WAF Web ACL

Web Application Firewall (WAF) Web Access Control List (ACL)

Resource Types

AWS.WAF.WebACL, AWS.WAF.Regional.WebACL

Resource ID Format

For WAF Web ACLs, the resource ID is the ARN.

arn:aws:waf::123456789012:webacl/1

arn:aws:waf-regional:us-west-2:123456789012:webacl/1

Background

A web access control list (web ACL) gives you fine-grained control over the web requests that your Amazon API Gateway API, Amazon CloudFront distribution or Application Load Balancer responds to. Global Web ACLs apply to CloudFront and API Gateway. Regional Web ACLs apply to load balancers.

WAF Regional and Global ACLs are represented in the same fashion, the distinction is made to assist in writing rules for the correct scope.

Fields

WebACL Reference

Example

{
    "AccountId": "123456789012",
    "Arn": "arn:aws:waf-regional:us-west-2:123456789012:webacl/1",
    "DefaultAction": {
        "Type": "ALLOW"
    },
    "Id": "1",
    "MetricName": "metric-1",
    "Name": "example-web-acl",
    "Region": "us-west-2",
    "ResourceId": "arn:aws:waf-regional:us-west-2:123456789012:webacl/1",
    "ResourceType": "AWS.WAF.Regional.WebACL",
    "Rules": [
        {
            "Action": {
                "Type": "BLOCK"
            },
            "ExcludedRules": null,
            "MetricName": "metric-1",
            "Name": "rule-1",
            "OverrideAction": null,
            "Predicates": [
                {
                    "DataId": "1",
                    "Negated": false,
                    "Type": "XssMatch"
                }
            ],
            "Priority": 2,
            "RuleId": "1",
            "Type": "REGULAR"
        },
        {
            "Action": {
                "Type": "COUNT"
            },
            "ExcludedRules": null,
            "MetricName": "metric-2",
            "Name": "rule-2",
            "OverrideAction": null,
            "Predicates": [
                {
                    "DataId": "2",
                    "Negated": false,
                    "Type": "XssMatch"
                }
            ],
            "Priority": 1,
            "RuleId": "2",
            "Type": "REGULAR"
        }
    ],
    "Tags": null,
    "TimeCreated": null
}

PreviousS3 Bucket NextAlerts & Destinations

Last updated 1 year ago

Background

WAF Regional and Global ACLs are represented in the same fashion, the distinction is made to assist in writing rules for the correct scope.

Example

{
    "AccountId": "123456789012",
    "Arn": "arn:aws:waf-regional:us-west-2:123456789012:webacl/1",
    "DefaultAction": {
        "Type": "ALLOW"
    },
    "Id": "1",
    "MetricName": "metric-1",
    "Name": "example-web-acl",
    "Region": "us-west-2",
    "ResourceId": "arn:aws:waf-regional:us-west-2:123456789012:webacl/1",
    "ResourceType": "AWS.WAF.Regional.WebACL",
    "Rules": [
        {
            "Action": {
                "Type": "BLOCK"
            },
            "ExcludedRules": null,
            "MetricName": "metric-1",
            "Name": "rule-1",
            "OverrideAction": null,
            "Predicates": [
                {
                    "DataId": "1",
                    "Negated": false,
                    "Type": "XssMatch"
                }
            ],
            "Priority": 2,
            "RuleId": "1",
            "Type": "REGULAR"
        },
        {
            "Action": {
                "Type": "COUNT"
            },
            "ExcludedRules": null,
            "MetricName": "metric-2",
            "Name": "rule-2",
            "OverrideAction": null,
            "Predicates": [
                {
                    "DataId": "2",
                    "Negated": false,
                    "Type": "XssMatch"
                }
            ],
            "Priority": 1,
            "RuleId": "2",
            "Type": "REGULAR"
        }
    ],
    "Tags": null,
    "TimeCreated": null
}