sahilsk/wafv2.yaml

## wafv2.yaml
Description: Create WebACL example
Parameters:
  WebACLDefaultAction:
    Type: String
    AllowedValues:
      - Allow
      - Block

  WebACLRuleAction:
    Type: String
    AllowedValues:
      - Allow
      - Count
      - Block

Conditions:
  DefaultActionisAllow: !Equals [!Ref WebACLDefaultAction, 'Allow']
  RuleActionisAllow: !Equals [!Ref WebACLRuleAction, 'Allow']
  RuleActionisBlock: !Equals [!Ref WebACLRuleAction, 'Block']

Resources:
  ExampleWebACL:
    Type: AWS::WAFv2::WebACL
    Properties:
      Name: ExampleWebACL
      Scope: REGIONAL
      Description: This is an example WebACL
      DefaultAction:
        !If
          - DefaultActionisAllow
          - Allow: {}
          - Block: {}
      VisibilityConfig:
        SampledRequestsEnabled: true
        CloudWatchMetricsEnabled: true
        MetricName: ExampleWebACLMetric
      Rules:
        - Name: BlockXssAttack
          Priority: 1
          Action:
            !If
              - RuleActionisAllow
              - Allow: {}
              - !If
                  - RuleActionisBlock
                  - Block: {}
                  - Count: {}
          VisibilityConfig:
            SampledRequestsEnabled: true
            CloudWatchMetricsEnabled: true
            MetricName: BlockXssAttackMetric
          Statement:
            XssMatchStatement:
              FieldToMatch:
                AllQueryArguments: {}
              TextTransformations:
                - Priority: 1
                  Type: NONE


        - Name: AWS-AWSManagedRulesAnonymousIpList
          Priority: 300
          OverrideAction:
            !If
              - RuleActionisAllow
              - Count: {}
              - None: {}
          VisibilityConfig:
            SampledRequestsEnabled: true
            CloudWatchMetricsEnabled: true
            MetricName: AWSManagedRulesAnonymousIpListMetric
          Statement:
            ManagedRuleGroupStatement:
              VendorName: AWS
              Name: AWSManagedRulesAnonymousIpList
              ExcludedRules: []
	Description: Create WebACL example
	Parameters:
	WebACLDefaultAction:
	Type: String
	AllowedValues:
	- Allow
	- Block

	WebACLRuleAction:
	Type: String
	AllowedValues:
	- Allow
	- Count
	- Block

	Conditions:
	DefaultActionisAllow: !Equals [!Ref WebACLDefaultAction, 'Allow']
	RuleActionisAllow: !Equals [!Ref WebACLRuleAction, 'Allow']
	RuleActionisBlock: !Equals [!Ref WebACLRuleAction, 'Block']

	Resources:
	ExampleWebACL:
	Type: AWS::WAFv2::WebACL
	Properties:
	Name: ExampleWebACL
	Scope: REGIONAL
	Description: This is an example WebACL
	DefaultAction:
	!If
	- DefaultActionisAllow
	- Allow: {}
	- Block: {}
	VisibilityConfig:
	SampledRequestsEnabled: true
	CloudWatchMetricsEnabled: true
	MetricName: ExampleWebACLMetric
	Rules:
	- Name: BlockXssAttack
	Priority: 1
	Action:
	!If
	- RuleActionisAllow
	- Allow: {}
	- !If
	- RuleActionisBlock
	- Block: {}
	- Count: {}
	VisibilityConfig:
	SampledRequestsEnabled: true
	CloudWatchMetricsEnabled: true
	MetricName: BlockXssAttackMetric
	Statement:
	XssMatchStatement:
	FieldToMatch:
	AllQueryArguments: {}
	TextTransformations:
	- Priority: 1
	Type: NONE



	- Name: AWS-AWSManagedRulesAnonymousIpList
	Priority: 300
	OverrideAction:
	!If
	- RuleActionisAllow
	- Count: {}
	- None: {}
	VisibilityConfig:
	SampledRequestsEnabled: true
	CloudWatchMetricsEnabled: true
	MetricName: AWSManagedRulesAnonymousIpListMetric
	Statement:
	ManagedRuleGroupStatement:
	VendorName: AWS
	Name: AWSManagedRulesAnonymousIpList
	ExcludedRules: []