aws.graphql-api

Resource Manager for AppSync GraphQLApi

Filters

wafv2-enabled

Filter AppSync GraphQLApi by wafv2 web-acl

example:

policies:
  - name: filter-graphql-api-wafv2
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: false
        web-acl: test-waf-v2
  - name: filter-graphql-api-wafv2-regex
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: false
        web-acl: .*FMManagedWebACLV2-?FMS-.*
properties:
  state:
    type: boolean
  type:
    enum:
    - wafv2-enabled
  web-acl:
    type: string
required:
- type

Permissions - wafv2:ListWebACLs

Actions

delete

Delete an AppSync GraphQL API.

example:

policies:
  - name: appsync-delete-unlogged-api
    resource: graphql-api
    filters:
      - type: value
        key: logConfig
        value: absent
    actions:
      - delete
properties:
  type:
    enum:
    - delete
required:
- type

Permissions - appsync:DeleteGraphqlApi

set-wafv2

Enable wafv2 protection on AppSync graphqlApi.

example:

policies:
  - name: set-wafv2-for-graphql-api
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: false
        web-acl: test-waf-v2
    actions:
      - type: set-wafv2
        state: true
        force: true
        web-acl: test-waf-v2

  - name: unset-wafv2-for-graphql-api
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: true
    actions:
      - type: set-wafv2
        state: true
        force: true
        web-acl: test-waf-v2

policies:
  - name: set-wafv2-for-graphql-api-regex
    resource: graphql-api
    filters:
      - type: wafv2-enabled
        state: false
        web-acl: .*FMManagedWebACLV2-?FMS-.*
    actions:
      - type: set-wafv2
        state: true
        force: true
        web-acl: FMManagedWebACLV2-?FMS-TestWebACL
properties:
  force:
    type: boolean
  state:
    type: boolean
  type:
    enum:
    - set-wafv2
  web-acl:
    type: string
required:
- type

Permissions - wafv2:AssociateWebACL, wafv2:DisassociateWebACL, wafv2:ListWebACLs