Top / Amazon Web Service / AWS WAF V2 / Rule Group

AWS WAF V2 Rule Group

This page shows how to write Terraform and CloudFormation for AWS WAF V2 Rule Group and write them securely.

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_wafv2_rule_group (Terraform)

The Rule Group in AWS WAF V2 can be configured in Terraform with the resource name aws_wafv2_rule_group. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

pijain/terraform

main.tf#L6

resource "aws_wafv2_rule_group" "this" {
  capacity = var.capacity
  name = var.name
  scope = var.scope
  description = var.description
  tags = var.tags

Find out how to use this setting securely with Shisho Cloud

JamesWoolfenden/terraform-aws-waf2-regional

aws_wafv2_rule_group.example.tf#L1

resource "aws_wafv2_rule_group" "example" {
  name     = "example-rule"
  scope    = "REGIONAL"
  capacity = 2

    rule {

Find out how to use this setting securely with Shisho Cloud

peytoncasper/tf-cdk-examples

main.tf#L2

resource "aws_wafv2_rule_group" "example" {
  name        = "complex-example"
  description = "An rule group containing all statements"
  scope       = "REGIONAL"
  capacity    = 500

Find out how to use this setting securely with Shisho Cloud

chimbs86/Security-And-Microservices-On-AWS

cloudfront.tf#L24

resource "aws_wafv2_rule_group" "example" {
  capacity = 10
  name     = "example-rule-group"
  scope    = "CLOUDFRONT"

  rule {

Find out how to use this setting securely with Shisho Cloud

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

arn optional computed - string
capacity required - number
description optional - string
id optional computed - string
lock_token optional computed - string
name required - string
scope required - string
tags optional - map from string to string
rule set block
- name required - string
- priority required - number
- action list block
  - allow list block
  - block list block
  - count list block
- statement list block
  - and_statement list block
    - statement list block
      - and_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
      - ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
      - not_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - or_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
  - byte_match_statement list block
    - positional_constraint required - string
    - search_string required - string
    - field_to_match list block
      - all_query_arguments list block
      - body list block
      - method list block
      - query_string list block
      - single_header list block
        name required - string
      - single_query_argument list block
        name required - string
      - uri_path list block
    - text_transformation set block
      - priority required - number
      - type required - string
  - geo_match_statement list block
    - country_codes required - list of string
    - forwarded_ip_config list block
      - fallback_behavior required - string
      - header_name required - string
  - ip_set_reference_statement list block
    - arn required - string
    - ip_set_forwarded_ip_config list block
      - fallback_behavior required - string
      - header_name required - string
      - position required - string
  - not_statement list block
    - statement list block
      - and_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
      - ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
      - not_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - or_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
  - or_statement list block
    - statement list block
      - and_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
      - ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
      - not_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - or_statement list block
        statement list block
        byte_match_statement list block
        positional_constraint required - string
        search_string required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        geo_match_statement list block
        country_codes required - list of string
        forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        ip_set_reference_statement list block
        arn required - string
        ip_set_forwarded_ip_config list block
        fallback_behavior required - string
        header_name required - string
        position required - string
        regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
        xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - regex_pattern_set_reference_statement list block
        arn required - string
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - size_constraint_statement list block
        comparison_operator required - string
        size required - number
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - sqli_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
      - xss_match_statement list block
        field_to_match list block
        all_query_arguments list block
        body list block
        method list block
        query_string list block
        single_header list block
        name required - string
        single_query_argument list block
        name required - string
        uri_path list block
        text_transformation set block
        priority required - number
        type required - string
  - regex_pattern_set_reference_statement list block
    - arn required - string
    - field_to_match list block
      - all_query_arguments list block
      - body list block
      - method list block
      - query_string list block
      - single_header list block
        name required - string
      - single_query_argument list block
        name required - string
      - uri_path list block
    - text_transformation set block
      - priority required - number
      - type required - string
  - size_constraint_statement list block
    - comparison_operator required - string
    - size required - number
    - field_to_match list block
      - all_query_arguments list block
      - body list block
      - method list block
      - query_string list block
      - single_header list block
        name required - string
      - single_query_argument list block
        name required - string
      - uri_path list block
    - text_transformation set block
      - priority required - number
      - type required - string
  - sqli_match_statement list block
    - field_to_match list block
      - all_query_arguments list block
      - body list block
      - method list block
      - query_string list block
      - single_header list block
        name required - string
      - single_query_argument list block
        name required - string
      - uri_path list block
    - text_transformation set block
      - priority required - number
      - type required - string
  - xss_match_statement list block
    - field_to_match list block
      - all_query_arguments list block
      - body list block
      - method list block
      - query_string list block
      - single_header list block
        name required - string
      - single_query_argument list block
        name required - string
      - uri_path list block
    - text_transformation set block
      - priority required - number
      - type required - string
- visibility_config list block
  - cloudwatch_metrics_enabled required - bool
  - metric_name required - string
  - sampled_requests_enabled required - bool
visibility_config list block
- cloudwatch_metrics_enabled required - bool
- metric_name required - string
- sampled_requests_enabled required - bool

>> from Terraform Registry

Explanation in Terraform Registry

Creates a WAFv2 Rule Group resource.

>> from Terraform Registry

AWS::WAFv2::RuleGroup (CloudFormation)

The RuleGroup in WAFv2 can be configured in CloudFormation with the resource name AWS::WAFv2::RuleGroup. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

wak/practice-cfn

waf.cf.yml#L120

    Type: AWS::WAFv2::RuleGroup
    Properties:
      VisibilityConfig:
        CloudWatchMetricsEnabled: True
        SampledRequestsEnabled: True
        MetricName: PracticeRuleGroup

PatMyron/cloud

minimal.yaml#L671

    Type: AWS::WAFv2::RuleGroup
    Properties:
      Name: Name
      Scope: REGIONAL
      Capacity: 1
      VisibilityConfig:

robertcurcio/wafv2

waf-with-1-rulegroup-and-2-ipsets.yaml#L160

      Type: 'AWS::WAFv2::RuleGroup'
      Properties:
        Name: YourCustomRuleGroup
        Scope: CLOUDFRONT
        Description: YourCustomRuleGroup
        VisibilityConfig:

cloudavail/snippets

wafv2_with_cloudfront.yaml#L137

  #   Type: AWS::WAFv2::RuleGroup
  #   Properties:
  #     Capacity: 1
  #     Rules:
  #       - Action:
  #           Block: {}

ronald8192/aws-wafv2-cloudfront-ip-set-updater

template.yaml#L136

    Type: AWS::WAFv2::RuleGroup
    Properties:
      Capacity: 2
      Description: !Sub "${Environment} Whitelist CloudFront IP"
      Name: !Sub "WhitelistCloudFrontIP${Environment}"
      Rules:

claudiacauli/CloudFORMAL

WAFv2RuleGroupSpecification.json#L3

    "AWS::WAFv2::RuleGroup.FieldToMatch": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html",
      "Properties": {
        "SingleHeader": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html#cfn-wafv2-rulegroup-fieldtomatch-singleheader",
          "UpdateType": "Mutable",

mhlabs/aws-icons-directory

template.json#L2111

    "AWS::WAFv2::RuleGroup": {
      "Type": "AWS::WAFv2::RuleGroup",
      "Properties": {}
    },
    "AWS::ElasticBeanstalk::Application": {
      "Type": "AWS::ElasticBeanstalk::Application",

pistazie/cdk-dia

awsResouceIconMatches.json#L1933

        "resourceType": "AWS::WAFv2::RuleGroup",
        "filePath": null
      },
      {
        "resourceType": "AWS::WAFv2::WebACL",
        "filePath": null

Parameters

Capacity required - Integer
Description optional - String
Name optional - String
Scope required - String
Rules optional - List of Rule
VisibilityConfig required - VisibilityConfig
Tags optional - List of Tag
CustomResponseBodies optional - Map of CustomResponseBody

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Note This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide. Use an AWS::WAFv2::RuleGroup to define a collection of rules for inspecting and controlling web requests. You use a rule group in an AWS::WAFv2::WebACL by providing its Amazon Resource Name (ARN) to the rule statement RuleGroupReferenceStatement, when you add rules to the web ACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

>> from AWS CloudFormation Documentation

The Other Related AWS WAF V2 Resources

AWS WAF V2 IP Set

AWS WAF V2 Regex Pattern Set

AWS WAF V2 Web ACL

AWS WAF V2 Web ACL Association

AWS WAF V2 Web ACL Logging Configuration

Frequently asked questions

What is AWS WAF V2 Rule Group?

AWS WAF V2 Rule Group is a resource for WAF V2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF V2 Rule Group?

For Terraform, the pijain/terraform, JamesWoolfenden/terraform-aws-waf2-regional and peytoncasper/tf-cdk-examples source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the wak/practice-cfn, PatMyron/cloud and robertcurcio/wafv2 source code examples are useful. See the CloudFormation Example section for further details.

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

aws_wafv2_rule_group
AWS::WAFv2::RuleGroup
Frequently asked questions

AWS WAF V2 Rule Group

Review your .tf file for AWS best practices

aws_wafv2_rule_group (Terraform)

Example Usage from GitHub

Review your Terraform file for AWS best practices

Parameters

Explanation in Terraform Registry

AWS::WAFv2::RuleGroup (CloudFormation)

Example Usage from GitHub

Parameters

Explanation in CloudFormation Registry

The Other Related AWS WAF V2 Resources

Frequently asked questions

What is AWS WAF V2 Rule Group?

Where can I find the example code for the AWS WAF V2 Rule Group?

Automate config file reviews on your commits

Table of Contents