AWS WAF CDK Python如何更改规则操作

2024-09-29 23:33:21 发布

您现在位置:Python中文网/ 问答频道 /正文
6289 3

这是我的python cdk代码,它创建了两个规则“AWS AWSManagedRulesCommonRuleSet”和“AWS-AWS ManagedDrulesAmazoniPreputationList”。 在每个规则中都有子规则,我可以将它们的规则操作更改为计数,问题是如何将其添加到我的代码中,我没有找到任何关于这些子规则的好解释

添加了一些更改,但仍然不起作用,出现以下错误:

Resource handler returned message: "Error reason: You have used none or multiple values for a field that requires exactly one value., field: RULE, parameter: Rule (Service: Wafv2, Status Code: 400, Request ID: 248d9235-bd01-49f4-963b-109bac2776c5, Extended Request ID: null)" (RequestToken: 8bb5****-****-3e95-****- 
8e336ae3eed4, HandlerErrorCode: InvalidRequest)

守则:

class PyCdkStack(core.Stack):

def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
    super().__init__(scope, construct_id, **kwargs)

    web_acl = wafv2.CfnWebACL(
        scope_=self, id='WebAcl',
        default_action=wafv2.CfnWebACL.DefaultActionProperty(allow={}),
        scope='REGIONAL',
        visibility_config=wafv2.CfnWebACL.VisibilityConfigProperty(
            cloud_watch_metrics_enabled=True,
            sampled_requests_enabled=True,
            metric_name='testwafmetric',
        ),
        name='Test-Test-WebACL',
        rules=[
            {
                'name': 'AWS-AWSManagedRulesCommonRuleSet',
                'priority': 1,
                'statement': {
                    'RuleGroupReferenceStatement': {
                        'vendorName': 'AWS',
                        'name': 'AWSManagedRulesCommonRuleSet',
                        'ARN': 'string',
                        "ExcludedRules": [
                            {
                                "Name": "CrossSiteScripting_QUERYARGUMENTS"
                            },
                            {
                                "Name": "GenericLFI_QUERYARGUMENTS"
                            },
                            {
                                "Name": "GenericRFI_QUERYARGUMENTS"
                            },
                            {
                                "Name": "NoUserAgent_HEADER"
                            },
                            {
                                "Name": "SizeRestrictions_QUERYSTRING"
                            }
                        ]
                    }
                },
                'overrideAction': {
                    'none': {}
                },
                'visibilityConfig': {
                    'sampledRequestsEnabled': True,
                    'cloudWatchMetricsEnabled': True,
                    'metricName': "AWS-AWSManagedRulesCommonRuleSet"
                }
            },
        ]
    )

Tags: 代码namenoneawsidtruefield规则
1条回答
网友
1楼 · 发布于 2024-09-29 23:33:21

Cfn-构造是到cloudformation资源的一对一映射。您只需检查文档中的aws::wafv2::webacl

有关如何在cloudformation中排除的示例,请参见下文。请注意,对象键需要以小写字母开头,以便CDK处理它们

{
    "name": "AWS-AWSBotControl-Example",
   "priority": 5, 
   "statement": {
    "managedRuleGroupStatement": {
        "vendorName": "AWS",
        "name": "AWSManagedRulesBotControlRuleSet",
        "excludedRules": [
            {
                "name": "CategoryVerifiedSearchEngine"
            },
            {
                "name": "CategoryVerifiedSocialMedia"
            }
        ]
    },
   "visibilityConfig": {
       "sampledRequestsEnabled": true,
       "cloudWatchMetricsEnabled": true,
       "metricName": "AWS-AWSBotControl-Example"
   }
}

这实际上将上述两个规则设置为计数模式。见https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-rule-group-settings.html#web-acl-rule-group-rule-to-count。注意,它说:

Rules that you alter like this are described as being excluded rules in the rule group. If you have metrics enabled, you receive COUNT metrics for each excluded rule. This change alters how the rules in the rule group are evaluated.

相关问题 更多 >

    编程相关推荐

    热门问题