Class: AWSCDK::WAFv2::CfnRuleGroup::RuleProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_rule_group.rb

Overview

A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to manage in some way.

Each rule includes one top-level Statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name:, priority:, statement:, visibility_config:, action: nil, captcha_config: nil, challenge_config: nil, rule_labels: nil) ⇒ RuleProperty

Returns a new instance of RuleProperty.

Parameters:



3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
# File 'wa_fv2/cfn_rule_group.rb', line 3744

def initialize(name:, priority:, statement:, visibility_config:, action: nil, captcha_config: nil, challenge_config: nil, rule_labels: nil)
  @name = name
  Jsii::Type.check_type(@name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "name")
  @priority = priority
  Jsii::Type.check_type(@priority, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "priority")
  @statement = statement.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::StatementProperty.new(**statement.transform_keys(&:to_sym)) : statement
  Jsii::Type.check_type(@statement, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuU3RhdGVtZW50UHJvcGVydHkifV19fQ==")), "statement")
  @visibility_config = visibility_config.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::VisibilityConfigProperty.new(**visibility_config.transform_keys(&:to_sym)) : visibility_config
  Jsii::Type.check_type(@visibility_config, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuVmlzaWJpbGl0eUNvbmZpZ1Byb3BlcnR5In1dfX0=")), "visibilityConfig")
  @action = action.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::RuleActionProperty.new(**action.transform_keys(&:to_sym)) : action
  Jsii::Type.check_type(@action, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuUnVsZUFjdGlvblByb3BlcnR5In1dfX0=")), "action") unless @action.nil?
  @captcha_config = captcha_config.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::CaptchaConfigProperty.new(**captcha_config.transform_keys(&:to_sym)) : captcha_config
  Jsii::Type.check_type(@captcha_config, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuQ2FwdGNoYUNvbmZpZ1Byb3BlcnR5In1dfX0=")), "captchaConfig") unless @captcha_config.nil?
  @challenge_config = challenge_config.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::ChallengeConfigProperty.new(**challenge_config.transform_keys(&:to_sym)) : challenge_config
  Jsii::Type.check_type(@challenge_config, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuQ2hhbGxlbmdlQ29uZmlnUHJvcGVydHkifV19fQ==")), "challengeConfig") unless @challenge_config.nil?
  @rule_labels = rule_labels
  Jsii::Type.check_type(@rule_labels, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsidW5pb24iOnsidHlwZXMiOlt7ImZxbiI6ImF3cy1jZGstbGliLklSZXNvbHZhYmxlIn0seyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfd2FmdjIuQ2ZuUnVsZUdyb3VwLkxhYmVsUHJvcGVydHkifV19fSwia2luZCI6ImFycmF5In19XX19")), "ruleLabels") unless @rule_labels.nil?
end

Instance Attribute Details

#actionAWSCDK::IResolvable, ... (readonly)

The action that AWS WAF should take on a web request when it matches the rule statement.

Settings at the web ACL level can override the rule action setting.



3795
3796
3797
# File 'wa_fv2/cfn_rule_group.rb', line 3795

def action
  @action
end

#captcha_configAWSCDK::IResolvable, ... (readonly)

Specifies how AWS WAF should handle CAPTCHA evaluations.

If you don't specify this, AWS WAF uses the CAPTCHA configuration that's defined for the web ACL.



3802
3803
3804
# File 'wa_fv2/cfn_rule_group.rb', line 3802

def captcha_config
  @captcha_config
end

#challenge_configAWSCDK::IResolvable, ... (readonly)

Specifies how AWS WAF should handle Challenge evaluations.

If you don't specify this, AWS WAF uses the challenge configuration that's defined for the web ACL.



3809
3810
3811
# File 'wa_fv2/cfn_rule_group.rb', line 3809

def challenge_config
  @challenge_config
end

#nameString (readonly)

The name of the rule.

If you change the name of a Rule after you create it and you want the rule's metric name to reflect the change, update the metric name in the rule's VisibilityConfig settings. AWS WAF doesn't automatically update the metric name when you update the rule name.



3769
3770
3771
# File 'wa_fv2/cfn_rule_group.rb', line 3769

def name
  @name
end

#priorityNumeric (readonly)

If you define more than one Rule in a WebACL , AWS WAF evaluates each request against the Rules in order based on the value of Priority .

AWS WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.



3776
3777
3778
# File 'wa_fv2/cfn_rule_group.rb', line 3776

def priority
  @priority
end

#rule_labelsAWSCDK::IResolvable, ... (readonly)

Labels to apply to web requests that match the rule match statement.

AWS WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.

Any rule that isn't a rule group reference statement or managed rule group statement can add labels to matching web requests.

Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement .

For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:

  • Separate each component of the label with a colon.
  • Each namespace or name can have up to 128 characters.
  • You can specify up to 5 namespaces in a label.
  • Don't use the following reserved words in your label specification: aws , waf , managed , rulegroup , webacl , regexpatternset , or ipset .

For example, my_label_name or nameSpace1:nameSpace2:myLabelName .



3829
3830
3831
# File 'wa_fv2/cfn_rule_group.rb', line 3829

def rule_labels
  @rule_labels
end

#statementAWSCDK::IResolvable, AWSCDK::WAFv2::CfnRuleGroup::StatementProperty (readonly)

The AWS WAF processing statement for the rule, for example ByteMatchStatement or SizeConstraintStatement .



3781
3782
3783
# File 'wa_fv2/cfn_rule_group.rb', line 3781

def statement
  @statement
end

#visibility_configAWSCDK::IResolvable, AWSCDK::WAFv2::CfnRuleGroup::VisibilityConfigProperty (readonly)

Defines and enables Amazon CloudWatch metrics and web request sample collection.

If you change the name of a Rule after you create it and you want the rule's metric name to reflect the change, update the metric name as well. AWS WAF doesn't automatically update the metric name.



3788
3789
3790
# File 'wa_fv2/cfn_rule_group.rb', line 3788

def visibility_config
  @visibility_config
end

Class Method Details

.jsii_propertiesObject



3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
# File 'wa_fv2/cfn_rule_group.rb', line 3831

def self.jsii_properties
  {
    :name => "name",
    :priority => "priority",
    :statement => "statement",
    :visibility_config => "visibilityConfig",
    :action => "action",
    :captcha_config => "captchaConfig",
    :challenge_config => "challengeConfig",
    :rule_labels => "ruleLabels",
  }
end

Instance Method Details

#to_jsiiObject



3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
# File 'wa_fv2/cfn_rule_group.rb', line 3844

def to_jsii
  result = {}
  result.merge!({
    "name" => @name,
    "priority" => @priority,
    "statement" => @statement,
    "visibilityConfig" => @visibility_config,
    "action" => @action,
    "captchaConfig" => @captcha_config,
    "challengeConfig" => @challenge_config,
    "ruleLabels" => @rule_labels,
  })
  result.compact
end