This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::WAF::SqlInjectionMatchSet **Note** AWS WAF Classic support will end on September 30, 2025. This is **AWS WAF Classic** documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With the latest version, AWS WAF has a single set of endpoints for regional and global use. A complex type that contains `SqlInjectionMatchTuple` objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a `SqlInjectionMatchSet` contains more than one `SqlInjectionMatchTuple` object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::WAF::SqlInjectionMatchSet", "Properties" : { "[Name](#cfn-waf-sqlinjectionmatchset-name)" : String, "[SqlInjectionMatchTuples](#cfn-waf-sqlinjectionmatchset-sqlinjectionmatchtuples)" : [ SqlInjectionMatchTuple, ... ] } } ``` ### YAML ``` Type: AWS::WAF::SqlInjectionMatchSet Properties: [Name](#cfn-waf-sqlinjectionmatchset-name): String [SqlInjectionMatchTuples](#cfn-waf-sqlinjectionmatchset-sqlinjectionmatchtuples): - SqlInjectionMatchTuple ``` ## Properties `Name` The name, if any, of the `SqlInjectionMatchSet`. *Required*: Yes *Type*: String *Pattern*: `.*\S.*` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SqlInjectionMatchTuples` Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code. *Required*: No *Type*: Array of [SqlInjectionMatchTuple](aws-properties-waf-sqlinjectionmatchset-sqlinjectionmatchtuple.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt ## Examples **Topics** + [Find SQL Injections](#aws-resource-waf-sqlinjectionmatchset--examples--Find_SQL_Injections) + [Associate a SQL Injection Match Set with a Web ACL Rule](#aws-resource-waf-sqlinjectionmatchset--examples--Associate_a_SQL_Injection_Match_Set_with_a_Web_ACL_Rule) + [Create a Web ACL](#aws-resource-waf-sqlinjectionmatchset--examples--Create_a_Web_ACL) ### Find SQL Injections The following example looks for snippets of SQL code in the query string of an HTTP request. #### JSON ``` "SqlInjDetection": { "Type": "AWS::WAF::SqlInjectionMatchSet", "Properties": { "Name": "Find SQL injections in the query string", "SqlInjectionMatchTuples": [ { "FieldToMatch" : { "Type": "QUERY_STRING" }, "TextTransformation" : "URL_DECODE" } ] } } ``` #### YAML ``` SqlInjDetection: Type: "AWS::WAF::SqlInjectionMatchSet" Properties: Name: "Find SQL injections in the query string" SqlInjectionMatchTuples: - FieldToMatch: Type: "QUERY_STRING" TextTransformation: "URL_DECODE" ``` ### Associate a SQL Injection Match Set with a Web ACL Rule The following example associates the `SqlInjDetection` match set with a web access control list (ACL) rule. #### JSON ``` "SqlInjRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "SqlInjRule", "MetricName" : "SqlInjRule", "Predicates": [ { "DataId" : { "Ref" : "SqlInjDetection" }, "Negated" : false, "Type" : "SqlInjectionMatch" } ] } } ``` #### YAML ``` SqlInjRule: Type: "AWS::WAF::Rule" Properties: Name: "SqlInjRule" MetricName: "SqlInjRule" Predicates: - DataId: Ref: "SqlInjDetection" Negated: false Type: "SqlInjectionMatch" ``` ### Create a Web ACL The following example associates the `SqlInjRule` rule with a web ACL. The web ACL allows all requests except for ones with SQL code in the query string of a request. #### JSON ``` "MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "Web ACL to block SQL injection in the query string", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "SqlInjWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "SqlInjRule" } } ] } } ``` #### YAML ``` MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "Web ACL to block SQL injection in the query string" DefaultAction: Type: "ALLOW" MetricName: "SqlInjWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "SqlInjRule" ```