IPSet
wafv2.services.k8s.aws/v1alpha1
Type | Link |
---|---|
GoDoc | wafv2-controller/apis/v1alpha1#IPSet |
Metadata
Property | Value |
---|---|
Scope | Namespaced |
Kind | IPSet |
ListKind | IPSetList |
Plural | ipsets |
Singular | ipset |
Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule, you provide the ARN to the Rule statement IPSetReferenceStatement.
Spec
addresses:
- string
description: string
ipAddressVersion: string
name: string
scope: string
tags:
- key: string
value: string
Field | Description |
---|---|
addresses Required | array Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses that you want WAF to inspect for in incoming requests. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. Example address strings: * For requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32. * For requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24. * For requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128. * For requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). Example JSON Addresses specifications: * Empty array: “Addresses”: [] * Array with one address: “Addresses”: [“192.0.2.44/32”] * Array with three addresses: “Addresses”: [“192.0.2.44/32”, “192.0.2.0/24”, “192.0.0.0/16”] * INVALID specification: “Addresses”: [""] INVALID |
addresses.[] Required | string |
ipAddressVersion Required | string The version of the IP addresses, either IPV4 or IPV6. |
name Required | string The name of the IP set. You cannot change the name of an IPSet after you create it. |
scope Required | string Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: * CLI - Specify the Region when you use the CloudFront scope: –scope=CLOUDFRONT –region=us-east-1. * API and SDKs - For all calls, use the Region endpoint us-east-1. |
tags Optional | array An array of key:value pairs to associate with the resource. |
tags.[] Required | object A tag associated with an Amazon Web Services resource. Tags are key:value |
pairs that you can use to categorize and manage your resources, for purposes | |
like billing or other management. Typically, the tag key represents a category, | |
such as “environment”, and the tag value represents a specific value within | |
that category, such as “test,” “development,” or “production”. Or you might | |
set the tag key to “customer” and the value to the customer name or ID. You | |
can specify one or more tags to add to each Amazon Web Services resource, | |
up to 50 tags for a resource. |
You can tag the Amazon Web Services resources that you manage through WAF:
web ACLs, rule groups, IP sets, and regex pattern sets. You can’t manage
or view tags through the WAF console. || tags.[].key
Optional | string
|
| tags.[].value
Optional | string
|
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
region: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
id: string
lockToken: string
Field | Description |
---|---|
ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270 |
ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
conditions Optional | array All CRS managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
controllers to indicate terminal states of the CR and its backend AWS | |
service API resource | |
conditions.[].message Optional | string A human readable message indicating details about the transition. |
conditions.[].reason Optional | string The reason for the condition’s last transition. |
conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
conditions.[].type Optional | string Type is the type of the Condition |
id Optional | string A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete. |
lockToken Optional | string A token used for optimistic locking. WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation. |