AWS WAF V2 Rule Group

This page shows how to write Terraform and CloudFormation for AWS WAF V2 Rule Group and write them securely.

aws_wafv2_rule_group (Terraform)

The Rule Group in AWS WAF V2 can be configured in Terraform with the resource name aws_wafv2_rule_group. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L6
resource "aws_wafv2_rule_group" "this" {
  capacity = var.capacity
  name = var.name
  scope = var.scope
  description = var.description
  tags = var.tags
aws_wafv2_rule_group.example.tf#L1
resource "aws_wafv2_rule_group" "example" {
  name     = "example-rule"
  scope    = "REGIONAL"
  capacity = 2

    rule {
main.tf#L2
resource "aws_wafv2_rule_group" "example" {
  name        = "complex-example"
  description = "An rule group containing all statements"
  scope       = "REGIONAL"
  capacity    = 500

cloudfront.tf#L24
resource "aws_wafv2_rule_group" "example" {
  capacity = 10
  name     = "example-rule-group"
  scope    = "CLOUDFRONT"

  rule {

Parameters

Explanation in Terraform Registry

Creates a WAFv2 Rule Group resource.

AWS::WAFv2::RuleGroup (CloudFormation)

The RuleGroup in WAFv2 can be configured in CloudFormation with the resource name AWS::WAFv2::RuleGroup. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

waf.cf.yml#L120
    Type: AWS::WAFv2::RuleGroup
    Properties:
      VisibilityConfig:
        CloudWatchMetricsEnabled: True
        SampledRequestsEnabled: True
        MetricName: PracticeRuleGroup
minimal.yaml#L671
    Type: AWS::WAFv2::RuleGroup
    Properties:
      Name: Name
      Scope: REGIONAL
      Capacity: 1
      VisibilityConfig:
waf-with-1-rulegroup-and-2-ipsets.yaml#L160
      Type: 'AWS::WAFv2::RuleGroup'
      Properties:
        Name: YourCustomRuleGroup
        Scope: CLOUDFRONT
        Description: YourCustomRuleGroup
        VisibilityConfig:
wafv2_with_cloudfront.yaml#L137
  #   Type: AWS::WAFv2::RuleGroup
  #   Properties:
  #     Capacity: 1
  #     Rules:
  #       - Action:
  #           Block: {}
template.yaml#L136
    Type: AWS::WAFv2::RuleGroup
    Properties:
      Capacity: 2
      Description: !Sub "${Environment} Whitelist CloudFront IP"
      Name: !Sub "WhitelistCloudFrontIP${Environment}"
      Rules:
WAFv2RuleGroupSpecification.json#L3
    "AWS::WAFv2::RuleGroup.FieldToMatch": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html",
      "Properties": {
        "SingleHeader": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html#cfn-wafv2-rulegroup-fieldtomatch-singleheader",
          "UpdateType": "Mutable",
template.json#L2111
    "AWS::WAFv2::RuleGroup": {
      "Type": "AWS::WAFv2::RuleGroup",
      "Properties": {}
    },
    "AWS::ElasticBeanstalk::Application": {
      "Type": "AWS::ElasticBeanstalk::Application",
awsResouceIconMatches.json#L1933
        "resourceType": "AWS::WAFv2::RuleGroup",
        "filePath": null
      },
      {
        "resourceType": "AWS::WAFv2::WebACL",
        "filePath": null

Parameters

Explanation in CloudFormation Registry

Note This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide. Use an AWS::WAFv2::RuleGroup to define a collection of rules for inspecting and controlling web requests. You use a rule group in an AWS::WAFv2::WebACL by providing its Amazon Resource Name (ARN) to the rule statement RuleGroupReferenceStatement, when you add rules to the web ACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

Frequently asked questions

What is AWS WAF V2 Rule Group?

AWS WAF V2 Rule Group is a resource for WAF V2 of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF V2 Rule Group?

For Terraform, the pijain/terraform, JamesWoolfenden/terraform-aws-waf2-regional and peytoncasper/tf-cdk-examples source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the wak/practice-cfn, PatMyron/cloud and robertcurcio/wafv2 source code examples are useful. See the CloudFormation Example section for further details.