CfnWebACLPropsMixin

class aws_cdk.mixins_preview.aws_wafregional.mixins.CfnWebACLPropsMixin(props, *, strategy=None)

Bases: Mixin

This is AWS WAF Classic documentation.

For more information, see AWS WAF Classic in the developer guide. .. epigraph:

*For the latest version of AWS WAF* , use the AWS WAF V2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`_ . With the latest version, AWS WAF has a single set of endpoints for regional and global use.

Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL , you also specify a default action ( ALLOW or BLOCK ), and the action for each Rule that you add to a WebACL , for example, block requests from specified IP addresses or block requests from specified referrers. If you add more than one Rule to a WebACL , a request needs to match only one of the specifications to be allowed, blocked, or counted.

To identify the requests that you want AWS WAF to filter, you associate the WebACL with an API Gateway API or an Application Load Balancer.

see:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafregional-webacl.html

cloudformationResource:

AWS::WAFRegional::WebACL

mixin:

true

exampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_wafregional import mixins as wafregional_mixins

cfn_web_aCLProps_mixin = wafregional_mixins.CfnWebACLPropsMixin(wafregional_mixins.CfnWebACLMixinProps(
    default_action=wafregional_mixins.CfnWebACLPropsMixin.ActionProperty(
        type="type"
    ),
    metric_name="metricName",
    name="name",
    rules=[wafregional_mixins.CfnWebACLPropsMixin.RuleProperty(
        action=wafregional_mixins.CfnWebACLPropsMixin.ActionProperty(
            type="type"
        ),
        priority=123,
        rule_id="ruleId"
    )]
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::WAFRegional::WebACL.

Parameters:

  • props (Union[CfnWebACLMixinProps, Dict[str, Any]]) – L1 properties to apply.

  • strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['defaultAction', 'metricName', 'name', 'rules']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental

ActionProperty

class CfnWebACLPropsMixin.ActionProperty(*, type=None)

Bases: object

Specifies the action AWS WAF takes when a web request matches or doesn’t match all rule conditions.

Parameters:

type (Optional[str]) – For actions that are associated with a rule, the action that AWS WAF takes when a web request matches all conditions in a rule. For the default action of a web access control list (ACL), the action that AWS WAF takes when a web request doesn’t match all conditions in any rule. Valid settings include the following: - ALLOW : AWS WAF allows requests - BLOCK : AWS WAF blocks requests - COUNT : AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can’t specify COUNT for the default action for a WebACL.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafregional import mixins as wafregional_mixins

action_property = wafregional_mixins.CfnWebACLPropsMixin.ActionProperty(
    type="type"
)

Attributes

type

For actions that are associated with a rule, the action that AWS WAF takes when a web request matches all conditions in a rule.

For the default action of a web access control list (ACL), the action that AWS WAF takes when a web request doesn’t match all conditions in any rule.

Valid settings include the following:

  • ALLOW : AWS WAF allows requests

  • BLOCK : AWS WAF blocks requests

  • COUNT : AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can’t specify COUNT for the default action for a WebACL.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-action.html#cfn-wafregional-webacl-action-type

RuleProperty

class CfnWebACLPropsMixin.RuleProperty(*, action=None, priority=None, rule_id=None)

Bases: object

A combination of ByteMatchSet , IPSet , and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count.

For example, you might create a Rule that includes the following predicates:

  • An IPSet that causes AWS WAF to search for web requests that originate from the IP address 192.0.2.44

  • A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot .

To match the settings in this Rule , a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot .

Parameters:

  • action (Union[IResolvable, ActionProperty, Dict[str, Any], None]) – The action that AWS WAF takes when a web request matches all conditions in the rule, such as allow, block, or count the request.

  • priority (Union[int, float, None]) – The order in which AWS WAF evaluates the rules in a web ACL. AWS WAF evaluates rules with a lower value before rules with a higher value. The value must be a unique integer. If you have multiple rules in a web ACL, the priority numbers do not need to be consecutive.

  • rule_id (Optional[str]) – The ID of an AWS WAF Regional rule to associate with a web ACL.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-rule.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_wafregional import mixins as wafregional_mixins

rule_property = wafregional_mixins.CfnWebACLPropsMixin.RuleProperty(
    action=wafregional_mixins.CfnWebACLPropsMixin.ActionProperty(
        type="type"
    ),
    priority=123,
    rule_id="ruleId"
)

Attributes

action

The action that AWS WAF takes when a web request matches all conditions in the rule, such as allow, block, or count the request.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-rule.html#cfn-wafregional-webacl-rule-action

priority

The order in which AWS WAF evaluates the rules in a web ACL.

AWS WAF evaluates rules with a lower value before rules with a higher value. The value must be a unique integer. If you have multiple rules in a web ACL, the priority numbers do not need to be consecutive.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-rule.html#cfn-wafregional-webacl-rule-priority

rule_id

The ID of an AWS WAF Regional rule to associate with a web ACL.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafregional-webacl-rule.html#cfn-wafregional-webacl-rule-ruleid