AWS::WAFv2::WebACL RuleGroupReferenceStatement
A rule statement used to run the rules that are defined in a AWS::WAFv2::RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
You cannot nest a RuleGroupReferenceStatement
, for example for use inside a NotStatement
or OrStatement
. You
can only use a rule group reference statement at the top level inside a web ACL.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Arn" :
String
, "ExcludedRules" :[ ExcludedRule, ... ]
, "RuleActionOverrides" :[ RuleActionOverride, ... ]
}
YAML
Arn:
String
ExcludedRules:- ExcludedRule
RuleActionOverrides:- RuleActionOverride
Properties
Arn
-
The Amazon Resource Name (ARN) of the entity.
Required: Yes
Type: String
Minimum:
20
Maximum:
2048
Pattern:
.*\S.*
Update requires: No interruption
ExcludedRules
-
Rules in the referenced rule group whose actions are set to
Count
.Note Instead of this option, use
RuleActionOverrides
. It accepts any valid action setting, includingCount
.Required: No
Type: List of ExcludedRule
Maximum:
100
Update requires: No interruption
RuleActionOverrides
-
Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to
Count
and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.Required: No
Type: List of RuleActionOverride
Update requires: No interruption