Class: AWSCDK::WAFv2::CfnWebACL::ManagedRuleGroupConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_web_acl.rb

Overview

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

The rule groups used for intelligent threat mitigation require additional configuration:

  • Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.
  • Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.
  • Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(aws_managed_rules_acfp_rule_set: nil, aws_managed_rules_anti_d_do_s_rule_set: nil, aws_managed_rules_atp_rule_set: nil, aws_managed_rules_bot_control_rule_set: nil, login_path: nil, password_field: nil, payload_type: nil, username_field: nil) ⇒ ManagedRuleGroupConfigProperty

Returns a new instance of ManagedRuleGroupConfigProperty.

Parameters:



3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
# File 'wa_fv2/cfn_web_acl.rb', line 3508

def initialize(aws_managed_rules_acfp_rule_set: nil, aws_managed_rules_anti_d_do_s_rule_set: nil, aws_managed_rules_atp_rule_set: nil, aws_managed_rules_bot_control_rule_set: nil, login_path: nil, password_field: nil, payload_type: nil, username_field: nil)
  @aws_managed_rules_acfp_rule_set = aws_managed_rules_acfp_rule_set.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesACFPRuleSetProperty.new(**aws_managed_rules_acfp_rule_set.transform_keys(&:to_sym)) : aws_managed_rules_acfp_rule_set
  Jsii::Type.check_type(@aws_managed_rules_acfp_rule_set, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQVdTTWFuYWdlZFJ1bGVzQUNGUFJ1bGVTZXRQcm9wZXJ0eSJ9XX19")), "awsManagedRulesAcfpRuleSet") unless @aws_managed_rules_acfp_rule_set.nil?
  @aws_managed_rules_anti_d_do_s_rule_set = aws_managed_rules_anti_d_do_s_rule_set.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesAntiDDoSRuleSetProperty.new(**aws_managed_rules_anti_d_do_s_rule_set.transform_keys(&:to_sym)) : aws_managed_rules_anti_d_do_s_rule_set
  Jsii::Type.check_type(@aws_managed_rules_anti_d_do_s_rule_set, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQVdTTWFuYWdlZFJ1bGVzQW50aUREb1NSdWxlU2V0UHJvcGVydHkifV19fQ==")), "awsManagedRulesAntiDDoSRuleSet") unless @aws_managed_rules_anti_d_do_s_rule_set.nil?
  @aws_managed_rules_atp_rule_set = aws_managed_rules_atp_rule_set.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesATPRuleSetProperty.new(**aws_managed_rules_atp_rule_set.transform_keys(&:to_sym)) : aws_managed_rules_atp_rule_set
  Jsii::Type.check_type(@aws_managed_rules_atp_rule_set, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQVdTTWFuYWdlZFJ1bGVzQVRQUnVsZVNldFByb3BlcnR5In1dfX0=")), "awsManagedRulesAtpRuleSet") unless @aws_managed_rules_atp_rule_set.nil?
  @aws_managed_rules_bot_control_rule_set = aws_managed_rules_bot_control_rule_set.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesBotControlRuleSetProperty.new(**aws_managed_rules_bot_control_rule_set.transform_keys(&:to_sym)) : aws_managed_rules_bot_control_rule_set
  Jsii::Type.check_type(@aws_managed_rules_bot_control_rule_set, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQVdTTWFuYWdlZFJ1bGVzQm90Q29udHJvbFJ1bGVTZXRQcm9wZXJ0eSJ9XX19")), "awsManagedRulesBotControlRuleSet") unless @aws_managed_rules_bot_control_rule_set.nil?
  @login_path = 
  Jsii::Type.check_type(@login_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "loginPath") unless @login_path.nil?
  @password_field = password_field.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::FieldIdentifierProperty.new(**password_field.transform_keys(&:to_sym)) : password_field
  Jsii::Type.check_type(@password_field, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuRmllbGRJZGVudGlmaWVyUHJvcGVydHkifV19fQ==")), "passwordField") unless @password_field.nil?
  @payload_type = payload_type
  Jsii::Type.check_type(@payload_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "payloadType") unless @payload_type.nil?
  @username_field = username_field.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::FieldIdentifierProperty.new(**username_field.transform_keys(&:to_sym)) : username_field
  Jsii::Type.check_type(@username_field, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuRmllbGRJZGVudGlmaWVyUHJvcGVydHkifV19fQ==")), "usernameField") unless @username_field.nil?
end

Instance Attribute Details

#aws_managed_rules_acfp_rule_setAWSCDK::IResolvable, ... (readonly)

Additional configuration for using the account creation fraud prevention (ACFP) managed rule group, AWSManagedRulesACFPRuleSet .

Use this to provide account creation request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to account creation requests.

For information about using the ACFP managed rule group, see AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group and AWS WAF Fraud Control account creation fraud prevention (ACFP) in the AWS WAF Developer Guide .



3535
3536
3537
# File 'wa_fv2/cfn_web_acl.rb', line 3535

def aws_managed_rules_acfp_rule_set
  @aws_managed_rules_acfp_rule_set
end

#aws_managed_rules_anti_d_do_s_rule_setAWSCDK::IResolvable, ... (readonly)

Additional configuration for using the anti-DDoS managed rule group, AWSManagedRulesAntiDDoSRuleSet .

Use this to configure anti-DDoS behavior for the rule group.

For information about using the anti-DDoS managed rule group, see AWS WAF Anti-DDoS rule group and Distributed Denial of Service (DDoS) prevention in the AWS WAF Developer Guide .



3544
3545
3546
# File 'wa_fv2/cfn_web_acl.rb', line 3544

def aws_managed_rules_anti_d_do_s_rule_set
  @aws_managed_rules_anti_d_do_s_rule_set
end

#aws_managed_rules_atp_rule_setAWSCDK::IResolvable, ... (readonly)

Additional configuration for using the account takeover prevention (ATP) managed rule group, AWSManagedRulesATPRuleSet .

Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.

This configuration replaces the individual configuration fields in ManagedRuleGroupConfig and provides additional feature configuration.

For information about using the ATP managed rule group, see AWS WAF Fraud Control account takeover prevention (ATP) rule group and AWS WAF Fraud Control account takeover prevention (ATP) in the AWS WAF Developer Guide .



3555
3556
3557
# File 'wa_fv2/cfn_web_acl.rb', line 3555

def aws_managed_rules_atp_rule_set
  @aws_managed_rules_atp_rule_set
end

#aws_managed_rules_bot_control_rule_setAWSCDK::IResolvable, ... (readonly)

Additional configuration for using the Bot Control managed rule group.

Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see AWS WAF Bot Control rule group and AWS WAF Bot Control in the AWS WAF Developer Guide .



3562
3563
3564
# File 'wa_fv2/cfn_web_acl.rb', line 3562

def aws_managed_rules_bot_control_rule_set
  @aws_managed_rules_bot_control_rule_set
end

#login_pathString? (readonly)

Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet .



3567
3568
3569
# File 'wa_fv2/cfn_web_acl.rb', line 3567

def 
  @login_path
end

#password_fieldAWSCDK::IResolvable, ... (readonly)

Instead of this setting, provide your configuration under the request inspection configuration for AWSManagedRulesATPRuleSet or AWSManagedRulesACFPRuleSet .



3572
3573
3574
# File 'wa_fv2/cfn_web_acl.rb', line 3572

def password_field
  @password_field
end

#payload_typeString? (readonly)

Instead of this setting, provide your configuration under the request inspection configuration for AWSManagedRulesATPRuleSet or AWSManagedRulesACFPRuleSet .



3577
3578
3579
# File 'wa_fv2/cfn_web_acl.rb', line 3577

def payload_type
  @payload_type
end

#username_fieldAWSCDK::IResolvable, ... (readonly)

Instead of this setting, provide your configuration under the request inspection configuration for AWSManagedRulesATPRuleSet or AWSManagedRulesACFPRuleSet .



3582
3583
3584
# File 'wa_fv2/cfn_web_acl.rb', line 3582

def username_field
  @username_field
end

Class Method Details

.jsii_propertiesObject



3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
# File 'wa_fv2/cfn_web_acl.rb', line 3584

def self.jsii_properties
  {
    :aws_managed_rules_acfp_rule_set => "awsManagedRulesAcfpRuleSet",
    :aws_managed_rules_anti_d_do_s_rule_set => "awsManagedRulesAntiDDoSRuleSet",
    :aws_managed_rules_atp_rule_set => "awsManagedRulesAtpRuleSet",
    :aws_managed_rules_bot_control_rule_set => "awsManagedRulesBotControlRuleSet",
    :login_path => "loginPath",
    :password_field => "passwordField",
    :payload_type => "payloadType",
    :username_field => "usernameField",
  }
end

Instance Method Details

#to_jsiiObject



3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
# File 'wa_fv2/cfn_web_acl.rb', line 3597

def to_jsii
  result = {}
  result.merge!({
    "awsManagedRulesAcfpRuleSet" => @aws_managed_rules_acfp_rule_set,
    "awsManagedRulesAntiDDoSRuleSet" => @aws_managed_rules_anti_d_do_s_rule_set,
    "awsManagedRulesAtpRuleSet" => @aws_managed_rules_atp_rule_set,
    "awsManagedRulesBotControlRuleSet" => @aws_managed_rules_bot_control_rule_set,
    "loginPath" => @login_path,
    "passwordField" => @password_field,
    "payloadType" => @payload_type,
    "usernameField" => @username_field,
  })
  result.compact
end