Provides an WAF Regional Rule Resource for use with Application Load Balancer.

Example Usage

resource "aws_wafregional_ipset" "ipset" {
  name = "tfIPSet"

  ip_set_descriptor {
    type  = "IPV4"
    value = ""

resource "aws_wafregional_rule" "wafrule" {
  name        = "tfWAFRule"
  metric_name = "tfWAFRule"

  predicate {
    type    = "IPMatch"
    data_id = "${aws_wafregional_ipset.ipset.id}"
    negated = false

Argument Reference

The following arguments are supported:

  • name - (Required) The name or description of the rule.
  • metric_name - (Required) The name or description for the Amazon CloudWatch metric of this rule.
  • predicate - (Optional) The objects to include in a rule.

Nested Fields


See the WAF Documentation for more information.


  • type - (Required) The type of predicate in a rule. Valid values: ByteMatch, GeoMatch, IPMatch, RegexMatch, SizeConstraint, SqlInjectionMatch, or XssMatch
  • data_id - (Required) The unique identifier of a predicate, such as the ID of a ByteMatchSet or IPSet.
  • negated - (Required) Whether to use the settings or the negated settings that you specified in the objects.


Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the WAF Regional Rule.

© 2018 HashiCorpLicensed under the MPL 2.0 License.