Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » AWS WAF Resource Types Reference » AWS::WAF::SizeConstraintSet

AWS::WAF::SizeConstraintSet

The AWS::WAF::SizeConstraintSet resource specifies a size constraint that AWS WAF uses to check the size of a web request and which parts of the request to check. For more information, see CreateSizeConstraintSet in the AWS WAF API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::WAF::SizeConstraintSet",
  "Properties" : {
    "Name" : String,
    "SizeConstraints" : [ SizeConstraint, ... ]
  }
}

YAML

Type: "AWS::WAF::SizeConstraintSet"
Properties: 
  Name: String
  SizeConstraints:
    - SizeConstraint

Properties

Name

A friendly name or description for the SizeConstraintSet.

Required: Yes

Type: String

Update requires: Replacement

SizeConstraints

The size constraint and the part of the web request to check.

Required: Yes

Type: List of AWS WAF SizeConstraintSet SizeConstraint

Update requires: No interruption

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Examples

The following examples show you how to define a size constraint, add it to a rule, and add the rule to a web access control list (ACL).

Define a Size Constraint

The following example checks that the body of an HTTP request equals 4096 bytes.

JSON

"MySizeConstraint": {
  "Type": "AWS::WAF::SizeConstraintSet",
  "Properties": {
    "Name": "SizeConstraints",
    "SizeConstraints": [
      {
        "ComparisonOperator": "EQ",
        "FieldToMatch": {
          "Type": "BODY"
        },
        "Size": "4096",
        "TextTransformation": "NONE"
      }
    ]
  }
}

YAML

  MySizeConstraint: 
    Type: "AWS::WAF::SizeConstraintSet"
    Properties: 
      Name: "SizeConstraints"
      SizeConstraints: 
        - 
          ComparisonOperator: "EQ"
          FieldToMatch: 
            Type: "BODY"
          Size: "4096"
          TextTransformation: "NONE"

Associate a SizeConstraintSet with a Web ACL Rule

The following example associates the MySizeConstraint object with a web ACL rule.

JSON

"SizeConstraintRule" : {
  "Type": "AWS::WAF::Rule",
  "Properties": {
    "Name": "SizeConstraintRule",
    "MetricName" : "SizeConstraintRule",
    "Predicates": [
      {
        "DataId" : {  "Ref" : "MySizeConstraint" },
        "Negated" : false,
        "Type" : "SizeConstraint"
      }
    ]
  }
}

YAML

SizeConstraintRule: 
  Type: "AWS::WAF::Rule"
  Properties: 
    Name: "SizeConstraintRule"
    MetricName: "SizeConstraintRule"
    Predicates: 
      - 
        DataId: 
          Ref: "MySizeConstraint"
        Negated: false
        Type: "SizeConstraint"

Create a Web ACL

The following example associates the SizeConstraintRule rule with a web ACL. The web ACL blocks all requests except for requests with a body size equal to 4096 bytes.

JSON

"MyWebACL": {
  "Type": "AWS::WAF::WebACL",
  "Properties": {
    "Name": "Web ACL to allow requests with a specific size",
    "DefaultAction": {
      "Type": "BLOCK"
    },
    "MetricName" : "SizeConstraintWebACL",
    "Rules": [
      {
        "Action" : {
          "Type" : "ALLOW"
        },
        "Priority" : 1,
        "RuleId" : { "Ref" : "SizeConstraintRule" }
      }
    ]
  }
}

YAML

MyWebACL: 
  Type: "AWS::WAF::WebACL"
  Properties: 
    Name: "Web ACL to allow requests with a specific size"
    DefaultAction: 
      Type: "BLOCK"
    MetricName: "SizeConstraintWebACL"
    Rules: 
      - 
        Action: 
          Type: "ALLOW"
        Priority: 1
        RuleId: 
          Ref: "SizeConstraintRule"