This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::WAF::IPSet **Note** AWS WAF Classic support will end on September 30, 2025. This is **AWS WAF Classic** documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With the latest version, AWS WAF has a single set of endpoints for regional and global use. Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. To specify an individual IP address, you specify the four-part IP address followed by a `/32`, for example, 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for IPv6). For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::WAF::IPSet", "Properties" : { "[IPSetDescriptors](#cfn-waf-ipset-ipsetdescriptors)" : [ IPSetDescriptor, ... ], "[Name](#cfn-waf-ipset-name)" : String } } ``` ### YAML ``` Type: AWS::WAF::IPSet Properties: [IPSetDescriptors](#cfn-waf-ipset-ipsetdescriptors): - IPSetDescriptor [Name](#cfn-waf-ipset-name): String ``` ## Properties `IPSetDescriptors` The IP address type (`IPV4` or `IPV6`) and the IP address range (in CIDR notation) that web requests originate from. If the `WebACL` is associated with an Amazon CloudFront distribution and the viewer did not use an HTTP proxy or a load balancer to send the request, this is the value of the c-ip field in the CloudFront access logs. *Required*: No *Type*: Array of [IPSetDescriptor](aws-properties-waf-ipset-ipsetdescriptor.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` The name of the `IPSet`. You can't change the name of an `IPSet` after you create it. *Required*: Yes *Type*: String *Pattern*: `.*\S.*` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt ## Examples **Topics** + [Define IP Addresses](#aws-resource-waf-ipset--examples--Define_IP_Addresses) + [Associate an IPSet with a Web ACL Rule](#aws-resource-waf-ipset--examples--Associate_an_IPSet_with_a_Web_ACL_Rule) + [Create a Web ACL](#aws-resource-waf-ipset--examples--Create_a_Web_ACL) ### Define IP Addresses The following example defines a set of IP addresses for a web access control list (ACL) rule. #### JSON ``` "MyIPSetDenylist": { "Type": "AWS::WAF::IPSet", "Properties": { "Name": "IPSet for deny listed IP addresses", "IPSetDescriptors": [ { "Type" : "IPV4", "Value" : "192.0.2.44/32" }, { "Type" : "IPV4", "Value" : "192.0.7.0/24" } ] } } ``` #### YAML ``` MyIPSetDenylist: Type: "AWS::WAF::IPSet" Properties: Name: "IPSet for deny listed IP addresses" IPSetDescriptors: - Type: "IPV4" Value: "192.0.2.44/32" - Type: "IPV4" Value: "192.0.7.0/24" ``` ### Associate an IPSet with a Web ACL Rule The following example associates the `MyIPSetDenylist` IP Set with a web ACL rule. #### JSON ``` "MyIPSetRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "MyIPSetRule", "MetricName" : "MyIPSetRule", "Predicates": [ { "DataId" : { "Ref" : "MyIPSetDenylist" }, "Negated" : false, "Type" : "IPMatch" } ] } } ``` #### YAML ``` MyIPSetRule: Type: "AWS::WAF::Rule" Properties: Name: "MyIPSetRule" MetricName: "MyIPSetRule" Predicates: - DataId: Ref: "MyIPSetDenylist" Negated: false Type: "IPMatch" ``` ### Create a Web ACL The following example associates the `MyIPSetRule` rule with a web ACL. The web ACL allows requests that originate from all IP addresses except for addresses that are defined in the `MyIPSetRule`. #### JSON ``` "MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "WebACL to block IP addresses", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "MyWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "MyIPSetRule" } } ] } } ``` #### YAML ``` MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "WebACL to block IP addresses" DefaultAction: Type: "ALLOW" MetricName: "MyWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "MyIPSetRule" ``` # AWS::WAF::IPSet IPSetDescriptor **Note** AWS WAF Classic support will end on September 30, 2025. This is **AWS WAF Classic** documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With the latest version, AWS WAF has a single set of endpoints for regional and global use. Specifies the IP address type (`IPV4` or `IPV6`) and the IP address range (in CIDR format) that web requests originate from. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Type](#cfn-waf-ipset-ipsetdescriptor-type)" : String, "[Value](#cfn-waf-ipset-ipsetdescriptor-value)" : String } ``` ### YAML ``` [Type](#cfn-waf-ipset-ipsetdescriptor-type): String [Value](#cfn-waf-ipset-ipsetdescriptor-value): String ``` ## Properties `Type` Specify `IPV4` or `IPV6`. *Required*: Yes *Type*: String *Allowed values*: `IPV4 | IPV6` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` Specify an IPv4 address by using CIDR notation. For example: + To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify `192.0.2.44/32`. + To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`. For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). Specify an IPv6 address by using CIDR notation. For example: + To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify `1111:0000:0000:0000:0000:0000:0000:0111/128`. + To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify `1111:0000:0000:0000:0000:0000:0000:0000/64`. *Required*: Yes *Type*: String *Pattern*: `.*\S.*` *Minimum*: `1` *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)