get_rate_based_statement_managed_keys

WAFV2.Client.get_rate_based_statement_managed_keys(**kwargs)

Retrieves the keys that are currently blocked by a rate-based rule instance. The maximum number of managed keys that can be blocked for a single rate-based rule instance is 10,000. If more than 10,000 addresses exceed the rate limit, those with the highest rates are blocked.

For a rate-based rule that you've defined inside a rule group, provide the name of the rule group reference statement in your request, in addition to the rate-based rule name and the web ACL name.

WAF monitors web requests and manages keys independently for each unique combination of web ACL, optional rule group, and rate-based rule. For example, if you define a rate-based rule inside a rule group, and then use the rule group in a web ACL, WAF monitors web requests and manages keys for that web ACL, rule group reference statement, and rate-based rule instance. If you use the same rule group in a second web ACL, WAF monitors web requests and manages keys for this second usage completely independent of your first.

See also: AWS API Documentation

Request Syntax

response = client.get_rate_based_statement_managed_keys(
    Scope='CLOUDFRONT'|'REGIONAL',
    WebACLName='string',
    WebACLId='string',
    RuleGroupRuleName='string',
    RuleName='string'
)

Parameters

• Scope (string) --

  [REQUIRED]

  Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.

  To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

  • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1 .
  • API and SDKs - For all calls, use the Region endpoint us-east-1.
• WebACLName (string) --

  [REQUIRED]

  The name of the web ACL. You cannot change the name of a web ACL after you create it.

• WebACLId (string) --

  [REQUIRED]

  The unique identifier for the web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

• RuleGroupRuleName (string) -- The name of the rule group reference statement in your web ACL. This is required only when you have the rate-based rule nested inside a rule group.
• RuleName (string) --

  [REQUIRED]

  The name of the rate-based rule to get the keys for. If you have the rule defined inside a rule group that you're using in your web ACL, also provide the name of the rule group reference statement in the request parameter RuleGroupRuleName .

Return type

dict

Returns

Response Syntax

{
    'ManagedKeysIPV4': {
        'IPAddressVersion': 'IPV4'|'IPV6',
        'Addresses': [
            'string',
        ]
    },
    'ManagedKeysIPV6': {
        'IPAddressVersion': 'IPV4'|'IPV6',
        'Addresses': [
            'string',
        ]
    }
}

Response Structure

• (dict) --

  • ManagedKeysIPV4 (dict) --

    The keys that are of Internet Protocol version 4 (IPv4).

    • IPAddressVersion (string) --

      The version of the IP addresses, either IPV4 or IPV6 .

    • Addresses (list) --

      The IP addresses that are currently blocked.

      • (string) --

  • ManagedKeysIPV6 (dict) --

    The keys that are of Internet Protocol version 6 (IPv6).

    • IPAddressVersion (string) --

      The version of the IP addresses, either IPV4 or IPV6 .

    • Addresses (list) --

      The IP addresses that are currently blocked.

      • (string) --

Exceptions

• WAFV2.Client.exceptions.WAFInternalErrorException
• WAFV2.Client.exceptions.WAFInvalidParameterException
• WAFV2.Client.exceptions.WAFNonexistentItemException
• WAFV2.Client.exceptions.WAFInvalidOperationException