WAFV2 / Client / get_rate_based_statement_managed_keys

get_rate_based_statement_managed_keys#

WAFV2.Client.get_rate_based_statement_managed_keys(**kwargs)#

Retrieves the keys that are currently blocked by a rate-based rule instance. The maximum number of managed keys that can be blocked for a single rate-based rule instance is 10,000. If more than 10,000 addresses exceed the rate limit, those with the highest rates are blocked.

For a rate-based rule that you’ve defined inside a rule group, provide the name of the rule group reference statement in your request, in addition to the rate-based rule name and the web ACL name.

WAF monitors web requests and manages keys independently for each unique combination of web ACL, optional rule group, and rate-based rule. For example, if you define a rate-based rule inside a rule group, and then use the rule group in a web ACL, WAF monitors web requests and manages keys for that web ACL, rule group reference statement, and rate-based rule instance. If you use the same rule group in a second web ACL, WAF monitors web requests and manages keys for this second usage completely independent of your first.

See also: AWS API Documentation

Request Syntax

response = client.get_rate_based_statement_managed_keys(
    Scope='CLOUDFRONT'|'REGIONAL',
    WebACLName='string',
    WebACLId='string',
    RuleGroupRuleName='string',
    RuleName='string'
)
Parameters:
  • Scope (string) –

    [REQUIRED]

    Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • WebACLName (string) –

    [REQUIRED]

    The name of the web ACL. You cannot change the name of a web ACL after you create it.

  • WebACLId (string) –

    [REQUIRED]

    The unique identifier for the web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • RuleGroupRuleName (string) – The name of the rule group reference statement in your web ACL. This is required only when you have the rate-based rule nested inside a rule group.

  • RuleName (string) –

    [REQUIRED]

    The name of the rate-based rule to get the keys for. If you have the rule defined inside a rule group that you’re using in your web ACL, also provide the name of the rule group reference statement in the request parameter RuleGroupRuleName.

Return type:

dict

Returns:

Response Syntax

{
    'ManagedKeysIPV4': {
        'IPAddressVersion': 'IPV4'|'IPV6',
        'Addresses': [
            'string',
        ]
    },
    'ManagedKeysIPV6': {
        'IPAddressVersion': 'IPV4'|'IPV6',
        'Addresses': [
            'string',
        ]
    }
}

Response Structure

  • (dict) –

    • ManagedKeysIPV4 (dict) –

      The keys that are of Internet Protocol version 4 (IPv4).

      • IPAddressVersion (string) –

        The version of the IP addresses, either IPV4 or IPV6.

      • Addresses (list) –

        The IP addresses that are currently blocked.

        • (string) –

    • ManagedKeysIPV6 (dict) –

      The keys that are of Internet Protocol version 6 (IPv6).

      • IPAddressVersion (string) –

        The version of the IP addresses, either IPV4 or IPV6.

      • Addresses (list) –

        The IP addresses that are currently blocked.

        • (string) –

Exceptions

  • WAFV2.Client.exceptions.WAFInternalErrorException

  • WAFV2.Client.exceptions.WAFInvalidParameterException

  • WAFV2.Client.exceptions.WAFNonexistentItemException

  • WAFV2.Client.exceptions.WAFInvalidOperationException