AWS::WAFv2::WebACL

WAFv2 WebACL

Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a WebACL, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL, a request needs to match onl...

Properties

15 configurable properties. 3 required. Click a row to see details.

Filter:

Property	Type	Flags
`DefaultAction`	`DefaultAction`	Required
`Scope`	`string`	RequiredCreate-only
`VisibilityConfig`	`VisibilityConfig`	Required
`ApplicationConfig`	`ApplicationConfig`
`AssociationConfig`	`AssociationConfig`
`CaptchaConfig`	`CaptchaConfig`
`ChallengeConfig`	`ChallengeConfig`
`CustomResponseBodies`	`CustomResponseBodies`
`DataProtectionConfig`	`DataProtectionConfig`
`Description`	`string`
`Name`	`string`	Create-only
`OnSourceDDoSProtectionConfig`	`OnSourceDDoSProtectionConfig`
`Rules`	`Array<Rule>`
`Tags`	`Array<Tag>`
`TokenDomains`	`array`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Arn`	`string`	-
`Capacity`	`integer`	-
`Id`	`string`	-
`LabelNamespace`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::WAFv2::WebACL

Resources:
  MyResource:
    Type: AWS::WAFv2::WebACL
    Properties:
      DefaultAction: "value"
      Scope: "value"
      VisibilityConfig: "value"
      Tags:
        - Key: Environment
          Value: Production
      Description: !Ref "AWS::StackName"
      Name: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

wafv2:CreateWebACLwafv2:GetWebACLwafv2:ListTagsForResourcewafv2:TagResourcewafv2:UntagResource

delete

wafv2:DeleteWebACLwafv2:GetWebACL

read

wafv2:GetWebACLwafv2:ListTagsForResource

update

wafv2:UpdateWebACLwafv2:GetWebACLwafv2:ListTagsForResourcewafv2:TagResourcewafv2:UntagResource

list

wafv2:listWebACLs

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceWAFv2

Properties19

Required3

TaggingSupported

Primary IDName

Supported Operations

CreateDeleteReadUpdateList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

NameScope

Related Resources

External Links

AWS Documentation