community / community.aws / 1.1.0 / module / aws_waf_web_acl Create and delete WAF Web ACLs. | "added in version" 1.0.0 of community.aws" Authors: Mike Mochan (@mmochan), Will Thames (@willthames)community.aws.aws_waf_web_acl (1.1.0) — module
Install with ansible-galaxy collection install community.aws:==1.1.0
collections: - name: community.aws version: 1.1.0
Read the AWS documentation for WAF U(https://aws.amazon.com/documentation/waf/).
- name: create web ACL community.aws.aws_waf_web_acl: name: my_web_acl rules: - name: my_rule priority: 1 action: block default_action: block purge_rules: yes state: present
- name: delete the web acl community.aws.aws_waf_web_acl: name: my_web_acl state: absent
name: description: Name of the Web Application Firewall ACL to manage. required: true type: str rules: description: - A list of rules that the Web ACL will enforce. elements: dict suboptions: action: description: The action to perform. required: true type: str name: description: Name of the rule. required: true type: str priority: description: The priority of the action. Priorities must be unique. Lower numbered priorities are evaluated first. required: true type: int type: choices: - rate_based - regular description: The type of rule. type: str type: list state: choices: - present - absent default: present description: Whether the Web ACL should be present or absent. type: str region: aliases: - aws_region - ec2_region description: - The AWS region to use. - For global services such as IAM, Route53 and CloudFront, I(region) is ignored. - The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used. - See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). - The C(ec2_region) alias has been deprecated and will be removed in a release after 2024-12-01 - Support for the C(EC2_REGION) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str profile: aliases: - aws_profile description: - A named AWS profile to use for authentication. - See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html). - The C(AWS_PROFILE) environment variable may also be used. - The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key) and I(security_token) options. type: str access_key: aliases: - aws_access_key_id - aws_access_key - ec2_access_key description: - AWS access key ID. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables may also be used in decreasing order of preference. - The I(aws_access_key) and I(profile) options are mutually exclusive. - The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_access_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). type: dict secret_key: aliases: - aws_secret_access_key - aws_secret_key - ec2_secret_key description: - AWS secret access key. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment variables may also be used in decreasing order of preference. - The I(secret_key) and I(profile) options are mutually exclusive. - The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_secret_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str metric_name: description: - A friendly name or description for the metrics for this WebACL. - The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. - You can't change I(metric_name) after you create the WebACL. - Metric name will default to I(name) with disallowed characters stripped out. type: str purge_rules: default: false description: - Whether to remove rules that aren't passed with I(rules). type: bool endpoint_url: aliases: - ec2_url - aws_endpoint_url - s3_url description: - URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. - The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing order of preference. - The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_URL) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str waf_regional: default: false description: Whether to use waf-regional module. required: false type: bool aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - The C(AWS_CA_BUNDLE) environment variable may also be used. type: path session_token: aliases: - aws_session_token - security_token - aws_security_token - access_token description: - AWS STS session token for use with temporary credentials. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment variables may also be used in decreasing order of preference. - The I(security_token) and I(profile) options are mutually exclusive. - Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with the parameter being renamed from I(security_token) to I(session_token) in release 6.0.0. - The I(security_token), I(aws_security_token), and I(access_token) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables has been deprecated and will be removed in a release after 2024-12-01. type: str default_action: choices: - block - allow - count description: The action that you want AWS WAF to take when a request doesn't match the criteria specified in any of the Rule objects that are associated with the WebACL. type: str validate_certs: default: true description: - When set to C(false), SSL certificates will not be validated for communication with the AWS APIs. - Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider setting I(aws_ca_bundle) instead. type: bool debug_botocore_endpoint_logs: default: false description: - Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action") API calls made during a task, outputing the set to the resource_actions key in the task results. Use the C(aws_resource_action) callback to output to total list made during a playbook. - The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used. type: bool
web_acl: contains: default_action: description: Default action taken by the Web ACL if no rules match. returned: always sample: type: BLOCK type: dict metric_name: description: Metric name used as an identifier. returned: always sample: mywebacl type: str name: description: Friendly name of the Web ACL. returned: always sample: my web acl type: str rules: contains: action: description: Action taken by the WAF when the rule matches. returned: always sample: type: ALLOW type: complex priority: description: priority number of the rule (lower numbers are run first). returned: always sample: 2 type: int rule_id: description: Rule ID. returned: always sample: a6fc7ab5-287b-479f-8004-7fd0399daf75 type: str type: description: Type of rule (either REGULAR or RATE_BASED). returned: always sample: REGULAR type: str description: List of rules. returned: always type: complex web_acl_id: description: Unique identifier of Web ACL. returned: always sample: 10fff965-4b6b-46e2-9d78-24f6d2e2d21c type: str description: contents of the Web ACL. returned: always type: complex