Menu
I want to create a json format cloud formation template that creates an ACL and rule in WAF to allow only the United States users to access the API gateway. I have the following code so far but it gives an error ("Encountered unsupported property Action") in AWS:
"Type":"AWS::WAF::Rule",
"Properties":{
"Name":"APIGeoBlockRule",
"Priority":0,
"Action":{
"Block":{}
},
"VisibilityConfig":{
"SampledRequestsEnabled":true,
"CloudWatchMetricsEnabled":true,
"MetricName": "APIGeoBlockRule"
},
"Statement":{
"NotStatement":{
"Statement":{
"GeoMatchStatement":{
"CountryCodes":[
"US"
]
}
}
}
}
}
}
976
asked Jan 17 '26 11:01
After looking at the documentation, you are trying to do a WAFv2 rule under a classic WAF resource. Your resource type of AWS::WAF::Rule is the classic WAF rule while the structure is of WAFv2.
I haven't used WAFv2 yet myself but looking at the documentation, this should be about what you want in yaml format:
Description: Create WebACL example
Resources:
ExampleWebACL:
Type: AWS::WAFv2::WebACL
Properties:
Name: ExampleWebACL
Scope: REGIONAL
Description: This is an example WebACL
DefaultAction:
Allow: {}
Rules:
- Name: GeoRestrictExample
Priority: 0
Action:
Block: {}
Statement:
NotStatement:
Statement:
GeoMatchStatement:
CountryCodes:
- US
As of 1/13/2020, you cannot associate a resource such as api gateway stage with a WAFv2 ACL using cloudformation. You can do so using the console, sdk, a custom resource, and cli.
82
answered Jan 20 '26 03:01
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With