Skip to content
Alchemy
GitHubXDiscord

IPSet

The IPSet resource lets you manage AWS WAF IPSets for controlling access to your web applications based on IP addresses.

Minimal Example

Section titled “Minimal Example”

Create a basic IPSet with a name and a couple of IPSetDescriptors.

import AWS from "alchemy/aws/control";


const basicIPSet = await AWS.WAF.IPSet("basicIPSet", {
  name: "BasicIPSet",
  IPSetDescriptors: [
    { Type: "IPV4", Value: "192.0.2.0/24" },
    { Type: "IPV4", Value: "203.0.113.0/24" }
  ]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure an IPSet with multiple types of IP addresses including IPv6.

const advancedIPSet = await AWS.WAF.IPSet("advancedIPSet", {
  name: "AdvancedIPSet",
  IPSetDescriptors: [
    { Type: "IPV4", Value: "198.51.100.0/24" },
    { Type: "IPV6", Value: "2001:db8::/32" }
  ],
  adopt: true // Adopt existing resource if it already exists
});

Integration with Web ACL

Section titled “Integration with Web ACL”

Create an IPSet and integrate it with a Web ACL to block traffic from specific IP addresses.

import AWS from "alchemy/aws/control";


const ipSetForWebACL = await AWS.WAF.IPSet("ipSetForWebACL", {
  name: "WebACLBlockIPSet",
  IPSetDescriptors: [
    { Type: "IPV4", Value: "10.0.0.0/8" },
    { Type: "IPV4", Value: "172.16.0.0/12" }
  ]
});


const webACL = await AWS.WAF.WebACL("webACL", {
  name: "MyWebACL",
  defaultAction: { Type: "ALLOW" },
  rules: [
    {
      Name: "BlockBadIPs",
      Priority: 1,
      Action: { Type: "BLOCK" },
      RuleId: ipSetForWebACL.id,
      VisibilityConfig: {
        SampledRequestsEnabled: true,
        CloudWatchMetricsEnabled: true,
        MetricName: "BlockBadIPsMetric"
      }
    }
  ]
});

This example demonstrates how to create an IPSet and associate it with a Web ACL that blocks traffic from specific IP ranges.