get-rate-based-statement-managed-keys¶
Description¶
Note
This is the latest version of AWS WAF , named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide .
Retrieves the keys that are currently blocked by a rate-based rule. The maximum number of managed keys that can be blocked for a single rate-based rule is 10,000. If more than 10,000 addresses exceed the rate limit, those with the highest rates are blocked.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
Synopsis¶
get-rate-based-statement-managed-keys
--scope <value>
--web-acl-name <value>
--web-acl-id <value>
--rule-name <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]
Options¶
--scope (string)
Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope:
--scope=CLOUDFRONT --region=us-east-1.API and SDKs - For all calls, use the Region endpoint us-east-1.
Possible values:
CLOUDFRONT
REGIONAL
--web-acl-name (string)
The name of the Web ACL. You cannot change the name of a Web ACL after you create it.
--web-acl-id (string)
The unique identifier for the Web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.
--rule-name (string)
The name of the rate-based rule to get the keys for.
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.
--cli-auto-prompt (boolean)
Automatically prompt for CLI input parameters.
See ‘aws help’ for descriptions of global parameters.
Examples¶
To retrieve a list of IP addresses that are blocked by a rate-based rule
The following get-rate-based-statement-managed-keys retrieves the IP addresses currently blocked by a rate-based rule that’s being used for a regional application.
aws wafv2 get-rate-based-statement-managed-keys \
--scope REGIONAL \
--web-acl-name testwebacl2 \
--web-acl-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \
--rule-name ratebasedtest
Output:
{
"ManagedKeysIPV4":{
"IPAddressVersion":"IPV4",
"Addresses":[
"198.51.100.0/32"
]
},
"ManagedKeysIPV6":{
"IPAddressVersion":"IPV6",
"Addresses":[
]
}
}
For more information, see Rate-Based Rule Statement in the AWS WAF, AWS Firewall Manager, and AWS Shield Advanced Developer Guide.
Output¶
ManagedKeysIPV4 -> (structure)
The keys that are of Internet Protocol version 4 (IPv4).
IPAddressVersion -> (string)
Addresses -> (list)
The IP addresses that are currently blocked.
(string)
ManagedKeysIPV6 -> (structure)
The keys that are of Internet Protocol version 6 (IPv6).
IPAddressVersion -> (string)
Addresses -> (list)
The IP addresses that are currently blocked.
(string)