github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/waf_web_acl.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_waf_web_acl" 4 sidebar_current: "docs-aws-resource-waf-webacl" 5 description: |- 6 Provides a AWS WAF web access control group (ACL) resource. 7 --- 8 9 # aws\_waf\_web\_acl 10 11 Provides a WAF Web ACL Resource 12 13 ## Example Usage 14 15 ```hcl 16 resource "aws_waf_ipset" "ipset" { 17 name = "tfIPSet" 18 19 ip_set_descriptors { 20 type = "IPV4" 21 value = "192.0.7.0/24" 22 } 23 } 24 25 resource "aws_waf_rule" "wafrule" { 26 depends_on = ["aws_waf_ipset.ipset"] 27 name = "tfWAFRule" 28 metric_name = "tfWAFRule" 29 30 predicates { 31 data_id = "${aws_waf_ipset.ipset.id}" 32 negated = false 33 type = "IPMatch" 34 } 35 } 36 37 resource "aws_waf_web_acl" "waf_acl" { 38 depends_on = ["aws_waf_ipset.ipset", "aws_waf_rule.wafrule"] 39 name = "tfWebACL" 40 metric_name = "tfWebACL" 41 42 default_action { 43 type = "ALLOW" 44 } 45 46 rules { 47 action { 48 type = "BLOCK" 49 } 50 51 priority = 1 52 rule_id = "${aws_waf_rule.wafrule.id}" 53 } 54 } 55 ``` 56 57 ## Argument Reference 58 59 The following arguments are supported: 60 61 * `default_action` - (Required) The action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. 62 * `metric_name` - (Required) The name or description for the Amazon CloudWatch metric of this web ACL. 63 * `name` - (Required) The name or description of the web ACL. 64 * `rules` - (Required) The rules to associate with the web ACL and the settings for each rule. 65 66 67 ## Attributes Reference 68 69 The following attributes are exported: 70 71 * `id` - The ID of the WAF WebACL.