An AWS WAF Rule Group is a reusable collection of rules that define conditions to allow, block, or count web requests based on criteria such as IP addresses, HTTP headers, or query strings. It helps centralize and standardize web traffic filtering across multiple applications, making it easier to manage security policies consistently. Rule groups can be created and managed within AWS WAF and then associated with web ACLs to protect resources like Amazon CloudFront distributions, Application Load Balancers, or API Gateway APIs.
Fields
| Title | ID | Type | Data Type | Description |
|---|
| _key | core | string | |
| account_id | core | string | |
| arn | core | string | The Amazon Resource Name (ARN) of the entity. |
| available_labels | core | json | The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the RuleLabels for a Rule. |
| capacity | core | int64 | The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity for a set of rules using CheckCapacity. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide. |
| consumed_labels | core | json | The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule. |
| description | core | string | A description of the rule group that helps with identification. |
| id | core | string | A unique identifier for the rule group. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete. |
| label_namespace | core | string | The label namespace prefix for this rule group. All labels added by rules in this rule group have this prefix. The syntax for the label namespace prefix for your rule groups is the following: awswaf:<account ID>:rulegroup:<rule group name>: When a rule with a label matches a web request, WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon: <label namespace>:<label from rule> |
| lock_token | core | string | A token used for optimistic locking. WAF returns a token to your <code>get</code> and <code>list</code> requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like <code>update</code> and <code>delete</code>. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a <code>WAFOptimisticLockException</code>. If this happens, perform another <code>get</code>, and use the new token returned by that operation. |
| name | core | string | The name of the rule group. You cannot change the name of a rule group after you create it. |
| rules | core | json | The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them. |
| tags | core | hstore | |
| visibility_config | core | json | Defines and enables Amazon CloudWatch metrics and web request sample collection. |
