AWS::WAF::WebACL ActivatedRule - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::WAF::WebACL ActivatedRule

The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL, and the action that you want Amazon WAF to take when a web request matches the Rule (ALLOW, BLOCK, or COUNT).

To specify whether to insert or delete a Rule, use the Action parameter in the WebACLUpdate data type.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Action" : WafAction, "Priority" : Integer, "RuleId" : String }

YAML

Action: WafAction Priority: Integer RuleId: String

Properties

Action

Specifies the action that Amazon CloudFront or Amazon WAF takes when a web request matches the conditions in the Rule. Valid values for Action include the following:

  • ALLOW: CloudFront responds with the requested object.

  • BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.

  • COUNT: Amazon WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case, you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

Required: No

Type: WafAction

Update requires: No interruption

Priority

Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value for Priority are evaluated before Rules with a higher value. The value must be a unique integer. If you add multiple Rules to a WebACL, the values don't need to be consecutive.

Required: Yes

Type: Integer

Update requires: No interruption

RuleId

The RuleId for a Rule. You use RuleId to get more information about a Rule, update a Rule, insert a Rule into a WebACL or delete a one from a WebACL, or delete a Rule from Amazon WAF.

RuleId is returned by CreateRule and by ListRules.

Required: Yes

Type: String

Pattern: .*\S.*

Minimum: 1

Maximum: 128

Update requires: No interruption