» aws_wafregional_web_acl

Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.

» Example Usage

resource "aws_wafregional_ipset" "ipset" {
  name = "tfIPSet"

  ip_set_descriptor {
    type  = "IPV4"
    value = "192.0.7.0/24"
  }
}

resource "aws_wafregional_rule" "wafrule" {
  name        = "tfWAFRule"
  metric_name = "tfWAFRule"

  predicate {
    data_id = "${aws_wafregional_ipset.ipset.id}"
    negated = false
    type    = "IPMatch"
  }
}

resource "aws_wafregional_web_acl" "wafacl" {
  name        = "tfWebACL"
  metric_name = "tfWebACL"

  default_action {
    type = "ALLOW"
  }

  rule {
    action {
      type = "BLOCK"
    }

    priority = 1
    rule_id  = "${aws_wafregional_rule.wafrule.id}"
    type     = "REGULAR"
  }
}

» Argument Reference

The following arguments are supported:

  • default_action - (Required) The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.
  • metric_name - (Required) The name or description for the Amazon CloudWatch metric of this web ACL.
  • name - (Required) The name or description of the web ACL.
  • rule - (Required) The rules to associate with the web ACL and the settings for each rule.

» Nested Fields

» rule

See docs for all details and supported values.

» Arguments

  • action - (Required) The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if type is GROUP.
  • override_action - (Required) Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if type is GROUP.
  • priority - (Required) Specifies the order in which the rules in a WebACL are evaluated. Rules with a lower value are evaluated before rules with a higher value.
  • rule_id - (Required) ID of the associated WAF (Regional) rule (e.g. aws_wafregional_rule). WAF (Global) rules cannot be used.
  • type - (Optional) The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. If you add a RATE_BASED rule, you need to set type as RATE_BASED. If you add a GROUP rule, you need to set type as GROUP.

» default_action / action

» Arguments

  • type - (Required) Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. ALLOW, BLOCK or COUNT

» Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the WAF Regional WebACL.