Example managed rule group configurations in JSON and YAML - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Example managed rule group configurations in JSON and YAML

This section provides example managed rule group configurations.

The API and CLI calls return a list of all rules in the managed rule group that you can reference in the JSON model or through Amazon CloudFormation.

JSON

You can reference and modify managed rule groups within a rule statement using JSON. The following listing shows the Amazon Managed Rules rule group, AWSManagedRulesCommonRuleSet, in JSON format. The RuleActionOverrides specification lists a rule whose action has been overridden to Count.

{ "Name": "AWS-AWSManagedRulesCommonRuleSet", "Priority": 0, "Statement": { "ManagedRuleGroupStatement": { "VendorName": "AWS", "Name": "AWSManagedRulesCommonRuleSet", "RuleActionOverrides": [ { "ActionToUse": { "Count": {} }, "Name": "NoUserAgent_HEADER" } ], "ExcludedRules": [] } }, "OverrideAction": { "None": {} }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AWS-AWSManagedRulesCommonRuleSet" } }
YAML

You can reference and modify managed rule groups within a rule statement using the Amazon CloudFormation YAML template. The following listing shows the Amazon Managed Rules rule group, AWSManagedRulesCommonRuleSet, in Amazon CloudFormation template. The RuleActionOverrides specification lists a rule whose action has been overridden to Count.

Name: AWS-AWSManagedRulesCommonRuleSet Priority: 0 Statement: ManagedRuleGroupStatement: VendorName: AWS Name: AWSManagedRulesCommonRuleSet RuleActionOverrides: - ActionToUse: Count: {} Name: NoUserAgent_HEADER ExcludedRules: [] OverrideAction: None: {} VisibilityConfig: SampledRequestsEnabled: true CloudWatchMetricsEnabled: true MetricName: AWS-AWSManagedRulesCommonRuleSet