# aws-wafwebacl-apigateway module
<!--BEGIN STABILITY BANNER-->---
> All classes are under active development and subject to non-backward compatible changes or removal in any
> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
|:-------------|:-------------|
<div style="height:8px"></div>
| **Language** | **Package** |
|:-------------|-----------------|
| Python|`aws_solutions_constructs.aws_wafwebacl_apigateway`|
| Typescript|`@aws-solutions-constructs/aws-wafwebacl-apigateway`|
| Java|`software.amazon.awsconstructs.services.wafwebaclapigateway`|
## Overview
This AWS Solutions Construct implements an AWS WAF web ACL connected to Amazon API Gateway REST API.
Here is a minimal deployable pattern definition:
Typescript
```python
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import * as lambda from "aws-cdk-lib/aws-lambda";
import { ApiGatewayToLambda } from '@aws-solutions-constructs/aws-apigateway-lambda';
import { WafwebaclToApiGatewayProps, WafwebaclToApiGateway } from "@aws-solutions-constructs/aws-wafwebacl-apigateway";
const apiGatewayToLambda = new ApiGatewayToLambda(this, 'ApiGatewayToLambdaPattern', {
lambdaFunctionProps: {
runtime: lambda.Runtime.NODEJS_20_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(`lambda`)
}
});
// This construct can only be attached to a configured API Gateway.
new WafwebaclToApiGateway(this, 'test-wafwebacl-apigateway', {
existingApiGatewayInterface: apiGatewayToLambda.apiGateway
});
```
Python
```python
from aws_solutions_constructs.aws_apigateway_lambda import ApiGatewayToLambda
from aws_solutions_constructs.aws_wafwebacl_apigateway import WafwebaclToApiGatewayProps, WafwebaclToApiGateway
from aws_cdk import (
aws_apigateway as api,
aws_lambda as _lambda,
Stack
)
from constructs import Construct
api_gateway_to_lambda = ApiGatewayToLambda(self, 'ApiGatewayToLambdaPattern',
lambda_function_props=_lambda.FunctionProps(
code=_lambda.Code.from_asset(
'lambda'),
runtime=_lambda.Runtime.Python_3_11,
handler='index.handler'
)
)
# This construct can only be attached to a configured API Gateway.
WafwebaclToApiGateway(self, 'test_wafwebacl_apigateway',
existing_api_gateway_interface=api_gateway_to_lambda.api_gateway
)
```
Java
```java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.services.apigateway.*;
import software.amazon.awscdk.services.lambda.*;
import software.amazon.awscdk.services.lambda.Runtime;
import software.amazon.awsconstructs.services.apigatewaylambda.*;
import software.amazon.awsconstructs.services.wafwebaclapigateway.*;
final ApiGatewayToLambda apiGatewayToLambda = new ApiGatewayToLambda(this, "ApiGatewayToLambdaPattern",
new ApiGatewayToLambdaProps.Builder()
.lambdaFunctionProps(new FunctionProps.Builder()
.runtime(Runtime.NODEJS_20_X)
.code(Code.fromAsset("lambda"))
.handler("index.handler")
.build())
.build());
// This construct can only be attached to a configured Application Load
// Balancer.
new WafwebaclToApiGateway(this, "test-wafwebacl-apigateway", new WafwebaclToApiGatewayProps.Builder()
.existingApiGatewayInterface(apiGatewayToLambda.getApiGateway())
.build());
```
## Pattern Construct Props
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|existingApiGatewayInterface|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|The existing API Gateway instance that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured API Gateway, so this construct only accepts an existing IRestApi and does not accept apiGatewayProps.*|
|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|
|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|
## Pattern Properties
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|
|apiGateway|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|Returns an instance of the API Gateway REST API created by the pattern. |
## Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
### AWS WAF
* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).
* AWSManagedRulesBotControlRuleSet
* AWSManagedRulesKnownBadInputsRuleSet
* AWSManagedRulesCommonRuleSet
* AWSManagedRulesAnonymousIpList
* AWSManagedRulesAmazonIpReputationList
* AWSManagedRulesAdminProtectionRuleSet
* AWSManagedRulesSQLiRuleSet
*Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*
* Send metrics to Amazon CloudWatch
### Amazon API Gateway
* User provided API Gateway object is used as-is
## Architecture
---
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/aws-solutions-constructs.git",
"name": "aws-solutions-constructs.aws-wafwebacl-apigateway",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/38/2c/d8239bc40a42230bacb546ddd7f89aca141e3172d7f5bc34b137b6fdf147/aws_solutions_constructs_aws_wafwebacl_apigateway-2.75.0.tar.gz",
"platform": null,
"description": "# aws-wafwebacl-apigateway module\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> All classes are under active development and subject to non-backward compatible changes or removal in any\n> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.\n> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n| **Reference Documentation**:| <span style=\"font-weight: normal\">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|\n|:-------------|:-------------|\n\n<div style=\"height:8px\"></div>\n\n| **Language** | **Package** |\n|:-------------|-----------------|\n| Python|`aws_solutions_constructs.aws_wafwebacl_apigateway`|\n| Typescript|`@aws-solutions-constructs/aws-wafwebacl-apigateway`|\n| Java|`software.amazon.awsconstructs.services.wafwebaclapigateway`|\n\n## Overview\n\nThis AWS Solutions Construct implements an AWS WAF web ACL connected to Amazon API Gateway REST API.\n\nHere is a minimal deployable pattern definition:\n\nTypescript\n\n```python\nimport { Construct } from 'constructs';\nimport { Stack, StackProps } from 'aws-cdk-lib';\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport { ApiGatewayToLambda } from '@aws-solutions-constructs/aws-apigateway-lambda';\nimport { WafwebaclToApiGatewayProps, WafwebaclToApiGateway } from \"@aws-solutions-constructs/aws-wafwebacl-apigateway\";\n\nconst apiGatewayToLambda = new ApiGatewayToLambda(this, 'ApiGatewayToLambdaPattern', {\n lambdaFunctionProps: {\n runtime: lambda.Runtime.NODEJS_20_X,\n handler: 'index.handler',\n code: lambda.Code.fromAsset(`lambda`)\n }\n});\n\n// This construct can only be attached to a configured API Gateway.\nnew WafwebaclToApiGateway(this, 'test-wafwebacl-apigateway', {\n existingApiGatewayInterface: apiGatewayToLambda.apiGateway\n});\n```\n\nPython\n\n```python\nfrom aws_solutions_constructs.aws_apigateway_lambda import ApiGatewayToLambda\nfrom aws_solutions_constructs.aws_wafwebacl_apigateway import WafwebaclToApiGatewayProps, WafwebaclToApiGateway\nfrom aws_cdk import (\n aws_apigateway as api,\n aws_lambda as _lambda,\n Stack\n)\nfrom constructs import Construct\n\napi_gateway_to_lambda = ApiGatewayToLambda(self, 'ApiGatewayToLambdaPattern',\n lambda_function_props=_lambda.FunctionProps(\n code=_lambda.Code.from_asset(\n 'lambda'),\n runtime=_lambda.Runtime.Python_3_11,\n handler='index.handler'\n )\n )\n\n# This construct can only be attached to a configured API Gateway.\nWafwebaclToApiGateway(self, 'test_wafwebacl_apigateway',\n existing_api_gateway_interface=api_gateway_to_lambda.api_gateway\n )\n```\n\nJava\n\n```java\nimport software.constructs.Construct;\n\nimport software.amazon.awscdk.Stack;\nimport software.amazon.awscdk.StackProps;\nimport software.amazon.awscdk.services.apigateway.*;\nimport software.amazon.awscdk.services.lambda.*;\nimport software.amazon.awscdk.services.lambda.Runtime;\nimport software.amazon.awsconstructs.services.apigatewaylambda.*;\nimport software.amazon.awsconstructs.services.wafwebaclapigateway.*;\n\nfinal ApiGatewayToLambda apiGatewayToLambda = new ApiGatewayToLambda(this, \"ApiGatewayToLambdaPattern\",\n new ApiGatewayToLambdaProps.Builder()\n .lambdaFunctionProps(new FunctionProps.Builder()\n .runtime(Runtime.NODEJS_20_X)\n .code(Code.fromAsset(\"lambda\"))\n .handler(\"index.handler\")\n .build())\n .build());\n\n// This construct can only be attached to a configured Application Load\n// Balancer.\nnew WafwebaclToApiGateway(this, \"test-wafwebacl-apigateway\", new WafwebaclToApiGatewayProps.Builder()\n .existingApiGatewayInterface(apiGatewayToLambda.getApiGateway())\n .build());\n```\n\n## Pattern Construct Props\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|existingApiGatewayInterface|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|The existing API Gateway instance that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured API Gateway, so this construct only accepts an existing IRestApi and does not accept apiGatewayProps.*|\n|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|\n|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|\n\n## Pattern Properties\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|\n|apiGateway|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|Returns an instance of the API Gateway REST API created by the pattern. |\n\n## Default settings\n\nOut of the box implementation of the Construct without any override will set the following defaults:\n\n### AWS WAF\n\n* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).\n\n * AWSManagedRulesBotControlRuleSet\n * AWSManagedRulesKnownBadInputsRuleSet\n * AWSManagedRulesCommonRuleSet\n * AWSManagedRulesAnonymousIpList\n * AWSManagedRulesAmazonIpReputationList\n * AWSManagedRulesAdminProtectionRuleSet\n * AWSManagedRulesSQLiRuleSet\n\n *Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*\n* Send metrics to Amazon CloudWatch\n\n### Amazon API Gateway\n\n* User provided API Gateway object is used as-is\n\n## Architecture\n\n\n\n---\n\n\n\u00a9 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "CDK constructs for defining an AWS web WAF connected to Amazon API Gateway REST API.",
"version": "2.75.0",
"project_urls": {
"Homepage": "https://github.com/awslabs/aws-solutions-constructs.git",
"Source": "https://github.com/awslabs/aws-solutions-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "3005129a8fab2a2f15d7c296b9daef5f6be3bd5070f57c3aff1bb269e410df25",
"md5": "726532e5e20a738b9c6ba518e1e3c91c",
"sha256": "876be45415aca3b09f7f8c88856be8cb50d5487960225a4a416aedea450041a6"
},
"downloads": -1,
"filename": "aws_solutions_constructs.aws_wafwebacl_apigateway-2.75.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "726532e5e20a738b9c6ba518e1e3c91c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 261996,
"upload_time": "2024-12-23T13:18:28",
"upload_time_iso_8601": "2024-12-23T13:18:28.579077Z",
"url": "https://files.pythonhosted.org/packages/30/05/129a8fab2a2f15d7c296b9daef5f6be3bd5070f57c3aff1bb269e410df25/aws_solutions_constructs.aws_wafwebacl_apigateway-2.75.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "382cd8239bc40a42230bacb546ddd7f89aca141e3172d7f5bc34b137b6fdf147",
"md5": "c05b02fa76ddc54bae57b33092a3ff5f",
"sha256": "9b8a332b9af9f6f8947719a68824d8ed2e31d19c123d7741c23a171ba03b5760"
},
"downloads": -1,
"filename": "aws_solutions_constructs_aws_wafwebacl_apigateway-2.75.0.tar.gz",
"has_sig": false,
"md5_digest": "c05b02fa76ddc54bae57b33092a3ff5f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 263098,
"upload_time": "2024-12-23T13:20:03",
"upload_time_iso_8601": "2024-12-23T13:20:03.989826Z",
"url": "https://files.pythonhosted.org/packages/38/2c/d8239bc40a42230bacb546ddd7f89aca141e3172d7f5bc34b137b6fdf147/aws_solutions_constructs_aws_wafwebacl_apigateway-2.75.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-23 13:20:03",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "aws-solutions-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-solutions-constructs.aws-wafwebacl-apigateway"
}
JSON
