CfnRateBasedRule
- class aws_cdk.aws_wafregional.CfnRateBasedRule(scope, id, *, metric_name, name, rate_key, rate_limit, match_predicates=None)
Bases:
CfnResourceA CloudFormation
AWS::WAFRegional::RateBasedRule.This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAF V2 API and see the AWS WAF Developer Guide . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A
RateBasedRuleis identical to a regularRule, with one addition: aRateBasedRulecounts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you’ve seen from an attacker, you might create aRateBasedRulethat includes the following conditions:The requests come from 192.0.2.44.
They contain the value
BadBotin theUser-Agentheader.
In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule’s action (block or count), which is defined in the web ACL.
Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL .
- CloudformationResource:
AWS::WAFRegional::RateBasedRule
- Link:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_wafregional as wafregional cfn_rate_based_rule = wafregional.CfnRateBasedRule(self, "MyCfnRateBasedRule", metric_name="metricName", name="name", rate_key="rateKey", rate_limit=123, # the properties below are optional match_predicates=[wafregional.CfnRateBasedRule.PredicateProperty( data_id="dataId", negated=False, type="type" )] )
Create a new
AWS::WAFRegional::RateBasedRule.- Parameters:
scope (
Construct) –scope in which this resource is defined.
id (
str) –scoped id of the resource.
metric_name (
str) – A name for the metrics for aRateBasedRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can’t contain whitespace or metric names reserved for AWS WAF , including “All” and “Default_Action.” You can’t change the name of the metric after you create theRateBasedRule.name (
str) – A friendly name or description for aRateBasedRule. You can’t change the name of aRateBasedRuleafter you create it.rate_key (
str) – The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring. The only valid value forRateKeyisIP.IPindicates that requests arriving from the same IP address are subject to theRateLimitthat is specified in theRateBasedRule.rate_limit (
Union[int,float]) – The maximum number of requests, which have an identical value in the field specified by theRateKey, allowed in a five-minute period. If the number of requests exceeds theRateLimitand the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.match_predicates (
Union[IResolvable,Sequence[Union[IResolvable,PredicateProperty,Dict[str,Any]]],None]) – ThePredicatesobject contains onePredicateelement for eachByteMatchSet,IPSet, orSqlInjectionMatchSet>object that you want to include in aRateBasedRule.
Methods
- add_deletion_override(path)
Syntactic sugar for
addOverride(path, undefined).- Parameters:
path (
str) – The path of the value to delete.- Return type:
None
- add_depends_on(target)
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.
- Parameters:
target (
CfnResource)- Return type:
None
- add_metadata(key, value)
Add a value to the CloudFormation Resource Metadata.
- Parameters:
key (
str)value (
Any)
- See:
- Return type:
None
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- add_override(path, value)
Adds an override to the synthesized CloudFormation resource.
To add a property override, either use
addPropertyOverrideor prefixpathwith “Properties.” (i.e.Properties.TopicName).If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.
To include a literal
.in the property name, prefix with a\. In most programming languages you will need to write this as"\\."because the\itself will need to be escaped.For example:
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")
would add the overrides Example:
"Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... }
The
valueargument toaddOverridewill not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.- Parameters:
path (
str) –The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
value (
Any) –The value. Could be primitive or complex.
- Return type:
None
- add_property_deletion_override(property_path)
Adds an override that deletes the value of a property from the resource definition.
- Parameters:
property_path (
str) – The path to the property.- Return type:
None
- add_property_override(property_path, value)
Adds an override to a resource property.
Syntactic sugar for
addOverride("Properties.<...>", value).- Parameters:
property_path (
str) – The path of the property.value (
Any) – The value.
- Return type:
None
- apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)
Sets the deletion policy of the resource based on the removal policy specified.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).- Parameters:
policy (
Optional[RemovalPolicy])apply_to_update_replace_policy (
Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: truedefault (
Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resoure, please consult that specific resource’s documentation.
- Return type:
None
- get_att(attribute_name)
Returns a token for an runtime attribute of this resource.
Ideally, use generated attribute accessors (e.g.
resource.arn), but this can be used for future compatibility in case there is no generated attribute.- Parameters:
attribute_name (
str) – The name of the attribute.- Return type:
- get_metadata(key)
Retrieve a value value from the CloudFormation Resource Metadata.
- Parameters:
key (
str)- See:
- Return type:
Any
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- inspect(inspector)
Examines the CloudFormation resource and discloses attributes.
- Parameters:
inspector (
TreeInspector) –tree inspector to collect and process attributes.
- Return type:
None
- override_logical_id(new_logical_id)
Overrides the auto-generated logical ID with a specific ID.
- Parameters:
new_logical_id (
str) – The new logical ID to use for this stack element.- Return type:
None
- to_string()
Returns a string representation of this construct.
- Return type:
str- Returns:
a string representation of this resource
Attributes
- CFN_RESOURCE_TYPE_NAME = 'AWS::WAFRegional::RateBasedRule'
- cfn_options
Options for this resource, such as condition, update policy etc.
- cfn_resource_type
AWS resource type.
- creation_stack
return:
the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.
- logical_id
The logical ID for this CloudFormation stack element.
The logical ID of the element is calculated from the path of the resource node in the construct tree.
To override this value, use
overrideLogicalId(newLogicalId).- Returns:
the logical ID as a stringified token. This value will only get resolved during synthesis.
- match_predicates
The
Predicatesobject contains onePredicateelement for eachByteMatchSet,IPSet, orSqlInjectionMatchSet>object that you want to include in aRateBasedRule.
- metric_name
A name for the metrics for a
RateBasedRule.The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can’t contain whitespace or metric names reserved for AWS WAF , including “All” and “Default_Action.” You can’t change the name of the metric after you create the
RateBasedRule.
- name
A friendly name or description for a
RateBasedRule.You can’t change the name of a
RateBasedRuleafter you create it.
- node
The construct tree node associated with this construct.
- rate_key
The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
The only valid value for
RateKeyisIP.IPindicates that requests arriving from the same IP address are subject to theRateLimitthat is specified in theRateBasedRule.
- rate_limit
The maximum number of requests, which have an identical value in the field specified by the
RateKey, allowed in a five-minute period.If the number of requests exceeds the
RateLimitand the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.
- ref
Return a string that will be resolved to a CloudFormation
{ Ref }for this element.If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through
Lazy.any({ produce: resource.ref }).
- stack
The stack in which this element is defined.
CfnElements must be defined within a stack scope (directly or indirectly).
Static Methods
- classmethod is_cfn_element(x)
Returns
trueif a construct is a stack element (i.e. part of the synthesized cloudformation template).Uses duck-typing instead of
instanceofto allow stack elements from different versions of this library to be included in the same stack.- Parameters:
x (
Any)- Return type:
bool- Returns:
The construct as a stack element or undefined if it is not a stack element.
- classmethod is_cfn_resource(construct)
Check whether the given construct is a CfnResource.
- Parameters:
construct (
IConstruct)- Return type:
bool
- classmethod is_construct(x)
Return whether the given object is a Construct.
- Parameters:
x (
Any)- Return type:
bool
PredicateProperty
- class CfnRateBasedRule.PredicateProperty(*, data_id, negated, type)
Bases:
objectSpecifies the
ByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, andSizeConstraintSetobjects that you want to add to aRuleand, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.- Parameters:
data_id (
str) – A unique identifier for a predicate in aRule, such asByteMatchSetIdorIPSetId. The ID is returned by the correspondingCreateorListcommand.negated (
Union[bool,IResolvable]) – SetNegatedtoFalseif you want AWS WAF to allow, block, or count requests based on the settings in the specifiedByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow or block requests based on that IP address. SetNegatedtoTrueif you want AWS WAF to allow or block a request based on the negation of the settings in theByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet>. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44.type (
str) – The type of predicate in aRule, such asByteMatchorIPSet.
- Link:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_wafregional as wafregional predicate_property = wafregional.CfnRateBasedRule.PredicateProperty( data_id="dataId", negated=False, type="type" )
Attributes
- data_id
A unique identifier for a predicate in a
Rule, such asByteMatchSetIdorIPSetId.The ID is returned by the corresponding
CreateorListcommand.
- negated
Set
NegatedtoFalseif you want AWS WAF to allow, block, or count requests based on the settings in the specifiedByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet.For example, if an
IPSetincludes the IP address192.0.2.44, AWS WAF will allow or block requests based on that IP address.Set
NegatedtoTrueif you want AWS WAF to allow or block a request based on the negation of the settings in theByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet>. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44.
- type
The type of predicate in a
Rule, such asByteMatchorIPSet.