aws-cdk-lib

import * as constructs from 'constructs'; import * as cdk from '../../core'; import * as cfn_parse from '../../core/lib/helpers-internal'; /** * Properties for defining a `CfnIPSet` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html */ export interface CfnIPSetProps { /** * Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all IPv4 and IPv6 CIDR ranges except for `/0` . * * Example address strings: * * - To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify `192.0.2.44/32` . * - To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24` . * - To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify `1111:0000:0000:0000:0000:0000:0000:0111/128` . * - To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify `1111:0000:0000:0000:0000:0000:0000:0000/64` . * * For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . * * Example JSON `Addresses` specifications: * * - Empty array: `"Addresses": []` * - Array with one address: `"Addresses": ["192.0.2.44/32"]` * - Array with three addresses: `"Addresses": ["192.0.2.44/32", "192.0.2.0/24", "192.0.0.0/16"]` * - INVALID specification: `"Addresses": [""]` INVALID * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-addresses */ readonly addresses: string[]; /** * The version of the IP addresses, either `IPV4` or `IPV6` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-ipaddressversion */ readonly ipAddressVersion: string; /** * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are `CLOUDFRONT` and `REGIONAL` . * * > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-scope */ readonly scope: string; /** * A description of the IP set that helps with identification. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-description */ readonly description?: string; /** * The name of the IP set. You cannot change the name of an `IPSet` after you create it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-name */ readonly name?: string; /** * Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. * * > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-tags */ readonly tags?: cdk.CfnTag[]; } /** * A CloudFormation `AWS::WAFv2::IPSet` * * > This is the latest version of *AWS WAF* , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . * * Use an `IPSet` to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure AWS WAF to block them using an IP set that lists those IP addresses. * * You use an IP set by providing its Amazon Resource Name (ARN) to the rule statement `IPSetReferenceStatement` , when you add a rule to a rule group or web ACL. * * @cloudformationResource AWS::WAFv2::IPSet * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html */ export declare class CfnIPSet extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::WAFv2::IPSet"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnIPSet; /** * The Amazon Resource Name (ARN) of the IP set. * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The ID of the IP set. * @cloudformationAttribute Id */ readonly attrId: string; /** * Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all IPv4 and IPv6 CIDR ranges except for `/0` . * * Example address strings: * * - To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify `192.0.2.44/32` . * - To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24` . * - To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify `1111:0000:0000:0000:0000:0000:0000:0111/128` . * - To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify `1111:0000:0000:0000:0000:0000:0000:0000/64` . * * For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . * * Example JSON `Addresses` specifications: * * - Empty array: `"Addresses": []` * - Array with one address: `"Addresses": ["192.0.2.44/32"]` * - Array with three addresses: `"Addresses": ["192.0.2.44/32", "192.0.2.0/24", "192.0.0.0/16"]` * - INVALID specification: `"Addresses": [""]` INVALID * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-addresses */ addresses: string[]; /** * The version of the IP addresses, either `IPV4` or `IPV6` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-ipaddressversion */ ipAddressVersion: string; /** * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are `CLOUDFRONT` and `REGIONAL` . * * > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-scope */ scope: string; /** * A description of the IP set that helps with identification. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-description */ description: string | undefined; /** * The name of the IP set. You cannot change the name of an `IPSet` after you create it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-name */ name: string | undefined; /** * Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. * * > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-ipset.html#cfn-wafv2-ipset-tags */ readonly tags: cdk.TagManager; /** * Create a new `AWS::WAFv2::IPSet`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnIPSetProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } /** * Properties for defining a `CfnLoggingConfiguration` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html */ export interface CfnLoggingConfigurationProps { /** * The logging destination configuration that you want to associate with the web ACL. * * > You can associate one logging destination to a web ACL. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-logdestinationconfigs */ readonly logDestinationConfigs: string[]; /** * The Amazon Resource Name (ARN) of the web ACL that you want to associate with `LogDestinationConfigs` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-resourcearn */ readonly resourceArn: string; /** * Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-loggingfilter */ readonly loggingFilter?: any | cdk.IResolvable; /** * The parts of the request that you want to keep out of the logs. For example, if you redact the `SingleHeader` field, the `HEADER` field in the logs will be `REDACTED` . * * > You can specify only the following fields for redaction: `UriPath` , `QueryString` , `SingleHeader` , `Method` , and `JsonBody` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-redactedfields */ readonly redactedFields?: Array<CfnLoggingConfiguration.FieldToMatchProperty | cdk.IResolvable> | cdk.IResolvable; } /** * A CloudFormation `AWS::WAFv2::LoggingConfiguration` * * Defines an association between logging destinations and a web ACL resource, for logging from AWS WAF . As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records. * * > You can define one logging destination per web ACL. * * You can access information about the traffic that AWS WAF inspects using the following steps: * * - Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. * * The name that you give the destination must start with `aws-waf-logs-` . Depending on the type of destination, you might need to configure additional settings or permissions. * * For configuration requirements and pricing information for each destination type, see [Logging web ACL traffic](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the *AWS WAF Developer Guide* . * - Associate your logging destination to your web ACL using a `PutLoggingConfiguration` request. * * When you successfully enable logging using a `PutLoggingConfiguration` request, AWS WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, AWS WAF creates a resource policy on the log group. For an Amazon S3 bucket, AWS WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, AWS WAF creates a service-linked role. * * For additional information about web ACL logging, see [Logging web ACL traffic information](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the *AWS WAF Developer Guide* . * * @cloudformationResource AWS::WAFv2::LoggingConfiguration * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html */ export declare class CfnLoggingConfiguration extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::WAFv2::LoggingConfiguration"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnLoggingConfiguration; /** * Indicates whether the logging configuration was created by AWS Firewall Manager , as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration. * @cloudformationAttribute ManagedByFirewallManager */ readonly attrManagedByFirewallManager: cdk.IResolvable; /** * The logging destination configuration that you want to associate with the web ACL. * * > You can associate one logging destination to a web ACL. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-logdestinationconfigs */ logDestinationConfigs: string[]; /** * The Amazon Resource Name (ARN) of the web ACL that you want to associate with `LogDestinationConfigs` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-resourcearn */ resourceArn: string; /** * Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-loggingfilter */ loggingFilter: any | cdk.IResolvable | undefined; /** * The parts of the request that you want to keep out of the logs. For example, if you redact the `SingleHeader` field, the `HEADER` field in the logs will be `REDACTED` . * * > You can specify only the following fields for redaction: `UriPath` , `QueryString` , `SingleHeader` , `Method` , and `JsonBody` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-loggingconfiguration.html#cfn-wafv2-loggingconfiguration-redactedfields */ redactedFields: Array<CfnLoggingConfiguration.FieldToMatchProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * Create a new `AWS::WAFv2::LoggingConfiguration`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnLoggingConfigurationProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } export declare namespace CfnLoggingConfiguration { /** * A single action condition for a condition in a logging filter. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-actioncondition.html */ interface ActionConditionProperty { /** * The action setting that a log record must contain in order to meet the condition. This is the action that AWS WAF applied to the web request. * * For rule groups, this is either the configured rule action setting, or if you've applied a rule action override to the rule, it's the override action. The value `EXCLUDED_AS_COUNT` matches on excluded rules and also on rules that have a rule action override of Count. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-actioncondition.html#cfn-wafv2-loggingconfiguration-actioncondition-action */ readonly action: string; } } export declare namespace CfnLoggingConfiguration { /** * A single match condition for a log filter. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html */ interface ConditionProperty { /** * A single action condition. This is the action setting that a log record must contain in order to meet the condition. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html#cfn-wafv2-loggingconfiguration-condition-actioncondition */ readonly actionCondition?: CfnLoggingConfiguration.ActionConditionProperty | cdk.IResolvable; /** * A single label name condition. This is the fully qualified label name that a log record must contain in order to meet the condition. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-condition.html#cfn-wafv2-loggingconfiguration-condition-labelnamecondition */ readonly labelNameCondition?: CfnLoggingConfiguration.LabelNameConditionProperty | cdk.IResolvable; } } export declare namespace CfnLoggingConfiguration { /** * The parts of the request that you want to keep out of the logs. This is used in the logging configuration `RedactedFields` specification. * * Example JSON for a `QueryString` field to match: * * `"FieldToMatch": { "QueryString": {} }` * * Example JSON for a `Method` field to match specification: * * `"FieldToMatch": { "Method": { "Name": "DELETE" } }` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html */ interface FieldToMatchProperty { /** * Redact the request body JSON. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-jsonbody */ readonly jsonBody?: any | cdk.IResolvable; /** * Redact the indicated HTTP method. The method indicates the type of operation that the request is asking the origin to perform. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-method */ readonly method?: any | cdk.IResolvable; /** * Redact the query string. This is the part of a URL that appears after a `?` character, if any. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-querystring */ readonly queryString?: any | cdk.IResolvable; /** * Redact a single header. Provide the name of the header to inspect, for example, `User-Agent` or `Referer` . This setting isn't case sensitive. * * Example JSON: `"SingleHeader": { "Name": "haystack" }` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-singleheader */ readonly singleHeader?: any | cdk.IResolvable; /** * Redact the request URI path. This is the part of the web request that identifies a resource, for example, `/images/daily-ad.jpg` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-fieldtomatch.html#cfn-wafv2-loggingconfiguration-fieldtomatch-uripath */ readonly uriPath?: any | cdk.IResolvable; } } export declare namespace CfnLoggingConfiguration { /** * A single logging filter, used in `LoggingFilter` . * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html */ interface FilterProperty { /** * How to handle logs that satisfy the filter's conditions and requirement. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-behavior */ readonly behavior: string; /** * Match conditions for the filter. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-conditions */ readonly conditions: Array<CfnLoggingConfiguration.ConditionProperty | cdk.IResolvable> | cdk.IResolvable; /** * Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-filter.html#cfn-wafv2-loggingconfiguration-filter-requirement */ readonly requirement: string; } } export declare namespace CfnLoggingConfiguration { /** * Inspect the body of the web request as JSON. The body immediately follows the request headers. * * This is used to indicate the web request component to inspect, in the `FieldToMatch` specification. * * Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate. * * Example JSON: `"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html */ interface JsonBodyProperty { /** * What AWS WAF should do if it fails to completely parse the JSON body. The options are the following: * * - `EVALUATE_AS_STRING` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. * * If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. * * AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array. * * AWS WAF parses the JSON in the following examples as two valid key, value pairs: * * - Missing comma: `{"key1":"value1""key2":"value2"}` * - Missing colon: `{"key1":"value1","key2""value2"}` * - Extra colons: `{"key1"::"value1","key2""value2"}` * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html#cfn-wafv2-loggingconfiguration-jsonbody-invalidfallbackbehavior */ readonly invalidFallbackBehavior?: string; /** * The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html#cfn-wafv2-loggingconfiguration-jsonbody-matchpattern */ readonly matchPattern: CfnLoggingConfiguration.MatchPatternProperty | cdk.IResolvable; /** * The parts of the JSON to match against using the `MatchPattern` . If you specify `All` , AWS WAF matches against keys and values. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-jsonbody.html#cfn-wafv2-loggingconfiguration-jsonbody-matchscope */ readonly matchScope: string; } } export declare namespace CfnLoggingConfiguration { /** * A single label name condition for a condition in a logging filter. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-labelnamecondition.html */ interface LabelNameConditionProperty { /** * The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-labelnamecondition.html#cfn-wafv2-loggingconfiguration-labelnamecondition-labelname */ readonly labelName: string; } } export declare namespace CfnLoggingConfiguration { /** * Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's `LoggingConfiguration` . * * You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html */ interface LoggingFilterProperty { /** * Default handling for logs that don't match any of the specified filtering conditions. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html#cfn-wafv2-loggingconfiguration-loggingfilter-defaultbehavior */ readonly defaultBehavior: string; /** * The filters that you want to apply to the logs. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-loggingfilter.html#cfn-wafv2-loggingconfiguration-loggingfilter-filters */ readonly filters: Array<CfnLoggingConfiguration.FilterProperty | cdk.IResolvable> | cdk.IResolvable; } } export declare namespace CfnLoggingConfiguration { /** * The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria. * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-matchpattern.html */ interface MatchPatternProperty { /** * Match all of the elements. * * You must specify either this setting or the `IncludedPaths` setting, but not both. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-matchpattern.html#cfn-wafv2-loggingconfiguration-matchpattern-all */ readonly all?: any | cdk.IResolvable; /** * Match only the specified include paths. * * Provide the include paths using JSON Pointer syntax. For example, `"IncludedPaths": ["/dogs/0/name", "/dogs/1/name"]` . For information about this syntax, see the Internet Engineering Task Force (IETF) documentation [JavaScript Object Notation (JSON) Pointer](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6901) . * * You must specify either this setting or the `All` setting, but not both. * * > Don't use this option to include all paths. Instead, use the `All` setting. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-matchpattern.html#cfn-wafv2-loggingconfiguration-matchpattern-includedpaths */ readonly includedPaths?: string[]; } } export declare namespace CfnLoggingConfiguration { /** * Inspect one of the headers in the web request, identified by name, for example, `User-Agent` or `Referer` . The name isn't case sensitive. * * You can filter and inspect all headers with the `FieldToMatch` setting `Headers` . * * This is used to indicate the web request component to inspect, in the `FieldToMatch` specification. * * Example JSON: `"SingleHeader": { "Name": "haystack" }` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-singleheader.html */ interface SingleHeaderProperty { /** * The name of the query header to inspect. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-loggingconfiguration-singleheader.html#cfn-wafv2-loggingconfiguration-singleheader-name */ readonly name: string; } } /** * Properties for defining a `CfnRegexPatternSet` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html */ export interface CfnRegexPatternSetProps { /** * The regular expression patterns in the set. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-regularexpressionlist */ readonly regularExpressionList: string[]; /** * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are `CLOUDFRONT` and `REGIONAL` . * * > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-scope */ readonly scope: string; /** * A description of the set that helps with identification. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-description */ readonly description?: string; /** * The name of the set. You cannot change the name after you create the set. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-name */ readonly name?: string; /** * Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. * * > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-tags */ readonly tags?: cdk.CfnTag[]; } /** * A CloudFormation `AWS::WAFv2::RegexPatternSet` * * > This is the latest version of *AWS WAF* , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . * * Use an `RegexPatternSet` to have AWS WAF inspect a web request component for a specific set of regular expression patterns. * * You use a regex pattern set by providing its Amazon Resource Name (ARN) to the rule statement `RegexPatternSetReferenceStatement` , when you add a rule to a rule group or web ACL. * * @cloudformationResource AWS::WAFv2::RegexPatternSet * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html */ export declare class CfnRegexPatternSet extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::WAFv2::RegexPatternSet"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnRegexPatternSet; /** * The Amazon Resource Name (ARN) of the regex pattern set. * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The ID of the regex pattern set. * @cloudformationAttribute Id */ readonly attrId: string; /** * The regular expression patterns in the set. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-regularexpressionlist */ regularExpressionList: string[]; /** * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are `CLOUDFRONT` and `REGIONAL` . * * > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-scope */ scope: string; /** * A description of the set that helps with identification. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-description */ description: string | undefined; /** * The name of the set. You cannot change the name after you create the set. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-name */ name: string | undefined; /** * Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. * * > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-regexpatternset.html#cfn-wafv2-regexpatternset-tags */ readonly tags: cdk.TagManager; /** * Create a new `AWS::WAFv2::RegexPatternSet`. * * @param scope - scope in which this resource is defined * @param id - scoped id of the resource * @param props - resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnRegexPatternSetProps); /** * Examines the CloudFormation resource and discloses attributes. * * @param inspector - tree inspector to collect and process attributes * */ inspect(inspector: cdk.TreeInspector): void; protected get cfnProperties(): { [key: string]: any; }; protected renderProperties(props: { [key: string]: any; }): { [key: string]: any; }; } /** * Properties for defining a `CfnRuleGroup` * * @struct * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html */ export interface CfnRuleGroupProps { /** * The web ACL capacity units (WCUs) required for this rule group. * * When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. * * AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-capacity */ readonly capacity: number; /** * Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, or an AWS App Runner service. Valid Values are `CLOUDFRONT` and `REGIONAL` . * * > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-scope */ readonly scope: string; /** * Defines and enables Amazon CloudWatch metrics and web request sample collection. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-visibilityconfig */ readonly visibilityConfig: CfnRuleGroup.VisibilityConfigProperty | cdk.IResolvable; /** * The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the `RuleLabels` for a `Rule` . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-availablelabels */ readonly availableLabels?: Array<CfnRuleGroup.LabelSummaryProperty | cdk.IResolvable> | cdk.IResolvable; /** * The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a `LabelMatchStatement` specification, in the `Statement` definition of a rule. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-consumedlabels */ readonly consumedLabels?: Array<CfnRuleGroup.LabelSummaryProperty | cdk.IResolvable> | cdk.IResolvable; /** * A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. * * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* . * * For information about the limits on count and size for custom request and response settings, see [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the *AWS WAF Developer Guide* . * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-customresponsebodies */ readonly customResponseBodies?: { [key: string]: (CfnRuleGroup.CustomResponseBodyProperty | cdk.IResolvable); } | cdk.IResolvable; /** * A description of the rule group that helps with identification. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-description */ readonly description?: string; /** * The name of the rule group. You cannot change the name of a rule group after you create it. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-name */ readonly name?: string; /** * The rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-rules */ readonly rules?: Array<CfnRuleGroup.RuleProperty | cdk.IResolvable> | cdk.IResolvable; /** * Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. * * > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation. * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html#cfn-wafv2-rulegroup-tags */ readonly tags?: cdk.CfnTag[]; } /** * A CloudFormation `AWS::WAFv2::RuleGroup` * * > This is the latest version of *AWS WAF* , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . * * Use an `RuleGroup` to define a collection of rules for inspecting and controlling web requests. You use a rule group in an `WebACL` by providing its Amazon Resource Name (ARN) to the rule statement `RuleGroupReferenceStatement` , when you add rules to the web ACL. * * When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements. * * @cloudformationResource AWS::WAFv2::RuleGroup * @stability external * * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html */ export declare class CfnRuleGroup extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME = "AWS::WAFv2::RuleGroup"; /** * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnRuleGroup; /** * The Amazon Resource Name (ARN) of the rule group. * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The ID of the rule group. * @cloudformationAttribute Id */ readonly attrId: string; /** * The label namespace prefix for this rule group. All labels added by rules in this rule group have this prefix. * * The syntax for the label namespace prefix for a rule group is the following: `awswaf:<account ID>:rule group:<rule group name>:` * * When a rule with a label matches a web request, AWS WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon. * @cloudformationAttribute LabelNamespace */ readonly attrLabelNamespace: string; /** * The web ACL capacity units (WCUs) required for this rule group. * * When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. * * AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500. * * @link http://docs.aws