aws-cdk-lib.aws_wafv2.CfnWebACL.ManagedRuleGroupStatementProperty

interface ManagedRuleGroupStatementProperty

LanguageType name
.NETAmazon.CDK.AWS.WAFv2.CfnWebACL.ManagedRuleGroupStatementProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awswafv2#CfnWebACL_ManagedRuleGroupStatementProperty
Javasoftware.amazon.awscdk.services.wafv2.CfnWebACL.ManagedRuleGroupStatementProperty
Pythonaws_cdk.aws_wafv2.CfnWebACL.ManagedRuleGroupStatementProperty
TypeScript aws-cdk-lib » aws_wafv2 » CfnWebACL » ManagedRuleGroupStatementProperty

A rule statement used to run the rules that are defined in a managed rule group.

To use this, provide the vendor name and the name of the rule group in this statement.

You cannot nest a ManagedRuleGroupStatement , for example for use inside a NotStatement or OrStatement . It can only be referenced as a top-level statement within a rule.

Example

// The generated example for this type would exceed 500 lines,
// and has been elided for readability.

Properties

NameTypeDescription
namestringThe name of the managed rule group.
vendorNamestringThe name of the managed rule group vendor.
excludedRules?IResolvable | IResolvable | ExcludedRuleProperty[]Rules in the referenced rule group whose actions are set to Count .
managedRuleGroupConfigs?IResolvable | IResolvable | ManagedRuleGroupConfigProperty[]Additional information that's used by a managed rule group. Many managed rule groups don't require this.
ruleActionOverrides?IResolvable | IResolvable | RuleActionOverrideProperty[]Action settings to use in the place of the rule actions that are configured inside the rule group.
scopeDownStatement?IResolvable | StatementPropertyAn optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.
version?stringThe version of the managed rule group to use.

name

Type: string

The name of the managed rule group.

You use this, along with the vendor name, to identify the rule group.


vendorName

Type: string

The name of the managed rule group vendor.

You use this, along with the rule group name, to identify a rule group.


excludedRules?

Type: IResolvable | IResolvable | ExcludedRuleProperty[] (optional)

Rules in the referenced rule group whose actions are set to Count .

Instead of this option, use RuleActionOverrides . It accepts any valid action setting, including Count .


managedRuleGroupConfigs?

Type: IResolvable | IResolvable | ManagedRuleGroupConfigProperty[] (optional)

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

Use the AWSManagedRulesATPRuleSet configuration object for the account takeover prevention managed rule group, to provide information such as the sign-in page of your application and the type of content to accept or reject from the client.

Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.


ruleActionOverrides?

Type: IResolvable | IResolvable | RuleActionOverrideProperty[] (optional)

Action settings to use in the place of the rule actions that are configured inside the rule group.

You specify one override for each rule whose action you want to change.

You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.


scopeDownStatement?

Type: IResolvable | StatementProperty (optional)

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.

Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.


version?

Type: string (optional)

The version of the managed rule group to use.

If you specify this, the version setting is fixed until you change it. If you don't specify this, AWS WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.