Provides an WAF Regional Rule Resource for use with Application Load Balancer.
resource "aws_wafregional_ipset" "ipset" {
name = "tfIPSet"
ip_set_descriptor {
type = "IPV4"
value = "192.0.7.0/24"
}
}
resource "aws_wafregional_rule" "wafrule" {
name = "tfWAFRule"
metric_name = "tfWAFRule"
predicate {
type = "IPMatch"
data_id = aws_wafregional_ipset.ipset.id
negated = false
}
}
This resource supports the following arguments:
name
- (Required) The name or description of the rule.metric_name
- (Required) The name or description for the Amazon CloudWatch metric of this rule.predicate
- (Optional) The objects to include in a rule (documented below).tags
- (Optional) Key-value map of resource tags. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.predicate
See the WAF Documentation for more information.
type
- (Required) The type of predicate in a rule. Valid values: ByteMatch
, GeoMatch
, IPMatch
, RegexMatch
, SizeConstraint
, SqlInjectionMatch
, or XssMatch
data_id
- (Required) The unique identifier of a predicate, such as the ID of a ByteMatchSet
or IPSet
.negated
- (Required) Whether to use the settings or the negated settings that you specified in the objects.This resource exports the following attributes in addition to the arguments above:
id
- The ID of the WAF Regional Rule.arn
- The ARN of the WAF Regional Rule.tags_all
- A map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.In Terraform v1.5.0 and later, use an import
block to import WAF Regional Rule using the id. For example:
import {
to = aws_wafregional_rule.wafrule
id = "a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc"
}
Using terraform import
, import WAF Regional Rule using the id. For example:
% terraform import aws_wafregional_rule.wafrule a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc