aws.graphql-api

Resource Manager for AppSync GraphQLApi

Filters

wafv2-enabled

Filter AppSync GraphQLApi by wafv2 web-acl :example: .. code-block:: yaml

policies:
  • name: filter-graphql-api-wafv2 resource: graphql-api filters:

    • type: wafv2-enabled state: false web-acl: test-waf-v2

  • name: filter-graphql-api-wafv2-regex resource: graphql-api filters:

    • type: wafv2-enabled state: false web-acl: .*FMManagedWebACLV2-?FMS-.*

properties:
  state:
    type: boolean
  type:
    enum:
    - wafv2-enabled
  web-acl:
    type: string
required:
- type

Permissions - wafv2:ListWebACLs

Actions

set-wafv2

Enable wafv2 protection on AppSync graphqlApi.

example

policies:
  - name: set-wafv2-for-graphql-api
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: false
        web-acl: test-waf-v2
    actions:
      - type: set-wafv2
        state: true
        force: true
        web-acl: test-waf-v2

  - name: unset-wafv2-for-graphql-api
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: true
    actions:
      - type: set-wafv2
        state: true
        force: true
        web-acl: test-waf-v2

policies:
  - name: set-wafv2-for-graphql-api-regex
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: false
        web-acl: .*FMManagedWebACLV2-?FMS-.*
    actions:
      - type: set-wafv2
        state: true
        force: true
        web-acl: FMManagedWebACLV2-?FMS-TestWebACL
properties:
  force:
    type: boolean
  state:
    type: boolean
  type:
    enum:
    - set-wafv2
  web-acl:
    type: string
required:
- type

Permissions - wafv2:AssociateWebACL, wafv2:DisassociateWebACL, wafv2:ListWebACLs