software.amazon.awscdk.services.waf.regional

Class CfnRateBasedRule

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.waf.regional.CfnRateBasedRule

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:42.653Z")
 @Stability(value=Stable)
public class CfnRateBasedRule
extends CfnResource
implements IInspectable

A CloudFormation `AWS::WAFRegional::RateBasedRule`.

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAF V2 API and see the AWS WAF Developer Guide . With the latest version, AWS WAF has a single set of endpoints for regional and global use.

A RateBasedRule is identical to a regular Rule , with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule that includes the following conditions:

• The requests come from 192.0.2.44.
• They contain the value BadBot in the User-Agent header.

In the rule, you also define the rate limit as 15,000.

Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.

Note you can only create rate-based rules using an AWS CloudFormation template. To add the rate-based rules created through AWS CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.waf.regional.*;
 CfnRateBasedRule cfnRateBasedRule = CfnRateBasedRule.Builder.create(this, "MyCfnRateBasedRule")
         .metricName("metricName")
         .name("name")
         .rateKey("rateKey")
         .rateLimit(123)
         // the properties below are optional
         .matchPredicates(List.of(PredicateProperty.builder()
                 .dataId("dataId")
                 .negated(false)
                 .type("type")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnRateBasedRule.Builder A fluent builder for CfnRateBasedRule.
static interface	CfnRateBasedRule.PredicateProperty Specifies the `ByteMatchSet` , `IPSet` , `SqlInjectionMatchSet` , `XssMatchSet` , `RegexMatchSet` , `GeoMatchSet` , and `SizeConstraintSet` objects that you want to add to a `Rule` and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnRateBasedRule(software.constructs.Construct scope, String id, CfnRateBasedRuleProps props) Create a new `AWS::WAFRegional::RateBasedRule`.
protected	CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
protected Map<String,Object>	getCfnProperties()
Object	getMatchPredicates() The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
String	getMetricName() A name for the metrics for a `RateBasedRule` .
String	getName() A friendly name or description for a `RateBasedRule` .
String	getRateKey() The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
Number	getRateLimit() The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setMatchPredicates(IResolvable value) The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
void	setMatchPredicates(List<Object> value) The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .
void	setMetricName(String value) A name for the metrics for a `RateBasedRule` .
void	setName(String value) A friendly name or description for a `RateBasedRule` .
void	setRateKey(String value) The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.
void	setRateLimit(Number value) The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Detail

CFN_RESOURCE_TYPE_NAME

@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnRateBasedRule

protected CfnRateBasedRule(software.amazon.jsii.JsiiObjectRef objRef)

CfnRateBasedRule

protected CfnRateBasedRule(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnRateBasedRule

@Stability(value=Stable)
public CfnRateBasedRule(@NotNull
                                                 software.constructs.Construct scope,
                                                 @NotNull
                                                 String id,
                                                 @NotNull
                                                 CfnRateBasedRuleProps props)

Create a new `AWS::WAFRegional::RateBasedRule`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getMetricName

@Stability(value=Stable)
 @NotNull
public String getMetricName()

A name for the metrics for a `RateBasedRule` .

The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule .

setMetricName

@Stability(value=Stable)
public void setMetricName(@NotNull
                                                   String value)

A name for the metrics for a `RateBasedRule` .

The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule .

getName

@Stability(value=Stable)
 @NotNull
public String getName()

A friendly name or description for a `RateBasedRule` .

You can't change the name of a RateBasedRule after you create it.

setName

@Stability(value=Stable)
public void setName(@NotNull
                                             String value)

A friendly name or description for a `RateBasedRule` .

You can't change the name of a RateBasedRule after you create it.

getRateKey

@Stability(value=Stable)
 @NotNull
public String getRateKey()

The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.

The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .

setRateKey

@Stability(value=Stable)
public void setRateKey(@NotNull
                                                String value)

The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring.

The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .

getRateLimit

@Stability(value=Stable)
 @NotNull
public Number getRateLimit()

The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.

If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

setRateLimit

@Stability(value=Stable)
public void setRateLimit(@NotNull
                                                  Number value)

The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period.

If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

getMatchPredicates

@Stability(value=Stable)
 @Nullable
public Object getMatchPredicates()

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .

setMatchPredicates

@Stability(value=Stable)
public void setMatchPredicates(@Nullable
                                                        IResolvable value)

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .

setMatchPredicates

@Stability(value=Stable)
public void setMatchPredicates(@Nullable
                                                        List<Object> value)

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .