AWS WAF V2 Rule Group

This page shows how to write Terraform and CloudFormation for AWS WAF V2 Rule Group and write them securely.

aws_wafv2_rule_group (Terraform)

The Rule Group in AWS WAF V2 can be configured in Terraform with the resource name aws_wafv2_rule_group. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub
resource "aws_wafv2_rule_group" "this" {
  capacity = var.capacity
  name =
  scope = var.scope
  description = var.description
  tags = var.tags
resource "aws_wafv2_rule_group" "example" {
  name     = "example-rule"
  scope    = "REGIONAL"
  capacity = 2

    rule {
resource "aws_wafv2_rule_group" "example" {
  name        = "complex-example"
  description = "An rule group containing all statements"
  scope       = "REGIONAL"
  capacity    = 500
resource "aws_wafv2_rule_group" "example" {
  capacity = 10
  name     = "example-rule-group"
  scope    = "CLOUDFRONT"

  rule {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


Explanation in Terraform Registry

Creates a WAFv2 Rule Group resource.

AWS::WAFv2::RuleGroup (CloudFormation)

The RuleGroup in WAFv2 can be configured in CloudFormation with the resource name AWS::WAFv2::RuleGroup. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub
    Type: AWS::WAFv2::RuleGroup
        CloudWatchMetricsEnabled: True
        SampledRequestsEnabled: True
        MetricName: PracticeRuleGroup
    Type: AWS::WAFv2::RuleGroup
      Name: Name
      Scope: REGIONAL
      Capacity: 1
      Type: 'AWS::WAFv2::RuleGroup'
        Name: YourCustomRuleGroup
        Scope: CLOUDFRONT
        Description: YourCustomRuleGroup
  #   Type: AWS::WAFv2::RuleGroup
  #   Properties:
  #     Capacity: 1
  #     Rules:
  #       - Action:
  #           Block: {}
    Type: AWS::WAFv2::RuleGroup
      Capacity: 2
      Description: !Sub "${Environment} Whitelist CloudFront IP"
      Name: !Sub "WhitelistCloudFrontIP${Environment}"
    "AWS::WAFv2::RuleGroup.FieldToMatch": {
      "Documentation": "",
      "Properties": {
        "SingleHeader": {
          "Documentation": "",
          "UpdateType": "Mutable",
    "AWS::WAFv2::RuleGroup": {
      "Type": "AWS::WAFv2::RuleGroup",
      "Properties": {}
    "AWS::ElasticBeanstalk::Application": {
      "Type": "AWS::ElasticBeanstalk::Application",
        "resourceType": "AWS::WAFv2::RuleGroup",
        "filePath": null
        "resourceType": "AWS::WAFv2::WebACL",
        "filePath": null


Explanation in CloudFormation Registry

Note This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide. Use an AWS::WAFv2::RuleGroup to define a collection of rules for inspecting and controlling web requests. You use a rule group in an AWS::WAFv2::WebACL by providing its Amazon Resource Name (ARN) to the rule statement RuleGroupReferenceStatement, when you add rules to the web ACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

Frequently asked questions

What is AWS WAF V2 Rule Group?

AWS WAF V2 Rule Group is a resource for WAF V2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF V2 Rule Group?

For Terraform, the pijain/terraform, JamesWoolfenden/terraform-aws-waf2-regional and peytoncasper/tf-cdk-examples source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the wak/practice-cfn, PatMyron/cloud and robertcurcio/wafv2 source code examples are useful. See the CloudFormation Example section for further details.