aws.graphql-api¶
Resource Manager for AppSync GraphQLApi
Filters¶
wafv2-enabled¶
Filter AppSync GraphQLApi by wafv2 web-acl
- example:
policies:
- name: filter-graphql-api-wafv2
resource: graphql-api
filters:
- type: wafv2-enabled
state: false
web-acl: test-waf-v2
- name: filter-graphql-api-wafv2-regex
resource: graphql-api
filters:
- type: wafv2-enabled
state: false
web-acl: .*FMManagedWebACLV2-?FMS-.*
properties:
state:
type: boolean
type:
enum:
- wafv2-enabled
web-acl:
type: string
required:
- type
Permissions - wafv2:ListWebACLs
Actions¶
delete¶
Delete an AppSync GraphQL API.
- example:
policies:
- name: appsync-delete-unlogged-api
resource: graphql-api
filters:
- type: value
key: logConfig
value: absent
actions:
- delete
properties:
type:
enum:
- delete
required:
- type
Permissions - appsync:DeleteGraphqlApi
set-wafv2¶
Enable wafv2 protection on AppSync graphqlApi.
- example:
policies:
- name: set-wafv2-for-graphql-api
resource: graphql-api
filters:
- type: wafv2-enabled
state: false
web-acl: test-waf-v2
actions:
- type: set-wafv2
state: true
force: true
web-acl: test-waf-v2
- name: unset-wafv2-for-graphql-api
resource: graphql-api
filters:
- type: wafv2-enabled
state: true
actions:
- type: set-wafv2
state: true
force: true
web-acl: test-waf-v2
policies:
- name: set-wafv2-for-graphql-api-regex
resource: graphql-api
filters:
- type: wafv2-enabled
state: false
web-acl: .*FMManagedWebACLV2-?FMS-.*
actions:
- type: set-wafv2
state: true
force: true
web-acl: FMManagedWebACLV2-?FMS-TestWebACL
properties:
force:
type: boolean
state:
type: boolean
type:
enum:
- set-wafv2
web-acl:
type: string
required:
- type
Permissions - wafv2:AssociateWebACL, wafv2:DisassociateWebACL, wafv2:ListWebACLs