» Resource: aws_waf_rate_based_rule
Provides a WAF Rate Based Rule Resource
» Example Usage
resource "aws_waf_ipset" "ipset" {
name = "tfIPSet"
ip_set_descriptors {
type = "IPV4"
value = "192.0.7.0/24"
}
}
resource "aws_waf_rate_based_rule" "wafrule" {
depends_on = ["aws_waf_ipset.ipset"]
name = "tfWAFRule"
metric_name = "tfWAFRule"
rate_key = "IP"
rate_limit = 2000
predicates {
data_id = "${aws_waf_ipset.ipset.id}"
negated = false
type = "IPMatch"
}
}
» Argument Reference
The following arguments are supported:
-
metric_name- (Required) The name or description for the Amazon CloudWatch metric of this rule. -
name- (Required) The name or description of the rule. -
rate_key- (Required) Valid value is IP. -
rate_limit- (Required) The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 2000. -
predicates- (Optional) One of ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule.
» Nested Blocks
»
predicates
See the WAF Documentation for more information.
» Arguments
-
negated- (Required) Set this tofalseif you want to allow, block, or count requests based on the settings in the specifiedByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet, orSizeConstraintSet. For example, if an IPSet includes the IP address192.0.2.44, AWS WAF will allow or block requests based on that IP address. If set totrue, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44. -
data_id- (Required) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID. -
type- (Required) The type of predicate in a rule. Valid values:ByteMatch,GeoMatch,IPMatch,RegexMatch,SizeConstraint,SqlInjectionMatch, orXssMatch.
» Remarks
» Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id- The ID of the WAF rule.