docs/aws: Add undocumented fields to all WAF resources (#14091)
* docs/aws: Add undocumented fields to all WAF resources * docs/aws: Alphabetically sort WAF resources
This commit is contained in:
parent
51d2e9f349
commit
143c8bbdfe
|
@ -3,7 +3,7 @@ layout: "aws"
|
||||||
page_title: "AWS: waf_byte_match_set"
|
page_title: "AWS: waf_byte_match_set"
|
||||||
sidebar_current: "docs-aws-resource-waf-bytematchset"
|
sidebar_current: "docs-aws-resource-waf-bytematchset"
|
||||||
description: |-
|
description: |-
|
||||||
Provides a AWS WAF ByteMatchSet resource.
|
Provides a AWS WAF Byte Match Set resource.
|
||||||
---
|
---
|
||||||
|
|
||||||
# aws\_waf\_byte\_match\_set
|
# aws\_waf\_byte\_match\_set
|
||||||
|
@ -33,8 +33,42 @@ resource "aws_waf_byte_match_set" "byte_set" {
|
||||||
|
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `name` - (Required) The name or description of the ByteMatchSet.
|
* `name` - (Required) The name or description of the Byte Match Set.
|
||||||
* `byte_match_tuples` - Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests.
|
* `byte_match_tuples` - Specifies the bytes (typically a string that corresponds
|
||||||
|
with ASCII characters) that you want to search for in web requests,
|
||||||
|
the location in requests that you want to search, and other settings.
|
||||||
|
|
||||||
|
## Nested blocks
|
||||||
|
|
||||||
|
### `byte_match_tuples`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `field_to_match` - (Required) The part of a web request that you want to search, such as a specified header or a query string.
|
||||||
|
* `positional_constraint` - (Required) Within the portion of a web request that you want to search
|
||||||
|
(for example, in the query string, if any), specify where you want to search.
|
||||||
|
e.g. `CONTAINS`, `CONTAINS_WORD` or `EXACTLY`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-PositionalConstraint)
|
||||||
|
for all supported values.
|
||||||
|
* `target_string` - (Optional) The value that you want to search for. e.g. `HEADER`, `METHOD` or `BODY`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TargetString)
|
||||||
|
for all supported values.
|
||||||
|
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
|
||||||
|
If you specify a transformation, AWS WAF performs the transformation on `target_string` before inspecting a request for a match.
|
||||||
|
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
|
### `field_to_match`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
|
||||||
|
If `type` is any other value, omit this field.
|
||||||
|
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
|
||||||
|
e.g. `HEADER`, `METHOD` or `BODY`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
## Remarks
|
## Remarks
|
||||||
|
|
||||||
|
@ -42,4 +76,4 @@ The following arguments are supported:
|
||||||
|
|
||||||
The following attributes are exported:
|
The following attributes are exported:
|
||||||
|
|
||||||
* `id` - The ID of the WAF ByteMatchSet.
|
* `id` - The ID of the WAF Byte Match Set.
|
||||||
|
|
|
@ -28,7 +28,18 @@ resource "aws_waf_ipset" "ipset" {
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `name` - (Required) The name or description of the IPSet.
|
* `name` - (Required) The name or description of the IPSet.
|
||||||
* `ip_set_descriptors` - (Optional) The IP address type and IP address range (in CIDR notation) from which web requests originate.
|
* `ip_set_descriptors` - (Optional) Specifies the IP address type (IPV4 or IPV6)
|
||||||
|
and the IP address range (in CIDR format) that web requests originate from.
|
||||||
|
|
||||||
|
## Nested Blocks
|
||||||
|
|
||||||
|
### `ip_set_descriptors`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `type` - (Required) Type of the IP address - `IPV4` or `IPV6`.
|
||||||
|
* `value` - (Required) An IPv4 or IPv6 address specified via CIDR notation.
|
||||||
|
e.g. `192.0.2.44/32` or `1111:0000:0000:0000:0000:0000:0000:0000/64`
|
||||||
|
|
||||||
## Remarks
|
## Remarks
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,20 @@ The following arguments are supported:
|
||||||
|
|
||||||
* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule.
|
* `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this rule.
|
||||||
* `name` - (Required) The name or description of the rule.
|
* `name` - (Required) The name or description of the rule.
|
||||||
* `predicates` - (Optional) The ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule.
|
* `predicates` - (Optional) One of ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet, or XssMatchSet objects to include in a rule.
|
||||||
|
|
||||||
|
## Nested Blocks
|
||||||
|
|
||||||
|
### `predicates`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `negated` - (Required) Set this to `false` if you want to allow, block, or count requests
|
||||||
|
based on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`.
|
||||||
|
For example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.
|
||||||
|
If set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`.
|
||||||
|
* `data_id` - (Optional) A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.
|
||||||
|
* `type` - (Required) The type of predicate in a rule, such as `ByteMatchSet` or `IPSet`
|
||||||
|
|
||||||
## Remarks
|
## Remarks
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,7 @@ layout: "aws"
|
||||||
page_title: "AWS: waf_size_constraint_set"
|
page_title: "AWS: waf_size_constraint_set"
|
||||||
sidebar_current: "docs-aws-resource-waf-size-constraint-set"
|
sidebar_current: "docs-aws-resource-waf-size-constraint-set"
|
||||||
description: |-
|
description: |-
|
||||||
Provides a AWS WAF SizeConstraintSet resource.
|
Provides a AWS WAF Size Constraint Set resource.
|
||||||
---
|
---
|
||||||
|
|
||||||
# aws\_waf\_size\_constraint\_set
|
# aws\_waf\_size\_constraint\_set
|
||||||
|
@ -32,8 +32,38 @@ resource "aws_waf_size_constraint_set" "size_constraint_set" {
|
||||||
|
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `name` - (Required) The name or description of the SizeConstraintSet.
|
* `name` - (Required) The name or description of the Size Constraint Set.
|
||||||
* `size_constraints` - (Required) The size constraint and the part of the web request to check.
|
* `size_constraints` - (Optional) Specifies the parts of web requests that you want to inspect the size of.
|
||||||
|
|
||||||
|
## Nested Blocks
|
||||||
|
|
||||||
|
### `size_constraints`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `field_to_match` - (Required) Specifies where in a web request to look for the size constraint.
|
||||||
|
* `comparison_operator` - (Required) The type of comparison you want to perform.
|
||||||
|
e.g. `EQ`, `NE`, `LT`, `GT`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-ComparisonOperator) for all supported values.
|
||||||
|
* `size` - (Required) The size in bytes that you want to compare against the size of the specified `field_to_match`.
|
||||||
|
Valid values are between 0 - 21474836480 bytes (0 - 20 GB).
|
||||||
|
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
|
||||||
|
If you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.
|
||||||
|
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-TextTransformation)
|
||||||
|
for all supported values.
|
||||||
|
**Note:** if you choose `BODY` as `type`, you must choose `NONE` because CloudFront forwards only the first 8192 bytes for inspection.
|
||||||
|
|
||||||
|
### `field_to_match`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
|
||||||
|
If `type` is any other value, omit this field.
|
||||||
|
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
|
||||||
|
e.g. `HEADER`, `METHOD` or `BODY`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
## Remarks
|
## Remarks
|
||||||
|
|
||||||
|
@ -41,4 +71,4 @@ The following arguments are supported:
|
||||||
|
|
||||||
The following attributes are exported:
|
The following attributes are exported:
|
||||||
|
|
||||||
* `id` - The ID of the WAF SizeConstraintSet.
|
* `id` - The ID of the WAF Size Constraint Set.
|
||||||
|
|
|
@ -3,7 +3,7 @@ layout: "aws"
|
||||||
page_title: "AWS: waf_sql_injection_match_set"
|
page_title: "AWS: waf_sql_injection_match_set"
|
||||||
sidebar_current: "docs-aws-resource-waf-sql-injection-match-set"
|
sidebar_current: "docs-aws-resource-waf-sql-injection-match-set"
|
||||||
description: |-
|
description: |-
|
||||||
Provides a AWS WAF SqlInjectionMatchSet resource.
|
Provides a AWS WAF SQL Injection Match Set resource.
|
||||||
---
|
---
|
||||||
|
|
||||||
# aws\_waf\_sql\_injection\_match\_set
|
# aws\_waf\_sql\_injection\_match\_set
|
||||||
|
@ -31,7 +31,30 @@ resource "aws_waf_sql_injection_match_set" "sql_injection_match_set" {
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `name` - (Required) The name or description of the SizeConstraintSet.
|
* `name` - (Required) The name or description of the SizeConstraintSet.
|
||||||
* `sql_injection_match_tuples` - The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
|
* `sql_injection_match_tuples` - (Optional) The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
|
||||||
|
|
||||||
|
## Nested Blocks
|
||||||
|
|
||||||
|
### `sql_injection_match_tuples`
|
||||||
|
|
||||||
|
* `field_to_match` - (Required) Specifies where in a web request to look for snippets of malicious SQL code.
|
||||||
|
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
|
||||||
|
If you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.
|
||||||
|
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SqlInjectionMatchTuple.html#WAF-Type-SqlInjectionMatchTuple-TextTransformation)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
|
### `field_to_match`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
|
||||||
|
If `type` is any other value, omit this field.
|
||||||
|
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
|
||||||
|
e.g. `HEADER`, `METHOD` or `BODY`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
|
|
||||||
## Remarks
|
## Remarks
|
||||||
|
|
||||||
|
@ -39,4 +62,4 @@ The following arguments are supported:
|
||||||
|
|
||||||
The following attributes are exported:
|
The following attributes are exported:
|
||||||
|
|
||||||
* `id` - The ID of the WAF SqlInjectionMatchSet.
|
* `id` - The ID of the WAF SQL Injection Match Set.
|
||||||
|
|
|
@ -63,6 +63,26 @@ The following arguments are supported:
|
||||||
* `name` - (Required) The name or description of the web ACL.
|
* `name` - (Required) The name or description of the web ACL.
|
||||||
* `rules` - (Required) The rules to associate with the web ACL and the settings for each rule.
|
* `rules` - (Required) The rules to associate with the web ACL and the settings for each rule.
|
||||||
|
|
||||||
|
## Nested Blocks
|
||||||
|
|
||||||
|
### `default_action`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `type` - (Required) Specifies how you want AWS WAF to respond to requests that match the settings in a rule.
|
||||||
|
e.g. `ALLOW`, `BLOCK` or `COUNT`
|
||||||
|
|
||||||
|
### `rules`
|
||||||
|
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ActivatedRule.html) for all details and supported values.
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `action` - (Required) The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.
|
||||||
|
e.g. `ALLOW`, `BLOCK` or `COUNT`
|
||||||
|
* `priority` - (Required) Specifies the order in which the rules in a WebACL are evaluated.
|
||||||
|
Rules with a lower value are evaluated before rules with a higher value.
|
||||||
|
* `rule_id` - (Required) ID of the associated [rule](/docs/providers/aws/r/waf_rule.html)
|
||||||
|
|
||||||
## Attributes Reference
|
## Attributes Reference
|
||||||
|
|
||||||
|
|
|
@ -39,7 +39,30 @@ resource "aws_waf_xss_match_set" "xss_match_set" {
|
||||||
The following arguments are supported:
|
The following arguments are supported:
|
||||||
|
|
||||||
* `name` - (Required) The name or description of the SizeConstraintSet.
|
* `name` - (Required) The name or description of the SizeConstraintSet.
|
||||||
* `xss_match_tuples` - The parts of web requests that you want to inspect for cross-site scripting attacks.
|
* `xss_match_tuples` - (Optional) The parts of web requests that you want to inspect for cross-site scripting attacks.
|
||||||
|
|
||||||
|
## Nested Blocks
|
||||||
|
|
||||||
|
### `xss_match_tuples`
|
||||||
|
|
||||||
|
* `field_to_match` - (Required) Specifies where in a web request to look for cross-site scripting attacks.
|
||||||
|
* `text_transformation` - (Required) Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.
|
||||||
|
If you specify a transformation, AWS WAF performs the transformation on `target_string` before inspecting a request for a match.
|
||||||
|
e.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_XssMatchTuple.html#WAF-Type-XssMatchTuple-TextTransformation)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
|
### `field_to_match`
|
||||||
|
|
||||||
|
#### Arguments
|
||||||
|
|
||||||
|
* `data` - (Optional) When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.
|
||||||
|
If `type` is any other value, omit this field.
|
||||||
|
* `type` - (Required) The part of the web request that you want AWS WAF to search for a specified string.
|
||||||
|
e.g. `HEADER`, `METHOD` or `BODY`.
|
||||||
|
See [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)
|
||||||
|
for all supported values.
|
||||||
|
|
||||||
|
|
||||||
## Remarks
|
## Remarks
|
||||||
|
|
||||||
|
|
|
@ -1067,34 +1067,34 @@
|
||||||
<a href="#">WAF Resources</a>
|
<a href="#">WAF Resources</a>
|
||||||
<ul class="nav nav-visible">
|
<ul class="nav nav-visible">
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-webacl") %>>
|
|
||||||
<a href="/docs/providers/aws/r/waf_web_acl.html">aws_waf_web_acl</a>
|
|
||||||
</li>
|
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-bytematchset") %>>
|
<li<%= sidebar_current("docs-aws-resource-waf-bytematchset") %>>
|
||||||
<a href="/docs/providers/aws/r/waf_byte_match_set.html">aws_waf_byte_match_set</a>
|
<a href="/docs/providers/aws/r/waf_byte_match_set.html">aws_waf_byte_match_set</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-size-constraint-set") %>>
|
|
||||||
<a href="/docs/providers/aws/r/waf_size_constraint_set.html">aws_waf_size_constraint_set</a>
|
|
||||||
</li>
|
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-rule") %>>
|
|
||||||
<a href="/docs/providers/aws/r/waf_rule.html">aws_waf_rule</a>
|
|
||||||
</li>
|
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-ipset") %>>
|
<li<%= sidebar_current("docs-aws-resource-waf-ipset") %>>
|
||||||
<a href="/docs/providers/aws/r/waf_ipset.html">aws_waf_ipset</a>
|
<a href="/docs/providers/aws/r/waf_ipset.html">aws_waf_ipset</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-xss-match-set") %>>
|
<li<%= sidebar_current("docs-aws-resource-waf-rule") %>>
|
||||||
<a href="/docs/providers/aws/r/waf_xss_match_set.html">aws_waf_xss_match_set</a>
|
<a href="/docs/providers/aws/r/waf_rule.html">aws_waf_rule</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li<%= sidebar_current("docs-aws-resource-waf-size-constraint-set") %>>
|
||||||
|
<a href="/docs/providers/aws/r/waf_size_constraint_set.html">aws_waf_size_constraint_set</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li<%= sidebar_current("docs-aws-resource-waf-sql-injection-match-set") %>>
|
<li<%= sidebar_current("docs-aws-resource-waf-sql-injection-match-set") %>>
|
||||||
<a href="/docs/providers/aws/r/waf_sql_injection_match_set.html">aws_waf_sql_injection_match_set</a>
|
<a href="/docs/providers/aws/r/waf_sql_injection_match_set.html">aws_waf_sql_injection_match_set</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li<%= sidebar_current("docs-aws-resource-waf-webacl") %>>
|
||||||
|
<a href="/docs/providers/aws/r/waf_web_acl.html">aws_waf_web_acl</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li<%= sidebar_current("docs-aws-resource-waf-xss-match-set") %>>
|
||||||
|
<a href="/docs/providers/aws/r/waf_xss_match_set.html">aws_waf_xss_match_set</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue