docs/aws: Add undocumented fields to all WAF resources (#14091)

* docs/aws: Add undocumented fields to all WAF resources

* docs/aws: Alphabetically sort WAF resources
This commit is contained in:
Radek Simko 2017-05-01 15:23:30 +01:00 committed by GitHub
parent 51d2e9f349
commit 143c8bbdfe
8 changed files with 182 additions and 28 deletions

View File

@ -34,7 +34,41 @@ resource "aws_waf_byte_match_set" "byte_set" {
The following arguments are supported: The following arguments are supported:
* `name` - (Required) The name or description of the Byte Match Set. * `name` - (Required) The name or description of the Byte Match Set.
* `byte_match_tuples` - Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. * `byte_match_tuples` - Specifies the bytes (typically a string that corresponds
with ASCII characters) that you want to search for in web requests,
the location in requests that you want to search, and other settings.
## Nested blocks
### `byte_match_tuples`
#### Arguments
* `field_to_match` - (Required) The part of a web request that you want to search, such as a specified header or a query string.
* `positional_constraint` - (Required) Within the portion of a web request that you want to search
(for example, in the query string, if any), specify where you want to search.
e.g. `CONTAINS`, `CONTAINS_WORD` or `EXACTLY`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-PositionalConstraint)
for all supported values.
* `target_string` - (Optional) The value that you want to search for. e.g. `HEADER`, `METHOD` or `BODY`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TargetString)
for all supported values.
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
If you specify a transformation, AWS WAF performs the transformation on `target_string` before inspecting a request for a match.
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation)
for all supported values.
### `field_to_match`
#### Arguments
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
If `type` is any other value, omit this field.
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
e.g. `HEADER`, `METHOD` or `BODY`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
for all supported values.
## Remarks ## Remarks

View File

@ -28,7 +28,18 @@ resource "aws_waf_ipset" "ipset" {
The following arguments are supported: The following arguments are supported:
* `name` - (Required) The name or description of the IPSet. * `name` - (Required) The name or description of the IPSet.
* `ip_set_descriptors` - (Optional) The IP address type and IP address range (in CIDR notation) from which web requests originate. * `ip_set_descriptors` - (Optional) Specifies the IP address type (IPV4 or IPV6)
and the IP address range (in CIDR format) that web requests originate from.
## Nested Blocks
### `ip_set_descriptors`
#### Arguments
* `type` - (Required) Type of the IP address - `IPV4` or `IPV6`.
* `value` - (Required) An IPv4 or IPv6 address specified via CIDR notation.
e.g. `192.0.2.44/32` or `1111:0000:0000:0000:0000:0000:0000:0000/64`
## Remarks ## Remarks

View File

@ -41,7 +41,20 @@ The following arguments are supported:
* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule. * `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule.
* `name` - (Required) The name or description of the rule. * `name` - (Required) The name or description of the rule.
* `predicates` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule. * `predicates` - (Optional) One of ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule.
## Nested Blocks
### `predicates`
#### Arguments
* `negated` - (Required) Set this to `false` if you want to allow, block, or count requests
based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`.
For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.
If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`.
* `data_id` - (Optional) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
* `type` - (Required) The type of predicate in a rule, such as `ByteMatchSet` or `IPSet`
## Remarks ## Remarks

View File

@ -33,7 +33,37 @@ resource "aws_waf_size_constraint_set" "size_constraint_set" {
The following arguments are supported: The following arguments are supported:
* `name` - (Required) The name or description of the Size Constraint Set. * `name` - (Required) The name or description of the Size Constraint Set.
* `size_constraints` - (Required) The size constraint and the part of the web request to check. * `size_constraints` - (Optional) Specifies the parts of web requests that you want to inspect the size of.
## Nested Blocks
### `size_constraints`
#### Arguments
* `field_to_match` - (Required) Specifies where in a web request to look for the size constraint.
* `comparison_operator` - (Required) The type of comparison you want to perform.
e.g. `EQ`, `NE`, `LT`, `GT`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-ComparisonOperator) for all supported values.
* `size` - (Required) The size in bytes that you want to compare against the size of the specified `field_to_match`.
Valid values are between 0 - 21474836480 bytes (0 - 20 GB).
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
If you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-TextTransformation)
for all supported values.
**Note:** if you choose `BODY` as `type`, you must choose `NONE` because CloudFront forwards only the first 8192 bytes for inspection.
### `field_to_match`
#### Arguments
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
If `type` is any other value, omit this field.
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
e.g. `HEADER`, `METHOD` or `BODY`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
for all supported values.
## Remarks ## Remarks

View File

@ -3,7 +3,7 @@ layout: "aws"
page_title: "AWS: waf_sql_injection_match_set" page_title: "AWS: waf_sql_injection_match_set"
sidebar_current: "docs-aws-resource-waf-sql-injection-match-set" sidebar_current: "docs-aws-resource-waf-sql-injection-match-set"
description: |- description: |-
Provides a AWS WAF SqlInjectionMatchSet resource. Provides a AWS WAF SQL Injection Match Set resource.
--- ---
# aws\_waf\_sql\_injection\_match\_set # aws\_waf\_sql\_injection\_match\_set
@ -31,7 +31,30 @@ resource "aws_waf_sql_injection_match_set" "sql_injection_match_set" {
The following arguments are supported: The following arguments are supported:
* `name` - (Required) The name or description of the SizeConstraintSet. * `name` - (Required) The name or description of the SizeConstraintSet.
* `sql_injection_match_tuples` - The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. * `sql_injection_match_tuples` - (Optional) The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
## Nested Blocks
### `sql_injection_match_tuples`
* `field_to_match` - (Required) Specifies where in a web request to look for snippets of malicious SQL code.
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
If you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SqlInjectionMatchTuple.html#WAF-Type-SqlInjectionMatchTuple-TextTransformation)
for all supported values.
### `field_to_match`
#### Arguments
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
If `type` is any other value, omit this field.
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
e.g. `HEADER`, `METHOD` or `BODY`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
for all supported values.
## Remarks ## Remarks
@ -39,4 +62,4 @@ The following arguments are supported:
The following attributes are exported: The following attributes are exported:
* `id` - The ID of the WAF SqlInjectionMatchSet. * `id` - The ID of the WAF SQL Injection Match Set.

View File

@ -63,6 +63,26 @@ The following arguments are supported:
* `name` - (Required) The name or description of the web ACL. * `name` - (Required) The name or description of the web ACL.
* `rules` - (Required) The rules to associate with the web ACL and the settings for each rule. * `rules` - (Required) The rules to associate with the web ACL and the settings for each rule.
## Nested Blocks
### `default_action`
#### Arguments
* `type` - (Required) Specifies how you want AWS WAF to respond to requests that match the settings in a rule.
e.g. `ALLOW`, `BLOCK` or `COUNT`
### `rules`
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ActivatedRule.html) for all details and supported values.
#### Arguments
* `action` - (Required) The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.
e.g. `ALLOW`, `BLOCK` or `COUNT`
* `priority` - (Required) Specifies the order in which the rules in a WebACL are evaluated.
Rules with a lower value are evaluated before rules with a higher value.
* `rule_id` - (Required) ID of the associated [rule](/docs/providers/aws/r/waf_rule.html)
## Attributes Reference ## Attributes Reference

View File

@ -39,7 +39,30 @@ resource "aws_waf_xss_match_set" "xss_match_set" {
The following arguments are supported: The following arguments are supported:
* `name` - (Required) The name or description of the SizeConstraintSet. * `name` - (Required) The name or description of the SizeConstraintSet.
* `xss_match_tuples` - The parts of web requests that you want to inspect for cross-site scripting attacks. * `xss_match_tuples` - (Optional) The parts of web requests that you want to inspect for cross-site scripting attacks.
## Nested Blocks
### `xss_match_tuples`
* `field_to_match` - (Required) Specifies where in a web request to look for cross-site scripting attacks.
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
If you specify a transformation, AWS WAF performs the transformation on `target_string` before inspecting a request for a match.
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_XssMatchTuple.html#WAF-Type-XssMatchTuple-TextTransformation)
for all supported values.
### `field_to_match`
#### Arguments
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
If `type` is any other value, omit this field.
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
e.g. `HEADER`, `METHOD` or `BODY`.
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
for all supported values.
## Remarks ## Remarks

View File

@ -1067,34 +1067,34 @@
<a href="#">WAF Resources</a> <a href="#">WAF Resources</a>
<ul class="nav nav-visible"> <ul class="nav nav-visible">
<li<%= sidebar_current("docs-aws-resource-waf-webacl") %>>
<a href="/docs/providers/aws/r/waf_web_acl.html">aws_waf_web_acl</a>
</li>
<li<%= sidebar_current("docs-aws-resource-waf-bytematchset") %>> <li<%= sidebar_current("docs-aws-resource-waf-bytematchset") %>>
<a href="/docs/providers/aws/r/waf_byte_match_set.html">aws_waf_byte_match_set</a> <a href="/docs/providers/aws/r/waf_byte_match_set.html">aws_waf_byte_match_set</a>
</li> </li>
<li<%= sidebar_current("docs-aws-resource-waf-size-constraint-set") %>>
<a href="/docs/providers/aws/r/waf_size_constraint_set.html">aws_waf_size_constraint_set</a>
</li>
<li<%= sidebar_current("docs-aws-resource-waf-rule") %>>
<a href="/docs/providers/aws/r/waf_rule.html">aws_waf_rule</a>
</li>
<li<%= sidebar_current("docs-aws-resource-waf-ipset") %>> <li<%= sidebar_current("docs-aws-resource-waf-ipset") %>>
<a href="/docs/providers/aws/r/waf_ipset.html">aws_waf_ipset</a> <a href="/docs/providers/aws/r/waf_ipset.html">aws_waf_ipset</a>
</li> </li>
<li<%= sidebar_current("docs-aws-resource-waf-xss-match-set") %>> <li<%= sidebar_current("docs-aws-resource-waf-rule") %>>
<a href="/docs/providers/aws/r/waf_xss_match_set.html">aws_waf_xss_match_set</a> <a href="/docs/providers/aws/r/waf_rule.html">aws_waf_rule</a>
</li>
<li<%= sidebar_current("docs-aws-resource-waf-size-constraint-set") %>>
<a href="/docs/providers/aws/r/waf_size_constraint_set.html">aws_waf_size_constraint_set</a>
</li> </li>
<li<%= sidebar_current("docs-aws-resource-waf-sql-injection-match-set") %>> <li<%= sidebar_current("docs-aws-resource-waf-sql-injection-match-set") %>>
<a href="/docs/providers/aws/r/waf_sql_injection_match_set.html">aws_waf_sql_injection_match_set</a> <a href="/docs/providers/aws/r/waf_sql_injection_match_set.html">aws_waf_sql_injection_match_set</a>
</li> </li>
<li<%= sidebar_current("docs-aws-resource-waf-webacl") %>>
<a href="/docs/providers/aws/r/waf_web_acl.html">aws_waf_web_acl</a>
</li>
<li<%= sidebar_current("docs-aws-resource-waf-xss-match-set") %>>
<a href="/docs/providers/aws/r/waf_xss_match_set.html">aws_waf_xss_match_set</a>
</li>
</ul> </ul>
</li> </li>