Docs HomePanther.comRelease NotesDemo Request
Search…
Overview
Quick Start
Data Onboarding
Writing Detections
Cloud Security Scanning
Cloud Resource Attributes
AWS
ACM Certificate
CloudFormation Stack
CloudWatch Log Group
CloudTrail
CloudTrail Meta
Config Recorder
Config Recorder Meta
DynamoDB Table
EC2 AMI
EC2 Instance
EC2 Network ACL
EC2 SecurityGroup
EC2 Volume
EC2 VPC
ECS Cluster
ELBV2 Application Load Balancer
GuardDuty Detector
GuardDuty Detector Meta
IAM Group
IAM Policy
IAM Role
IAM Root User
IAM User
KMS Key
Lambda Function
Password Policy
RDS Instance
Redshift Cluster
S3 Bucket
WAF Web ACL
Destinations
Data Analytics
Enrichment (BETA)
System Configuration
Alert Runbooks
Panther API (BETA)
Guides
Help
Powered By GitBook
WAF Web ACL
Web Application Firewall (WAF) Web Access Control List (ACL)

Resource Types

AWS.WAF.WebACL, AWS.WAF.Regional.WebACL

Resource ID Format

For WAF Web ACLs, the resource ID is the ARN.
arn:aws:waf::123456789012:webacl/1
arn:aws:waf-regional:us-west-2:123456789012:webacl/1

Background

A web access control list (web ACL) gives you fine-grained control over the web requests that your Amazon API Gateway API, Amazon CloudFront distribution or Application Load Balancer responds to. Global Web ACLs apply to CloudFront and API Gateway. Regional Web ACLs apply to load balancers.
WAF Regional and Global ACLs are represented in the same fashion, the distinction is made to assist in writing rules for the correct scope.

Fields

​WebACL Reference​
Field
Type
Description
Rules
List
Lists each rule being applied by the WebACL, its priority (ordering), and the action taken, among other things.
DefaultAction
Map
The default action for AWS WAF to allow web requests or to block web requests.
MetricName
String
A friendly name or description for the metrics for this WebACL.

Example

1
{
2
"AccountId": "123456789012",
3
"Arn": "arn:aws:waf-regional:us-west-2:123456789012:webacl/1",
4
"DefaultAction": {
5
"Type": "ALLOW"
6
},
7
"Id": "1",
8
"MetricName": "metric-1",
9
"Name": "example-web-acl",
10
"Region": "us-west-2",
11
"ResourceId": "arn:aws:waf-regional:us-west-2:123456789012:webacl/1",
12
"ResourceType": "AWS.WAF.Regional.WebACL",
13
"Rules": [
14
{
15
"Action": {
16
"Type": "BLOCK"
17
},
18
"ExcludedRules": null,
19
"MetricName": "metric-1",
20
"Name": "rule-1",
21
"OverrideAction": null,
22
"Predicates": [
23
{
24
"DataId": "1",
25
"Negated": false,
26
"Type": "XssMatch"
27
}
28
],
29
"Priority": 2,
30
"RuleId": "1",
31
"Type": "REGULAR"
32
},
33
{
34
"Action": {
35
"Type": "COUNT"
36
},
37
"ExcludedRules": null,
38
"MetricName": "metric-2",
39
"Name": "rule-2",
40
"OverrideAction": null,
41
"Predicates": [
42
{
43
"DataId": "2",
44
"Negated": false,
45
"Type": "XssMatch"
46
}
47
],
48
"Priority": 1,
49
"RuleId": "2",
50
"Type": "REGULAR"
51
}
52
],
53
"Tags": null,
54
"TimeCreated": null
55
}
Copied!
Previous
S3 Bucket
Next
Destinations
Last modified 1yr ago
Copy link
Contents
Resource Types
Resource ID Format
Background
Fields
Example