AWS::WAF::WebACL WafAction - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::WAF::WebACL WafAction


This is Amazon WAF Classic documentation. For more information, see Amazon WAF Classic in the developer guide.

For the latest version of Amazon WAF , use the Amazon WAFV2 API and see the Amazon WAF Developer Guide. With the latest version, Amazon WAF has a single set of endpoints for regional and global use.

For the action that is associated with a rule in a WebACL, specifies the action that you want Amazon WAF to perform when a web request matches all of the conditions in a rule. For the default action in a WebACL, specifies the action that you want Amazon WAF to take when a web request doesn't match all of the conditions in any of the rules in a WebACL.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : String }


Type: String



Specifies how you want Amazon WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

  • ALLOW: Amazon WAF allows requests

  • BLOCK: Amazon WAF blocks requests

  • COUNT: Amazon WAF increments a counter of the requests that match all of the conditions in the rule. Amazon WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.

Required: Yes

Type: String

Allowed values: BLOCK | ALLOW | COUNT

Update requires: No interruption