AWS WAF Web ACL Rule -- programmatically get details

While adding resources to protect with AWS Shield Advanced through the console, the 'wizard' created a Web ACL rate-limiting rule, which I can see in the console under

  • AWS WAF > Web ACLs > MyACL > Rules > MyRateLimitingRule

How can I get (and set) the details of that rule programmatically? I've tried using the CLI with both the waf and wafv2 commands but neither return anything useful; the closest I've got was

aws wafv2 list-available-managed-rule-groups --scope REGIONAL

which, at least, returns the AWSManagedRulesCommonRuleSet, which is also visible, above MyRateLimitingRule. Can the CLI return what I need or is there another way to get these details (a Python script going to the API perhaps)?


Solution 1:

This script gives the required response (Bash, AWS CLI, JQ)

#!/bin/bash

web_acl_id () {
    aws wafv2 list-web-acls\
    --scope REGIONAL                         |
    jq -r ".WebACLs []                       |
    select (.Name == \"$web_acl_name\")      |
    .Id"
}

web_acl_rule () {
    aws wafv2 get-web-acl\
    --name $web_acl_name\
    --scope REGIONAL\
    --id $(web_acl_id)   |
    jq ".WebACL.Rules [] |
    select (.Name == \"$web_acl_rule_name\")"
}

web_acl_name=MyACL
web_acl_rule_name=MyRateLimitingRule

web_acl_rule