AWS::WAFv2::IPSetCfnIPSet
> This is the latest version of *AWS WAF* , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the [AWS WAF developer guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . Use an `IPSet` to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure AWS WAF to block them using an IP set that lists those IP addresses. You use an IP set by providing its Amazon Resource Name (ARN) to the rule statement `IPSetReferenceStatement` , when you add a rule to a rule group or web ACL.
Import
import { CfnIPSet } from 'aws-cdk-lib/aws-wafv2';Or use the module namespace:
import * as wafv2 from 'aws-cdk-lib/aws-wafv2';
// wafv2.CfnIPSetProperties
Configuration passed to the constructor as CfnIPSetProps.
addressesRequiredstring[]Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses that you want AWS WAF to inspect for in incoming requests. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all IPv4 and IPv6 CIDR ranges except for `/0` . Example address strings: - For requests that originated from the IP address 192.0.2.44, specify `192.0.2.44/32` . - For requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24` . - For requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify `1111:0000:0000:0000:0000:0000:0000:0111/128` . - For requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify `1111:0000:0000:0000:0000:0000:0000:0000/64` . For more information about CIDR notation, see the Wikipedia entry [Classless Inter-Domain Routing](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) . Example JSON `Addresses` specifications: - Empty array: `"Addresses": []` - Array with one address: `"Addresses": ["192.0.2.44/32"]` - Array with three addresses: `"Addresses": ["192.0.2.44/32", "192.0.2.0/24", "192.0.0.0/16"]` - INVALID specification: `"Addresses": [""]` INVALID
ipAddressVersionRequiredstringThe version of the IP addresses, either `IPV4` or `IPV6` .
scopeRequiredstringSpecifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are `CLOUDFRONT` and `REGIONAL` . > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` .
descriptionOptionalstringA description of the IP set that helps with identification.
nameOptionalstringThe name of the IP set. You cannot change the name of an `IPSet` after you create it.
tagsOptionalCfnTag[]Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
CloudFormation Resource
This L1 construct maps directly to the following CloudFormation resource type.
Learn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
aws-wafv2AWS::WAFv2::IPSet