Skip to content
Alchemy
GitHubXDiscord

SqlInjectionMatchSet

The SqlInjectionMatchSet resource allows you to define a set of SQL injection match tuples that can be used to identify SQL injection attacks in web requests. For more information, refer to the AWS WAFRegional SqlInjectionMatchSets documentation.

Minimal Example

Section titled “Minimal Example”

Create a basic SqlInjectionMatchSet with one SQL injection match tuple.

import AWS from "alchemy/aws/control";


const sqlInjectionMatchSet = await AWS.WAFRegional.SqlInjectionMatchSet("basicSqlInjectionMatchSet", {
  Name: "BasicSQLInjectionSet",
  SqlInjectionMatchTuples: [{
    FieldToMatch: {
      Type: "QUERY_STRING"
    },
    TextTransformation: "URL_DECODE",
    TargetString: "SELECT * FROM"
  }]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a SqlInjectionMatchSet with multiple SQL injection match tuples for enhanced protection.

const advancedSqlInjectionMatchSet = await AWS.WAFRegional.SqlInjectionMatchSet("advancedSqlInjectionMatchSet", {
  Name: "AdvancedSQLInjectionSet",
  SqlInjectionMatchTuples: [
    {
      FieldToMatch: {
        Type: "BODY"
      },
      TextTransformation: "URL_DECODE",
      TargetString: "DROP TABLE"
    },
    {
      FieldToMatch: {
        Type: "HEADER",
        Data: "User-Agent"
      },
      TextTransformation: "LOWERCASE",
      TargetString: "UNION SELECT"
    }
  ]
});

Adoption of Existing Resource

Section titled “Adoption of Existing Resource”

If you want to adopt an existing SqlInjectionMatchSet without creating a new one, use the adopt property.

const existingSqlInjectionMatchSet = await AWS.WAFRegional.SqlInjectionMatchSet("existingSqlInjectionMatchSet", {
  Name: "ExistingSQLInjectionSet",
  adopt: true
});

Use Case: Associating with WebACL

Section titled “Use Case: Associating with WebACL”

Demonstrate how to associate a SqlInjectionMatchSet with a WebACL for comprehensive security.

const webAclWithSqlInjectionProtection = await AWS.WAFRegional.WebACL("webAclWithSqlInjectionProtection", {
  Name: "WebAclWithSQLInjectionProtection",
  DefaultAction: {
    Type: "ALLOW"
  },
  Rules: [{
    Type: "REGULAR",
    Priority: 1,
    RuleId: sqlInjectionMatchSet.id, // Assuming this matches the ID of the created SqlInjectionMatchSet
    Action: {
      Type: "BLOCK"
    }
  }]
});