# aws-wafwebacl-apigateway module
<!--BEGIN STABILITY BANNER-->---
> All classes are under active development and subject to non-backward compatible changes or removal in any
> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
|:-------------|:-------------|
<div style="height:8px"></div>
| **Language** | **Package** |
|:-------------|-----------------|
| Python|`aws_solutions_constructs.aws_wafwebacl_apigateway`|
| Typescript|`@aws-solutions-constructs/aws-wafwebacl-apigateway`|
| Java|`software.amazon.awsconstructs.services.wafwebaclapigateway`|
## Overview
This AWS Solutions Construct implements an AWS WAF web ACL connected to Amazon API Gateway REST API.
Here is a minimal deployable pattern definition:
Typescript
```python
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import * as lambda from "aws-cdk-lib/aws-lambda";
import { ApiGatewayToLambda } from '@aws-solutions-constructs/aws-apigateway-lambda';
import { WafwebaclToApiGatewayProps, WafwebaclToApiGateway } from "@aws-solutions-constructs/aws-wafwebacl-apigateway";
const apiGatewayToLambda = new ApiGatewayToLambda(this, 'ApiGatewayToLambdaPattern', {
lambdaFunctionProps: {
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler',
code: lambda.Code.fromAsset(`lambda`)
}
});
// This construct can only be attached to a configured API Gateway.
new WafwebaclToApiGateway(this, 'test-wafwebacl-apigateway', {
existingApiGatewayInterface: apiGatewayToLambda.apiGateway
});
```
Python
```python
from aws_solutions_constructs.aws_apigateway_lambda import ApiGatewayToLambda
from aws_solutions_constructs.aws_wafwebacl_apigateway import WafwebaclToApiGatewayProps, WafwebaclToApiGateway
from aws_cdk import (
aws_apigateway as api,
aws_lambda as _lambda,
Stack
)
from constructs import Construct
api_gateway_to_lambda = ApiGatewayToLambda(self, 'ApiGatewayToLambdaPattern',
lambda_function_props=_lambda.FunctionProps(
code=_lambda.Code.from_asset(
'lambda'),
runtime=_lambda.Runtime.PYTHON_3_9,
handler='index.handler'
)
)
# This construct can only be attached to a configured API Gateway.
WafwebaclToApiGateway(self, 'test_wafwebacl_apigateway',
existing_api_gateway_interface=api_gateway_to_lambda.api_gateway
)
```
Java
```java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.services.apigateway.*;
import software.amazon.awscdk.services.lambda.*;
import software.amazon.awscdk.services.lambda.Runtime;
import software.amazon.awsconstructs.services.apigatewaylambda.*;
import software.amazon.awsconstructs.services.wafwebaclapigateway.*;
final ApiGatewayToLambda apiGatewayToLambda = new ApiGatewayToLambda(this, "ApiGatewayToLambdaPattern",
new ApiGatewayToLambdaProps.Builder()
.lambdaFunctionProps(new FunctionProps.Builder()
.runtime(Runtime.NODEJS_16_X)
.code(Code.fromAsset("lambda"))
.handler("index.handler")
.build())
.build());
// This construct can only be attached to a configured Application Load
// Balancer.
new WafwebaclToApiGateway(this, "test-wafwebacl-apigateway", new WafwebaclToApiGatewayProps.Builder()
.existingApiGatewayInterface(apiGatewayToLambda.getApiGateway())
.build());
```
## Pattern Construct Props
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|existingApiGatewayInterface|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|The existing API Gateway instance that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured API Gateway, so this construct only accepts an existing IRestApi and does not accept apiGatewayProps.*|
|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|
|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|
## Pattern Properties
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|
|apiGateway|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|Returns an instance of the API Gateway REST API created by the pattern. |
## Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
### AWS WAF
* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).
* AWSManagedRulesBotControlRuleSet
* AWSManagedRulesKnownBadInputsRuleSet
* AWSManagedRulesCommonRuleSet
* AWSManagedRulesAnonymousIpList
* AWSManagedRulesAmazonIpReputationList
* AWSManagedRulesAdminProtectionRuleSet
* AWSManagedRulesSQLiRuleSet
*Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*
* Send metrics to Amazon CloudWatch
### Amazon API Gateway
* User provided API Gateway object is used as-is
## Architecture
---
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/aws-solutions-constructs.git",
"name": "aws-solutions-constructs.aws-wafwebacl-apigateway",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/fd/c6/a52bffdb7700fd8f0ea6a1dee7bc50a511d76e13c57916737d014368ae6b/aws_solutions_constructs_aws_wafwebacl_apigateway-2.74.0.tar.gz",
"platform": null,
"description": "# aws-wafwebacl-apigateway module\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> All classes are under active development and subject to non-backward compatible changes or removal in any\n> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.\n> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n| **Reference Documentation**:| <span style=\"font-weight: normal\">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|\n|:-------------|:-------------|\n\n<div style=\"height:8px\"></div>\n\n| **Language** | **Package** |\n|:-------------|-----------------|\n| Python|`aws_solutions_constructs.aws_wafwebacl_apigateway`|\n| Typescript|`@aws-solutions-constructs/aws-wafwebacl-apigateway`|\n| Java|`software.amazon.awsconstructs.services.wafwebaclapigateway`|\n\n## Overview\n\nThis AWS Solutions Construct implements an AWS WAF web ACL connected to Amazon API Gateway REST API.\n\nHere is a minimal deployable pattern definition:\n\nTypescript\n\n```python\nimport { Construct } from 'constructs';\nimport { Stack, StackProps } from 'aws-cdk-lib';\nimport * as lambda from \"aws-cdk-lib/aws-lambda\";\nimport { ApiGatewayToLambda } from '@aws-solutions-constructs/aws-apigateway-lambda';\nimport { WafwebaclToApiGatewayProps, WafwebaclToApiGateway } from \"@aws-solutions-constructs/aws-wafwebacl-apigateway\";\n\nconst apiGatewayToLambda = new ApiGatewayToLambda(this, 'ApiGatewayToLambdaPattern', {\n lambdaFunctionProps: {\n runtime: lambda.Runtime.NODEJS_16_X,\n handler: 'index.handler',\n code: lambda.Code.fromAsset(`lambda`)\n }\n});\n\n// This construct can only be attached to a configured API Gateway.\nnew WafwebaclToApiGateway(this, 'test-wafwebacl-apigateway', {\n existingApiGatewayInterface: apiGatewayToLambda.apiGateway\n});\n```\n\nPython\n\n```python\nfrom aws_solutions_constructs.aws_apigateway_lambda import ApiGatewayToLambda\nfrom aws_solutions_constructs.aws_wafwebacl_apigateway import WafwebaclToApiGatewayProps, WafwebaclToApiGateway\nfrom aws_cdk import (\n aws_apigateway as api,\n aws_lambda as _lambda,\n Stack\n)\nfrom constructs import Construct\n\napi_gateway_to_lambda = ApiGatewayToLambda(self, 'ApiGatewayToLambdaPattern',\n lambda_function_props=_lambda.FunctionProps(\n code=_lambda.Code.from_asset(\n 'lambda'),\n runtime=_lambda.Runtime.PYTHON_3_9,\n handler='index.handler'\n )\n )\n\n# This construct can only be attached to a configured API Gateway.\nWafwebaclToApiGateway(self, 'test_wafwebacl_apigateway',\n existing_api_gateway_interface=api_gateway_to_lambda.api_gateway\n )\n```\n\nJava\n\n```java\nimport software.constructs.Construct;\n\nimport software.amazon.awscdk.Stack;\nimport software.amazon.awscdk.StackProps;\nimport software.amazon.awscdk.services.apigateway.*;\nimport software.amazon.awscdk.services.lambda.*;\nimport software.amazon.awscdk.services.lambda.Runtime;\nimport software.amazon.awsconstructs.services.apigatewaylambda.*;\nimport software.amazon.awsconstructs.services.wafwebaclapigateway.*;\n\nfinal ApiGatewayToLambda apiGatewayToLambda = new ApiGatewayToLambda(this, \"ApiGatewayToLambdaPattern\",\n new ApiGatewayToLambdaProps.Builder()\n .lambdaFunctionProps(new FunctionProps.Builder()\n .runtime(Runtime.NODEJS_16_X)\n .code(Code.fromAsset(\"lambda\"))\n .handler(\"index.handler\")\n .build())\n .build());\n\n// This construct can only be attached to a configured Application Load\n// Balancer.\nnew WafwebaclToApiGateway(this, \"test-wafwebacl-apigateway\", new WafwebaclToApiGatewayProps.Builder()\n .existingApiGatewayInterface(apiGatewayToLambda.getApiGateway())\n .build());\n```\n\n## Pattern Construct Props\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|existingApiGatewayInterface|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|The existing API Gateway instance that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured API Gateway, so this construct only accepts an existing IRestApi and does not accept apiGatewayProps.*|\n|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|\n|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|\n\n## Pattern Properties\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_waf.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|\n|apiGateway|[`api.IRestApi`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.IRestApi.html)|Returns an instance of the API Gateway REST API created by the pattern. |\n\n## Default settings\n\nOut of the box implementation of the Construct without any override will set the following defaults:\n\n### AWS WAF\n\n* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).\n\n * AWSManagedRulesBotControlRuleSet\n * AWSManagedRulesKnownBadInputsRuleSet\n * AWSManagedRulesCommonRuleSet\n * AWSManagedRulesAnonymousIpList\n * AWSManagedRulesAmazonIpReputationList\n * AWSManagedRulesAdminProtectionRuleSet\n * AWSManagedRulesSQLiRuleSet\n\n *Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*\n* Send metrics to Amazon CloudWatch\n\n### Amazon API Gateway\n\n* User provided API Gateway object is used as-is\n\n## Architecture\n\n\n\n---\n\n\n\u00a9 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "CDK constructs for defining an AWS web WAF connected to Amazon API Gateway REST API.",
"version": "2.74.0",
"project_urls": {
"Homepage": "https://github.com/awslabs/aws-solutions-constructs.git",
"Source": "https://github.com/awslabs/aws-solutions-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "2087b4a9b6b473b3aebf5ca01ab627a08162ea6d57742d69b052a49819cf7692",
"md5": "540a9ebd10809fe9788aa82765d0594f",
"sha256": "df9c4a2818b08fc3a3728073c29348455797516b6985d995ff790a6bb93637d9"
},
"downloads": -1,
"filename": "aws_solutions_constructs.aws_wafwebacl_apigateway-2.74.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "540a9ebd10809fe9788aa82765d0594f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 262183,
"upload_time": "2024-10-22T18:08:52",
"upload_time_iso_8601": "2024-10-22T18:08:52.941228Z",
"url": "https://files.pythonhosted.org/packages/20/87/b4a9b6b473b3aebf5ca01ab627a08162ea6d57742d69b052a49819cf7692/aws_solutions_constructs.aws_wafwebacl_apigateway-2.74.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "fdc6a52bffdb7700fd8f0ea6a1dee7bc50a511d76e13c57916737d014368ae6b",
"md5": "5ae2ebecee614b55794c32024bfa69f7",
"sha256": "ccce499120d5aa4613f14ab4dc286f70818c31fb80cec3aef07c54ad05fb5fb1"
},
"downloads": -1,
"filename": "aws_solutions_constructs_aws_wafwebacl_apigateway-2.74.0.tar.gz",
"has_sig": false,
"md5_digest": "5ae2ebecee614b55794c32024bfa69f7",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 263324,
"upload_time": "2024-10-22T18:10:12",
"upload_time_iso_8601": "2024-10-22T18:10:12.787200Z",
"url": "https://files.pythonhosted.org/packages/fd/c6/a52bffdb7700fd8f0ea6a1dee7bc50a511d76e13c57916737d014368ae6b/aws_solutions_constructs_aws_wafwebacl_apigateway-2.74.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-22 18:10:12",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "aws-solutions-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-solutions-constructs.aws-wafwebacl-apigateway"
}
JSON
