Hello,
Using Golang lib wafv2 for managing waf and...
# awss
steep-motorcycle-5349
08/27/2025, 8:49 AMHello,
Using Golang lib wafv2 for managing waf and cloudfront and also rulegroups.
Have a challenge to implement this rule:
Copy code
{
"Name": "AWS-AWSManagedRulesAntiDDoSRuleSet",
"Priority": 4,
"Statement": {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesAntiDDoSRuleSet",
"ManagedRuleGroupConfigs": [
{
"AWSManagedRulesAntiDDoSRuleSet": {
"ClientSideActionConfig": {
"Challenge": {
"UsageOfAction": "DISABLED",
"Sensitivity": "HIGH",
"ExemptUriRegularExpressions": [
{
"RegexString": "\\/api\\/|\\.(acc|avi|css|gif|ico|jpe?g|js|json|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?|xml)$"
}
]
}
},
"SensitivityToBlock": "LOW"
}
}
],
"RuleActionOverrides": [
{
"Name": "DDoSRequests",
"ActionToUse": {
"Count": {}
}
}
]
}
},
"OverrideAction": {
"None": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWS-AWSManagedRulesAntiDDoSRuleSet"
}
} Copy code
type WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs struct {
AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetPtrInput `pulumi:"awsManagedRulesAcfpRuleSet"`
AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetPtrInput `pulumi:"awsManagedRulesAtpRuleSet"`
AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetPtrInput `pulumi:"awsManagedRulesBotControlRuleSet"`
LoginPath pulumi.StringPtrInput `pulumi:"loginPath"`
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldPtrInput `pulumi:"passwordField"`
PayloadType pulumi.StringPtrInput `pulumi:"payloadType"`
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldPtrInput `pulumi:"usernameField"`s
steep-plastic-74107
08/27/2025, 2:40 PMHmm it looks like this implementation is working for me to create that rule. Are you on the latest versions? Maybe there's something that didn't get added until recently
Copy code
package main
import (
"<http://github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2|github.com/pulumi/pulumi-aws/sdk/v7/go/aws/wafv2>"
"<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
webAcl, err := wafv2.NewWebAcl(ctx, "exampleWebAcl", &wafv2.WebAclArgs{
DefaultAction: &wafv2.WebAclDefaultActionArgs{
Allow: &wafv2.WebAclDefaultActionAllowArgs{},
},
Scope: pulumi.String("REGIONAL"), // Or "CLOUDFRONT" if applicable
VisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("exampleMetric"),
SampledRequestsEnabled: pulumi.Bool(true),
},
Rules: wafv2.WebAclRuleArray{
&wafv2.WebAclRuleArgs{
Name: pulumi.String("AWS-AWSManagedRulesAntiDDoSRuleSet"),
Priority: <http://pulumi.Int|pulumi.Int>(4),
Statement: &wafv2.WebAclRuleStatementArgs{
ManagedRuleGroupStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{
Name: pulumi.String("AWSManagedRulesAntiDDoSRuleSet"),
VendorName: pulumi.String("AWS"),
ManagedRuleGroupConfigs: wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArray{
&wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs{
AwsManagedRulesAntiDdosRuleSet: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetArgs{
ClientSideActionConfig: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs{
Challenge: &wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs{
UsageOfAction: pulumi.String("DISABLED"),
Sensitivity: pulumi.String("HIGH"),
ExemptUriRegularExpressions: wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArray{
&wafv2.WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs{
RegexString: pulumi.String("\\/api\\/|\\.(acc|avi|css|gif|ico|jpe?g|js|json|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?|xml)$"),
},
},
},
},
SensitivityToBlock: pulumi.String("LOW"),
},
},
},
RuleActionOverrides: wafv2.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArray{
&wafv2.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs{
Name: pulumi.String("DDoSRequests"),
ActionToUse: &wafv2.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs{
Count: &wafv2.WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs{},
},
},
},
},
},
OverrideAction: &wafv2.WebAclRuleOverrideActionArgs{
None: &wafv2.WebAclRuleOverrideActionNoneArgs{},
},
VisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{
CloudwatchMetricsEnabled: pulumi.Bool(true),
MetricName: pulumi.String("AWS-AWSManagedRulesAntiDDoSRuleSet"),
SampledRequestsEnabled: pulumi.Bool(true),
},
},
},
})
if err != nil {
return err
}
ctx.Export("webAclArn", webAcl.Arn)
return nil
})
}s
steep-motorcycle-5349
08/27/2025, 3:32 PMThanks! I used v6 instead of v7 🤦 Now works.
steep-motorcycle-5349
08/27/2025, 3:33 PMsolution was simple 🙂
s
steep-plastic-74107
08/27/2025, 3:54 PMNice! Glad to hear it's working 🙂