ansible.builtin.aws_waf_facts (v2.6.20) — module

Install Ansible via pip

Install with pip install ansible==2.6.20

Description

Retrieve facts for WAF ACLs, Rule , Conditions and Filters.

Requirements

• boto3

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: obtain all WAF facts
  aws_waf_facts:

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: obtain all facts for a single WAF
  aws_waf_facts:
    name: test_waf

Inputs

    
name:
    description:
    - The name of a Web Application Firewall

region:
    aliases:
    - aws_region
    - ec2_region
    description:
    - The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
      environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
    type: str

profile:
    aliases:
    - aws_profile
    description:
    - The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
      and I(security_token) options.
    type: str

aws_config:
    description:
    - A dictionary to modify the botocore configuration.
    - Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
    type: dict

endpoint_url:
    aliases:
    - ec2_url
    - aws_endpoint_url
    - s3_url
    description:
    - URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will
      use EC2 endpoints). Ignored for modules where region is required. Must be specified
      for all other modules if region is not used. If not set then the value of the EC2_URL
      environment variable, if any, is used.
    type: str

aws_ca_bundle:
    description:
    - The location of a CA Bundle to use when validating SSL certificates.
    - 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied
      from the controller if not run locally.'
    type: path

aws_access_key:
    aliases:
    - ec2_access_key
    - access_key
    description:
    - C(AWS access key). If not set then the value of the C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY)
      or C(EC2_ACCESS_KEY) environment variable is used.
    - The I(aws_access_key) and I(profile) options are mutually exclusive.
    type: str

aws_secret_key:
    aliases:
    - ec2_secret_key
    - secret_key
    description:
    - C(AWS secret key). If not set then the value of the C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY),
      or C(EC2_SECRET_KEY) environment variable is used.
    - The I(aws_secret_key) and I(profile) options are mutually exclusive.
    type: str

security_token:
    aliases:
    - aws_session_token
    - session_token
    - aws_security_token
    - access_token
    description:
    - C(AWS STS security token). If not set then the value of the C(AWS_SECURITY_TOKEN)
      or C(EC2_SECURITY_TOKEN) environment variable is used.
    - The I(security_token) and I(profile) options are mutually exclusive.
    - Aliases I(aws_session_token) and I(session_token) have been added in version 3.2.0.
    type: str

validate_certs:
    default: true
    description:
    - When set to "no", SSL certificates will not be validated for communication with
      the AWS APIs.
    type: bool

debug_botocore_endpoint_logs:
    default: 'no'
    description:
    - Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
      API calls made during a task, outputing the set to the resource_actions key in the
      task results. Use the aws_resource_action callback to output to total list made
      during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
      be used.
    type: bool

Outputs

wafs:
  contains:
    default_action:
      description: The action to perform if none of the Rules contained in the WebACL
        match.
      returned: always
      sample: BLOCK
      type: int
    metric_name:
      description: A friendly name or description for the metrics for this WebACL
      returned: always
      sample: test_waf_metric
      type: string
    name:
      description: A friendly name or description of the WebACL
      returned: always
      sample: test_waf
      type: string
    rules:
      contains:
        action:
          description: The action to perform if the Rule matches
          returned: always
          sample: BLOCK
          type: string
        metric_name:
          description: A friendly name or description for the metrics for this Rule
          returned: always
          sample: ipblockrule
          type: string
        name:
          description: A friendly name or description of the Rule
          returned: always
          sample: ip_block_rule
          type: string
        predicates:
          description: The Predicates list contains a Predicate for each ByteMatchSet,
            IPSet, SizeConstraintSet, SqlInjectionMatchSet or XssMatchSet object in
            a Rule
          returned: always
          sample:
          - byte_match_set_id: 47b822b5-abcd-1234-faaf-1234567890
            byte_match_tuples:
            - field_to_match:
                type: QUERY_STRING
              positional_constraint: STARTS_WITH
              target_string: bobbins
              text_transformation: NONE
            name: bobbins
            negated: false
            type: ByteMatch
          type: list
      description: An array that contains the action for each Rule in a WebACL , the
        priority of the Rule
      returned: always
      type: complex
  description: The WAFs that match the passed arguments
  returned: success
  type: complex