-
log_destinationrequired - string -
redacted_fieldslist block-
field_to_matchset block
-
-
-
ruleset block
Explanation in Terraform Registry
Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.
AWS::WAFRegional::WebACL (CloudFormation)
The WebACL in WAFRegional can be configured in CloudFormation with the resource name AWS::WAFRegional::WebACL. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::WAFRegional::WebACL
Properties:
DefaultAction:
Type: ALLOW
MetricName: String
Name: !Sub ${AWS::StackName}-WebAcl
Type: AWS::WAFRegional::WebACL
Properties:
Name: !Join ['-', [!Ref 'ResourcePrefix', !Ref 'EnvironmentName', 'ApiWaf']]
DefaultAction:
Type: 'ALLOW'
MetricName: 'CommonAPIgatewayWebACL'
Type: "AWS::WAFRegional::WebACL"
DeletionPolicy: "Delete"
Properties:
DefaultAction:
Type: "ALLOW"
MetricName: !Ref "WAFMetricName"
Type: AWS::WAFRegional::WebACL
Properties:
MetricName: 'WAFTstingowaspacl'
Name: 'WAFTsting-owasp-acl'
DefaultAction:
Type: ALLOW
Type: AWS::WAFRegional::WebACL
Properties:
Name: regional-${self:custom.stage}
DefaultAction:
Type: BLOCK
MetricName: AppACLRegional-${self:custom.stage}
"Type": "AWS::WAFRegional::WebACL",
"Properties": {
"DefaultAction": {
"Type": "BLOCK"
},
"MetricName": "ACLfromTranslateCDK",
"ResourceType": "AWS::WAFRegional::WebACL",
"ResourceName": ""
}
]
}
"AWS::WAFRegional::WebACL.Action": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html",
"Properties": {
"Type": {
"Required": true,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html#cfn-wafregional-webacl-action-type",
"AWS::WAFRegional::WebACL.Action": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html",
"Properties": {
"Type": {
"Required": true,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html#cfn-wafregional-webacl-action-type",
"AWS::WAFRegional::WebACL.Action": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html",
"Properties": {
"Type": {
"Required": true,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html#cfn-wafregional-webacl-action-type",
Parameters
-
MetricNamerequired - String -
DefaultActionrequired - Action -
Rulesoptional - List of Rule -
Namerequired - String
Explanation in CloudFormation Registry
Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. Contains the
Rulesthat identify the requests that you want to allow, block, or count. In aWebACL, you also specify a default action (ALLOWorBLOCK), and the action for eachRulethat you add to aWebACL, for example, block requests from specified IP addresses or block requests from specified referrers. If you add more than oneRuleto aWebACL, a request needs to match only one of the specifications to be allowed, blocked, or counted.To identify the requests that you want AWS WAF to filter, you associate the
WebACLwith an API Gateway API or an Application Load Balancer.
Frequently asked questions
What is AWS WAF Regional Regional Web ACL?
AWS WAF Regional Regional Web ACL is a resource for WAF Regional of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS WAF Regional Regional Web ACL?
For Terraform, the bridgecrewio/checkov, oonisim/terraform-aws and bridgecrewio/checkov source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the m6a-UdS/hf-ctf, adityadeole24/Interactive-Web-Application and goodbyegangster/cloudformation source code examples are useful. See the CloudFormation Example section for further details.
