# aws-wafwebacl-cloudfront module
<!--BEGIN STABILITY BANNER-->---
> All classes are under active development and subject to non-backward compatible changes or removal in any
> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
|:-------------|:-------------|
<div style="height:8px"></div>
| **Language** | **Package** |
|:-------------|-----------------|
| Python|`aws_solutions_constructs.aws_wafwebacl_cloudfront`|
| Typescript|`@aws-solutions-constructs/aws-wafwebacl-cloudfront`|
| Java|`software.amazon.awsconstructs.services.wafwebaclcloudfront`|
## Overview
This AWS Solutions Construct implements an AWS WAF web ACL connected to Amazon CloudFront.
Here is a minimal deployable pattern definition:
Typescript
```python
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';
import { WafwebaclToCloudFront } from "@aws-solutions-constructs/aws-wafwebacl-cloudfront";
const cloudfrontToS3 = new CloudFrontToS3(this, 'test-cloudfront-s3', {});
// This construct can only be attached to a configured CloudFront.
new WafwebaclToCloudFront(this, 'test-wafwebacl-cloudfront', {
existingCloudFrontWebDistribution: cloudfrontToS3.cloudFrontWebDistribution
});
```
Python
```python
from aws_solutions_constructs.aws_cloudfront_s3 import CloudFrontToS3
from aws_solutions_constructs.aws_wafwebacl_cloudfront import WafwebaclToCloudFront
from aws_cdk import Stack
from constructs import Construct
cloudfront_to_s3 = CloudFrontToS3(self, 'test_cloudfront_s3')
# This construct can only be attached to a configured CloudFront.
WafwebaclToCloudFront(self, 'test_wafwebacl_cloudfront',
existing_cloud_front_web_distribution=cloudfront_to_s3.cloud_front_web_distribution
)
```
Java
```java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awsconstructs.services.cloudfronts3.*;
import software.amazon.awsconstructs.services.wafwebaclcloudfront.*;
final CloudFrontToS3 cloudfrontToS3 = new CloudFrontToS3(this, "test-cloudfront-s3",
new CloudFrontToS3Props.Builder()
.build());
// This construct can only be attached to a configured CloudFront.
new WafwebaclToCloudFront(this, "test-wafwebacl-cloudfront", new WafwebaclToCloudFrontProps.Builder()
.existingCloudFrontWebDistribution(cloudfrontToS3.getCloudFrontWebDistribution())
.build());
```
## Pattern Construct Props
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|existingCloudFrontWebDistribution|[`cloudfront.Distribution`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html)|The existing CloudFront instance that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured CloudFront, so this construct only accepts an existing Distribution and does not accept cloudfrontProps.*|
|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|
|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|
## Pattern Properties
| **Name** | **Type** | **Description** |
|:-------------|:----------------|-----------------|
|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|
|cloudFrontWebDistribution|[`cloudfront.Distribution`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html)|Returns an instance of cloudfront.Distribution created by the construct.|
## Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
### AWS WAF
* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).
* AWSManagedRulesBotControlRuleSet
* AWSManagedRulesKnownBadInputsRuleSet
* AWSManagedRulesCommonRuleSet
* AWSManagedRulesAnonymousIpList
* AWSManagedRulesAmazonIpReputationList
* AWSManagedRulesAdminProtectionRuleSet
* AWSManagedRulesSQLiRuleSet
*Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*
* Send metrics to Amazon CloudWatch
### Amazon CloudFront
* User provided CloudFront object is used as-is
## Architecture
---
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Raw data
{
"_id": null,
"home_page": "https://github.com/awslabs/aws-solutions-constructs.git",
"name": "aws-solutions-constructs.aws-wafwebacl-cloudfront",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/bd/d0/d72e729ea7f808c482dfb5acb910be45f037022486dfa09fbafeb7c028a8/aws_solutions_constructs_aws_wafwebacl_cloudfront-2.77.0.tar.gz",
"platform": null,
"description": "# aws-wafwebacl-cloudfront module\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> All classes are under active development and subject to non-backward compatible changes or removal in any\n> future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.\n> This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n| **Reference Documentation**:| <span style=\"font-weight: normal\">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|\n|:-------------|:-------------|\n\n<div style=\"height:8px\"></div>\n\n| **Language** | **Package** |\n|:-------------|-----------------|\n| Python|`aws_solutions_constructs.aws_wafwebacl_cloudfront`|\n| Typescript|`@aws-solutions-constructs/aws-wafwebacl-cloudfront`|\n| Java|`software.amazon.awsconstructs.services.wafwebaclcloudfront`|\n\n## Overview\n\nThis AWS Solutions Construct implements an AWS WAF web ACL connected to Amazon CloudFront.\n\nHere is a minimal deployable pattern definition:\n\nTypescript\n\n```python\nimport { Construct } from 'constructs';\nimport { Stack, StackProps } from 'aws-cdk-lib';\nimport { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';\nimport { WafwebaclToCloudFront } from \"@aws-solutions-constructs/aws-wafwebacl-cloudfront\";\n\nconst cloudfrontToS3 = new CloudFrontToS3(this, 'test-cloudfront-s3', {});\n\n// This construct can only be attached to a configured CloudFront.\nnew WafwebaclToCloudFront(this, 'test-wafwebacl-cloudfront', {\n existingCloudFrontWebDistribution: cloudfrontToS3.cloudFrontWebDistribution\n});\n```\n\nPython\n\n```python\nfrom aws_solutions_constructs.aws_cloudfront_s3 import CloudFrontToS3\nfrom aws_solutions_constructs.aws_wafwebacl_cloudfront import WafwebaclToCloudFront\nfrom aws_cdk import Stack\nfrom constructs import Construct\n\ncloudfront_to_s3 = CloudFrontToS3(self, 'test_cloudfront_s3')\n\n# This construct can only be attached to a configured CloudFront.\nWafwebaclToCloudFront(self, 'test_wafwebacl_cloudfront',\n existing_cloud_front_web_distribution=cloudfront_to_s3.cloud_front_web_distribution\n )\n```\n\nJava\n\n```java\nimport software.constructs.Construct;\n\nimport software.amazon.awscdk.Stack;\nimport software.amazon.awscdk.StackProps;\nimport software.amazon.awsconstructs.services.cloudfronts3.*;\nimport software.amazon.awsconstructs.services.wafwebaclcloudfront.*;\n\nfinal CloudFrontToS3 cloudfrontToS3 = new CloudFrontToS3(this, \"test-cloudfront-s3\",\n new CloudFrontToS3Props.Builder()\n .build());\n\n// This construct can only be attached to a configured CloudFront.\nnew WafwebaclToCloudFront(this, \"test-wafwebacl-cloudfront\", new WafwebaclToCloudFrontProps.Builder()\n .existingCloudFrontWebDistribution(cloudfrontToS3.getCloudFrontWebDistribution())\n .build());\n```\n\n## Pattern Construct Props\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|existingCloudFrontWebDistribution|[`cloudfront.Distribution`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html)|The existing CloudFront instance that will be protected with the WAF web ACL. *Note that a WAF web ACL can only be added to a configured CloudFront, so this construct only accepts an existing Distribution and does not accept cloudfrontProps.*|\n|existingWebaclObj?|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACL.html)|Existing instance of a WAF web ACL, an error will occur if this and props is set.|\n|webaclProps?|[`waf.CfnWebACLProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACLProps.html)|Optional user-provided props to override the default props for the AWS WAF web ACL. To use a different collection of managed rule sets, specify a new rules property. Use our [`wrapManagedRuleSet(managedGroupName: string, vendorName: string, priority: number)`](../core/lib/waf-defaults.ts) function from core to create an array entry from each desired managed rule set.|\n\n## Pattern Properties\n\n| **Name** | **Type** | **Description** |\n|:-------------|:----------------|-----------------|\n|webacl|[`waf.CfnWebACL`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_wafv2.CfnWebACL.html)|Returns an instance of the waf.CfnWebACL created by the construct.|\n|cloudFrontWebDistribution|[`cloudfront.Distribution`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html)|Returns an instance of cloudfront.Distribution created by the construct.|\n\n## Default settings\n\nOut of the box implementation of the Construct without any override will set the following defaults:\n\n### AWS WAF\n\n* Deploy a WAF web ACL with 7 [AWS managed rule groups](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html).\n\n * AWSManagedRulesBotControlRuleSet\n * AWSManagedRulesKnownBadInputsRuleSet\n * AWSManagedRulesCommonRuleSet\n * AWSManagedRulesAnonymousIpList\n * AWSManagedRulesAmazonIpReputationList\n * AWSManagedRulesAdminProtectionRuleSet\n * AWSManagedRulesSQLiRuleSet\n\n *Note that the default rules can be replaced by specifying the rules property of CfnWebACLProps*\n* Send metrics to Amazon CloudWatch\n\n### Amazon CloudFront\n\n* User provided CloudFront object is used as-is\n\n## Architecture\n\n\n\n---\n\n\n\u00a9 Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "CDK constructs for defining an AWS web WAF connected to Amazon CloudFront.",
"version": "2.77.0",
"project_urls": {
"Homepage": "https://github.com/awslabs/aws-solutions-constructs.git",
"Source": "https://github.com/awslabs/aws-solutions-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "e706c9b52e698f705cd110ef3b315a76896b34b202a5087e80a99dd439ffb598",
"md5": "e53ac100bbab28cb79704579d7518e44",
"sha256": "95c6c231ba5a5d002d8ba05bf3334eab85f930d3ba5c8ee0ab2faecac9f460e7"
},
"downloads": -1,
"filename": "aws_solutions_constructs.aws_wafwebacl_cloudfront-2.77.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e53ac100bbab28cb79704579d7518e44",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 241282,
"upload_time": "2025-01-31T22:09:34",
"upload_time_iso_8601": "2025-01-31T22:09:34.690519Z",
"url": "https://files.pythonhosted.org/packages/e7/06/c9b52e698f705cd110ef3b315a76896b34b202a5087e80a99dd439ffb598/aws_solutions_constructs.aws_wafwebacl_cloudfront-2.77.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "bdd0d72e729ea7f808c482dfb5acb910be45f037022486dfa09fbafeb7c028a8",
"md5": "23f8742c0bb4a8a78ae36ed651f29a8b",
"sha256": "d5943a9732394855e64f8fb84762d62f7db9e314979b3883a0e8965117886cc0"
},
"downloads": -1,
"filename": "aws_solutions_constructs_aws_wafwebacl_cloudfront-2.77.0.tar.gz",
"has_sig": false,
"md5_digest": "23f8742c0bb4a8a78ae36ed651f29a8b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 242265,
"upload_time": "2025-01-31T22:11:05",
"upload_time_iso_8601": "2025-01-31T22:11:05.746432Z",
"url": "https://files.pythonhosted.org/packages/bd/d0/d72e729ea7f808c482dfb5acb910be45f037022486dfa09fbafeb7c028a8/aws_solutions_constructs_aws_wafwebacl_cloudfront-2.77.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-31 22:11:05",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "awslabs",
"github_project": "aws-solutions-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-solutions-constructs.aws-wafwebacl-cloudfront"
}
JSON
