Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » AWS WAF Resource Types Reference » AWS::WAF::Rule

AWS::WAF::Rule

The AWS::WAF::Rule resource creates an AWS WAF rule that specifies a combination of IPSet, ByteMatchSet, and SqlInjectionMatchSet objects that identify the web requests to allow, block, or count. To implement rules, you must associate them with a web ACL.

For more information, see CreateRule in the AWS WAF API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::WAF::Rule",
  "Properties" : {
    "MetricName" : String,
    "Name" : String,
    "Predicates" : [ Predicate, ... ]
  }
}

YAML

Type: "AWS::WAF::Rule"
Properties: 
  MetricName: String
  Name: String
  Predicates:
    - Predicate

Properties

MetricName

A friendly name or description for the metrics of the rule. For valid values, see the MetricName parameter for the CreateRule action in the AWS WAF API Reference.

Required: Yes

Type: String

Update requires: Replacement

Name

A friendly name or description of the rule.

Required: Yes

Type: String

Update requires: Replacement

Predicates

The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. If you add more than one predicate to a rule, a request must match all conditions in order to be allowed or blocked.

Required: No

Type: List of AWS WAF Rule Predicates

Update requires: No interruption

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Example

Associate an IPSet with a Web ACL Rule

The following example associates the MyIPSetBlacklist IPSet object with a web ACL rule.

JSON

"MyIPSetRule" : {
  "Type": "AWS::WAF::Rule",
  "Properties": {
    "Name": "MyIPSetRule",
    "MetricName" : "MyIPSetRule",
    "Predicates": [
      {
        "DataId" : {  "Ref" : "MyIPSetBlacklist" },
        "Negated" : false,
        "Type" : "IPMatch"
      }
    ]
  }      
}

YAML

MyIPSetRule: 
  Type: "AWS::WAF::Rule"
  Properties: 
    Name: "MyIPSetRule"
    MetricName: "MyIPSetRule"
    Predicates: 
      - 
        DataId: 
          Ref: "MyIPSetBlacklist"
        Negated: false
        Type: "IPMatch"