Skip to content

Instantly share code, notes, and snippets.

@sahilsk
Created March 19, 2020 15:40
Show Gist options
  • Save sahilsk/d8ce37ae25e1b10f31692450e257673a to your computer and use it in GitHub Desktop.
Save sahilsk/d8ce37ae25e1b10f31692450e257673a to your computer and use it in GitHub Desktop.
cloudformation-yaml-wafv2 parametrized DefaultAction using custom action
Description: Create WebACL example
Parameters:
WebACLDefaultAction:
Type: String
AllowedValues:
- Allow
- Block
WebACLRuleAction:
Type: String
AllowedValues:
- Allow
- Count
- Block
Conditions:
DefaultActionisAllow: !Equals [!Ref WebACLDefaultAction, 'Allow']
RuleActionisAllow: !Equals [!Ref WebACLRuleAction, 'Allow']
RuleActionisBlock: !Equals [!Ref WebACLRuleAction, 'Block']
Resources:
ExampleWebACL:
Type: AWS::WAFv2::WebACL
Properties:
Name: ExampleWebACL
Scope: REGIONAL
Description: This is an example WebACL
DefaultAction:
!If
- DefaultActionisAllow
- Allow: {}
- Block: {}
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: ExampleWebACLMetric
Rules:
- Name: BlockXssAttack
Priority: 1
Action:
!If
- RuleActionisAllow
- Allow: {}
- !If
- RuleActionisBlock
- Block: {}
- Count: {}
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: BlockXssAttackMetric
Statement:
XssMatchStatement:
FieldToMatch:
AllQueryArguments: {}
TextTransformations:
- Priority: 1
Type: NONE
- Name: AWS-AWSManagedRulesAnonymousIpList
Priority: 300
OverrideAction:
!If
- RuleActionisAllow
- Count: {}
- None: {}
VisibilityConfig:
SampledRequestsEnabled: true
CloudWatchMetricsEnabled: true
MetricName: AWSManagedRulesAnonymousIpListMetric
Statement:
ManagedRuleGroupStatement:
VendorName: AWS
Name: AWSManagedRulesAnonymousIpList
ExcludedRules: []
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment