Description: Declarative management of AWS WAFv2 WebACLs through Kubernetes Custom Resources.
Key Features:
- 11 statement types: GeoMatch, RateBased, ByteMatch, ManagedRuleGroup, LabelMatch, SizeConstraint, SqliMatch, XssMatch, RegexMatch, AsnMatch, IPSetReference
- Logical operators (And/Or/Not) with limited nesting levels
- Custom response bodies and request handling
- CAPTCHA/Challenge configuration
- Token domains for cross-domain CAPTCHA
- Per-rule and WebACL-level visibility configuration
API Example:
apiVersion: cloud-resources.kyma-project.io/v1beta1
kind: AwsWebAcl
metadata:
name: production-webacl
spec:
defaultAction:
allow: {}
visibilityConfig:
cloudWatchMetricsEnabled: true
sampledRequestsEnabled: true
rules:
- name: block-high-risk-countries
priority: 0
action:
block: {}
statement:
geoMatch:
countryCodes: ["KP", "IR"]
status:
arn: arn:aws:wafv2:us-east-1:123456789012:regional/webacl/production-webacl/abc123
id: abc123-def456-789012
state: Ready
Description: Declarative management of AWS WAFv2 WebACLs through Kubernetes Custom Resources.
Key Features:
API Example: