com.pulumi.awsnative.wafv2.kotlin.inputs.WebAclAwsManagedRulesAtpRuleSetArgs.kt Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-native-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
There is a newer version: 0.122.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.awsnative.wafv2.kotlin.inputs

import com.pulumi.awsnative.wafv2.inputs.WebAclAwsManagedRulesAtpRuleSetArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiNullFieldException
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.jvm.JvmName

/**
 * Configures how to use the Account Takeover Prevention managed rule group in the web ACL
 * @property enableRegexInPath Allow the use of regular expressions in the login page path.
 * @property loginPath The path of the login endpoint for your application. For example, for the URL `https://example.com/web/login` , you would provide the path `/web/login` . Login paths that start with the path that you provide are considered a match. For example `/web/login` matches the login paths `/web/login` , `/web/login/` , `/web/loginPage` , and `/web/login/thisPage` , but doesn't match the login path `/home/web/login` or `/website/login` .
 * The rule group inspects only HTTP `POST` requests to your specified login endpoint.
 * @property requestInspection The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
 * @property responseInspection The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
 * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
 * The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
 */
public data class WebAclAwsManagedRulesAtpRuleSetArgs(
    public val enableRegexInPath: Output? = null,
    public val loginPath: Output,
    public val requestInspection: Output? = null,
    public val responseInspection: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.awsnative.wafv2.inputs.WebAclAwsManagedRulesAtpRuleSetArgs =
        com.pulumi.awsnative.wafv2.inputs.WebAclAwsManagedRulesAtpRuleSetArgs.builder()
            .enableRegexInPath(enableRegexInPath?.applyValue({ args0 -> args0 }))
            .loginPath(loginPath.applyValue({ args0 -> args0 }))
            .requestInspection(requestInspection?.applyValue({ args0 -> args0.let({ args0 -> args0.toJava() }) }))
            .responseInspection(
                responseInspection?.applyValue({ args0 ->
                    args0.let({ args0 ->
                        args0.toJava()
                    })
                }),
            ).build()
}

/**
 * Builder for [WebAclAwsManagedRulesAtpRuleSetArgs].
 */
@PulumiTagMarker
public class WebAclAwsManagedRulesAtpRuleSetArgsBuilder internal constructor() {
    private var enableRegexInPath: Output? = null

    private var loginPath: Output? = null

    private var requestInspection: Output? = null

    private var responseInspection: Output? = null

    /**
     * @param value Allow the use of regular expressions in the login page path.
     */
    @JvmName("ucimkrafgoshkndf")
    public suspend fun enableRegexInPath(`value`: Output) {
        this.enableRegexInPath = value
    }

    /**
     * @param value The path of the login endpoint for your application. For example, for the URL `https://example.com/web/login` , you would provide the path `/web/login` . Login paths that start with the path that you provide are considered a match. For example `/web/login` matches the login paths `/web/login` , `/web/login/` , `/web/loginPage` , and `/web/login/thisPage` , but doesn't match the login path `/home/web/login` or `/website/login` .
     * The rule group inspects only HTTP `POST` requests to your specified login endpoint.
     */
    @JvmName("ajomyqjmkeoejugt")
    public suspend fun loginPath(`value`: Output) {
        this.loginPath = value
    }

    /**
     * @param value The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
     */
    @JvmName("hkdcpuobanddvayd")
    public suspend fun requestInspection(`value`: Output) {
        this.requestInspection = value
    }

    /**
     * @param value The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
     * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
     * The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
     */
    @JvmName("fjlmgsxiacvlcbkk")
    public suspend fun responseInspection(`value`: Output) {
        this.responseInspection = value
    }

    /**
     * @param value Allow the use of regular expressions in the login page path.
     */
    @JvmName("apwlrsiqugyxcaph")
    public suspend fun enableRegexInPath(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.enableRegexInPath = mapped
    }

    /**
     * @param value The path of the login endpoint for your application. For example, for the URL `https://example.com/web/login` , you would provide the path `/web/login` . Login paths that start with the path that you provide are considered a match. For example `/web/login` matches the login paths `/web/login` , `/web/login/` , `/web/loginPage` , and `/web/login/thisPage` , but doesn't match the login path `/home/web/login` or `/website/login` .
     * The rule group inspects only HTTP `POST` requests to your specified login endpoint.
     */
    @JvmName("gakcllcfrabuijcj")
    public suspend fun loginPath(`value`: String) {
        val toBeMapped = value
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.loginPath = mapped
    }

    /**
     * @param value The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
     */
    @JvmName("ipbgialemrueecmo")
    public suspend fun requestInspection(`value`: WebAclRequestInspectionArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.requestInspection = mapped
    }

    /**
     * @param argument The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
     */
    @JvmName("rhckmwohaknlwcts")
    public suspend fun requestInspection(argument: suspend WebAclRequestInspectionArgsBuilder.() -> Unit) {
        val toBeMapped = WebAclRequestInspectionArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.requestInspection = mapped
    }

    /**
     * @param value The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
     * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
     * The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
     */
    @JvmName("wuynshkwlvputaei")
    public suspend fun responseInspection(`value`: WebAclResponseInspectionArgs?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.responseInspection = mapped
    }

    /**
     * @param argument The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
     * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
     * The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
     */
    @JvmName("qvijmtkuovxflmpu")
    public suspend fun responseInspection(argument: suspend WebAclResponseInspectionArgsBuilder.() -> Unit) {
        val toBeMapped = WebAclResponseInspectionArgsBuilder().applySuspend { argument() }.build()
        val mapped = of(toBeMapped)
        this.responseInspection = mapped
    }

    internal fun build(): WebAclAwsManagedRulesAtpRuleSetArgs = WebAclAwsManagedRulesAtpRuleSetArgs(
        enableRegexInPath = enableRegexInPath,
        loginPath = loginPath ?: throw PulumiNullFieldException("loginPath"),
        requestInspection = requestInspection,
        responseInspection = responseInspection,
    )
}