terraform/website/source/docs/providers/aws/r/waf_rule.html.markdown

---
layout: "aws"
page_title: "AWS: waf_rule"
sidebar_current: "docs-aws-resource-waf-rule"
description: |-
  Provides a AWS WAF rule resource.
---

# aws\_waf\_rule

Provides a WAF Rule Resource

## Example Usage

```hcl
resource "aws_waf_ipset" "ipset" {
  name = "tfIPSet"

  ip_set_descriptors {
    type  = "IPV4"
    value = "192.0.7.0/24"
  }
}

resource "aws_waf_rule" "wafrule" {
  depends_on  = ["aws_waf_ipset.ipset"]
  name        = "tfWAFRule"
  metric_name = "tfWAFRule"

  predicates {
    data_id = "${aws_waf_ipset.ipset.id}"
    negated = false
    type    = "IPMatch"
  }
}
```

## Argument Reference

The following arguments are supported:

* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule.
* `name` - (Required) The name or description of the rule.
* `predicates` - (Optional) One of ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule.

## Nested Blocks

### `predicates`

#### Arguments

* `negated` - (Required) Set this to `false` if you want to allow, block, or count requests
  based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`.
  For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.
  If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`.
* `data_id` - (Optional) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
* `type` - (Required) The type of predicate in a rule, such as `ByteMatchSet` or `IPSet`

## Remarks

## Attributes Reference

The following attributes are exported:

* `id` - The ID of the WAF rule.
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`---`
			`layout: "aws"`
			`page_title: "AWS: waf_rule"`
			`sidebar_current: "docs-aws-resource-waf-rule"`
			`description: \|-`
			`Provides a AWS WAF rule resource.`
			`---`

docs/aws: Fixing the AWS WAF Documentation 2016-11-01 20:42:56 +01:00			`# aws\_waf\_rule`

			`Provides a WAF Rule Resource`

Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`## Example Usage`

Massively add HCL source tag in docs Markdown files Signed-off-by: Max Riveiro <kavu13@gmail.com> 2017-04-17 12:17:54 +02:00			```hcl
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`resource "aws_waf_ipset" "ipset" {`
			`name = "tfIPSet"`
website/docs: Run `terraform fmt` on code examples (#12075) * docs/vsphere: Fix code block * docs: Convert `...` to `# ...` to allow `terraform fmt`ing * docs: Trim trailing whitespace * docs: First-pass run of `terraform fmt` on code examples 2017-02-18 23:48:50 +01:00
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`ip_set_descriptors {`
website/docs: Run `terraform fmt` on code examples (#12075) * docs/vsphere: Fix code block * docs: Convert `...` to `# ...` to allow `terraform fmt`ing * docs: Trim trailing whitespace * docs: First-pass run of `terraform fmt` on code examples 2017-02-18 23:48:50 +01:00			`type = "IPV4"`
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`value = "192.0.7.0/24"`
			`}`
			`}`

			`resource "aws_waf_rule" "wafrule" {`
website/docs: Run `terraform fmt` on code examples (#12075) * docs/vsphere: Fix code block * docs: Convert `...` to `# ...` to allow `terraform fmt`ing * docs: Trim trailing whitespace * docs: First-pass run of `terraform fmt` on code examples 2017-02-18 23:48:50 +01:00			`depends_on = ["aws_waf_ipset.ipset"]`
			`name = "tfWAFRule"`
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`metric_name = "tfWAFRule"`
website/docs: Run `terraform fmt` on code examples (#12075) * docs/vsphere: Fix code block * docs: Convert `...` to `# ...` to allow `terraform fmt`ing * docs: Trim trailing whitespace * docs: First-pass run of `terraform fmt` on code examples 2017-02-18 23:48:50 +01:00
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`predicates {`
			`data_id = "${aws_waf_ipset.ipset.id}"`
			`negated = false`
website/docs: Run `terraform fmt` on code examples (#12075) * docs/vsphere: Fix code block * docs: Convert `...` to `# ...` to allow `terraform fmt`ing * docs: Trim trailing whitespace * docs: First-pass run of `terraform fmt` on code examples 2017-02-18 23:48:50 +01:00			`type = "IPMatch"`
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00			`}`
			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule.
			* `name` - (Required) The name or description of the rule.
docs/aws: Add undocumented fields to all WAF resources (#14091) * docs/aws: Add undocumented fields to all WAF resources * docs/aws: Alphabetically sort WAF resources 2017-05-01 16:23:30 +02:00			* `predicates` - (Optional) One of ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule.

			`## Nested Blocks`

			### `predicates`

			`#### Arguments`

			* `negated` - (Required) Set this to `false` if you want to allow, block, or count requests
			based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`.
			For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.
			If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`.
			* `data_id` - (Optional) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
			* `type` - (Required) The type of predicate in a rule, such as `ByteMatchSet` or `IPSet`
Added WAF ACL Resource (#8852) 2016-10-27 13:54:36 +02:00
			`## Remarks`

			`## Attributes Reference`

			`The following attributes are exported:`

			* `id` - The ID of the WAF rule.