aws-cdk-lib.aws_wafv2.CfnWebACL.ManagedRuleGroupConfigProperty

interface ManagedRuleGroupConfigProperty

LanguageType name
.NETAmazon.CDK.AWS.WAFv2.CfnWebACL.ManagedRuleGroupConfigProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awswafv2#CfnWebACL_ManagedRuleGroupConfigProperty
Javasoftware.amazon.awscdk.services.wafv2.CfnWebACL.ManagedRuleGroupConfigProperty
Pythonaws_cdk.aws_wafv2.CfnWebACL.ManagedRuleGroupConfigProperty
TypeScript aws-cdk-lib » aws_wafv2 » CfnWebACL » ManagedRuleGroupConfigProperty

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_wafv2 as wafv2 } from 'aws-cdk-lib';
const managedRuleGroupConfigProperty: wafv2.CfnWebACL.ManagedRuleGroupConfigProperty = {
  awsManagedRulesAtpRuleSet: {
    loginPath: 'loginPath',

    // the properties below are optional
    requestInspection: {
      passwordField: {
        identifier: 'identifier',
      },
      payloadType: 'payloadType',
      usernameField: {
        identifier: 'identifier',
      },
    },
    responseInspection: {
      bodyContains: {
        failureStrings: ['failureStrings'],
        successStrings: ['successStrings'],
      },
      header: {
        failureValues: ['failureValues'],
        name: 'name',
        successValues: ['successValues'],
      },
      json: {
        failureValues: ['failureValues'],
        identifier: 'identifier',
        successValues: ['successValues'],
      },
      statusCode: {
        failureCodes: [123],
        successCodes: [123],
      },
    },
  },
  awsManagedRulesBotControlRuleSet: {
    inspectionLevel: 'inspectionLevel',
  },
  loginPath: 'loginPath',
  passwordField: {
    identifier: 'identifier',
  },
  payloadType: 'payloadType',
  usernameField: {
    identifier: 'identifier',
  },
};

Properties

NameTypeDescription
awsManagedRulesAtpRuleSet?IResolvable | AWSManagedRulesATPRuleSetPropertyAdditional configuration for using the account takeover prevention (ATP) managed rule group, AWSManagedRulesATPRuleSet .
awsManagedRulesBotControlRuleSet?IResolvable | AWSManagedRulesBotControlRuleSetPropertyAdditional configuration for using the Bot Control managed rule group.
loginPath?string> Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet .
passwordField?IResolvable | FieldIdentifierProperty> Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet RequestInspection .
payloadType?string> Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet RequestInspection .
usernameField?IResolvable | FieldIdentifierProperty> Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet RequestInspection .

awsManagedRulesAtpRuleSet?

Type: IResolvable | AWSManagedRulesATPRuleSetProperty (optional)

Additional configuration for using the account takeover prevention (ATP) managed rule group, AWSManagedRulesATPRuleSet .

Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.

This configuration replaces the individual configuration fields in ManagedRuleGroupConfig and provides additional feature configuration.

For information about using the ATP managed rule group, see AWS WAF Fraud Control account takeover prevention (ATP) rule group and AWS WAF Fraud Control account takeover prevention (ATP) in the AWS WAF Developer Guide .


awsManagedRulesBotControlRuleSet?

Type: IResolvable | AWSManagedRulesBotControlRuleSetProperty (optional)

Additional configuration for using the Bot Control managed rule group.

Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see AWS WAF Bot Control rule group and AWS WAF Bot Control in the AWS WAF Developer Guide .


loginPath?

Type: string (optional)

Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet .


passwordField?

Type: IResolvable | FieldIdentifierProperty (optional)

Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet RequestInspection .


payloadType?

Type: string (optional)

Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet RequestInspection .


usernameField?

Type: IResolvable | FieldIdentifierProperty (optional)

Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet RequestInspection .