1{ 2 "version": "1.1", 3 "parameters": { 4 "Region": { 5 "builtIn": "AWS::Region", 6 "required": true, 7 "documentation": "The AWS region used to dispatch the request.", 8 "type": "String" 9 }, 10 "UseDualStack": { 11 "builtIn": "AWS::UseDualStack", 12 "required": true, 13 "default": false, 14 "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", 15 "type": "Boolean" 16 }, 17 "UseFIPS": { 18 "builtIn": "AWS::UseFIPS", 19 "required": true, 20 "default": false, 21 "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", 22 "type": "Boolean" 23 } 24 }, 25 "rules": [ 26 { 27 "conditions": [ 28 { 29 "fn": "aws.partition", 30 "argv": [ 31 { 32 "ref": "Region" 33 } 34 ], 35 "assign": "PartitionResult" 36 } 37 ], 38 "type": "tree", 39 "rules": [ 40 { 41 "conditions": [ 42 { 43 "fn": "booleanEquals", 44 "argv": [ 45 { 46 "ref": "UseFIPS" 47 }, 48 true 49 ] 50 }, 51 { 52 "fn": "booleanEquals", 53 "argv": [ 54 { 55 "ref": "UseDualStack" 56 }, 57 true 58 ] 59 } 60 ], 61 "type": "tree", 62 "rules": [ 63 { 64 "conditions": [ 65 { 66 "fn": "booleanEquals", 67 "argv": [ 68 true, 69 { 70 "fn": "getAttr", 71 "argv": [ 72 { 73 "ref": "PartitionResult" 74 }, 75 "supportsFIPS" 76 ] 77 } 78 ] 79 }, 80 { 81 "fn": "booleanEquals", 82 "argv": [ 83 true, 84 { 85 "fn": "getAttr", 86 "argv": [ 87 { 88 "ref": "PartitionResult" 89 }, 90 "supportsDualStack" 91 ] 92 } 93 ] 94 } 95 ], 96 "type": "tree", 97 "rules": [ 98 { 99 "conditions": [], 100 "endpoint": { 101 "url": "https://waf-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", 102 "properties": { 103 "authSchemes": [ 104 { 105 "name": "sigv4", 106 "signingRegion": "{Region}", 107 "signingName": "waf" 108 } 109 ] 110 }, 111 "headers": {} 112 }, 113 "type": "endpoint" 114 } 115 ] 116 }, 117 { 118 "conditions": [], 119 "error": "FIPS and DualStack are enabled, but this partition does not support one or both", 120 "type": "error" 121 } 122 ] 123 }, 124 { 125 "conditions": [ 126 { 127 "fn": "booleanEquals", 128 "argv": [ 129 { 130 "ref": "UseFIPS" 131 }, 132 true 133 ] 134 } 135 ], 136 "type": "tree", 137 "rules": [ 138 { 139 "conditions": [ 140 { 141 "fn": "booleanEquals", 142 "argv": [ 143 true, 144 { 145 "fn": "getAttr", 146 "argv": [ 147 { 148 "ref": "PartitionResult" 149 }, 150 "supportsFIPS" 151 ] 152 } 153 ] 154 } 155 ], 156 "type": "tree", 157 "rules": [ 158 { 159 "conditions": [], 160 "type": "tree", 161 "rules": [ 162 { 163 "conditions": [ 164 { 165 "fn": "stringEquals", 166 "argv": [ 167 { 168 "ref": "Region" 169 }, 170 "aws" 171 ] 172 } 173 ], 174 "endpoint": { 175 "url": "https://waf-fips.amazonaws.com", 176 "properties": { 177 "authSchemes": [ 178 { 179 "name": "sigv4", 180 "signingRegion": "{Region}", 181 "signingName": "waf" 182 } 183 ] 184 }, 185 "headers": {} 186 }, 187 "type": "endpoint" 188 }, 189 { 190 "conditions": [ 191 { 192 "fn": "stringEquals", 193 "argv": [ 194 { 195 "ref": "Region" 196 }, 197 "aws-global" 198 ] 199 } 200 ], 201 "endpoint": { 202 "url": "https://waf-fips.amazonaws.com", 203 "properties": { 204 "authSchemes": [ 205 { 206 "name": "sigv4", 207 "signingRegion": "{Region}", 208 "signingName": "waf" 209 } 210 ] 211 }, 212 "headers": {} 213 }, 214 "type": "endpoint" 215 }, 216 { 217 "conditions": [], 218 "endpoint": { 219 "url": "https://waf-fips.{Region}.{PartitionResult#dnsSuffix}", 220 "properties": { 221 "authSchemes": [ 222 { 223 "name": "sigv4", 224 "signingRegion": "{Region}", 225 "signingName": "waf" 226 } 227 ] 228 }, 229 "headers": {} 230 }, 231 "type": "endpoint" 232 } 233 ] 234 } 235 ] 236 }, 237 { 238 "conditions": [], 239 "error": "FIPS is enabled but this partition does not support FIPS", 240 "type": "error" 241 } 242 ] 243 }, 244 { 245 "conditions": [ 246 { 247 "fn": "booleanEquals", 248 "argv": [ 249 { 250 "ref": "UseDualStack" 251 }, 252 true 253 ] 254 } 255 ], 256 "type": "tree", 257 "rules": [ 258 { 259 "conditions": [ 260 { 261 "fn": "booleanEquals", 262 "argv": [ 263 true, 264 { 265 "fn": "getAttr", 266 "argv": [ 267 { 268 "ref": "PartitionResult" 269 }, 270 "supportsDualStack" 271 ] 272 } 273 ] 274 } 275 ], 276 "type": "tree", 277 "rules": [ 278 { 279 "conditions": [], 280 "endpoint": { 281 "url": "https://waf.{Region}.{PartitionResult#dualStackDnsSuffix}", 282 "properties": { 283 "authSchemes": [ 284 { 285 "name": "sigv4", 286 "signingRegion": "{Region}", 287 "signingName": "waf" 288 } 289 ] 290 }, 291 "headers": {} 292 }, 293 "type": "endpoint" 294 } 295 ] 296 }, 297 { 298 "conditions": [], 299 "error": "DualStack is enabled but this partition does not support DualStack", 300 "type": "error" 301 } 302 ] 303 }, 304 { 305 "conditions": [], 306 "type": "tree", 307 "rules": [ 308 { 309 "conditions": [ 310 { 311 "fn": "stringEquals", 312 "argv": [ 313 { 314 "ref": "Region" 315 }, 316 "aws-global" 317 ] 318 } 319 ], 320 "endpoint": { 321 "url": "https://waf.amazonaws.com", 322 "properties": { 323 "authSchemes": [ 324 { 325 "name": "sigv4", 326 "signingRegion": "us-east-1", 327 "signingName": "waf" 328 } 329 ] 330 }, 331 "headers": {} 332 }, 333 "type": "endpoint" 334 }, 335 { 336 "conditions": [], 337 "endpoint": { 338 "url": "https://waf.{Region}.{PartitionResult#dnsSuffix}", 339 "properties": { 340 "authSchemes": [ 341 { 342 "name": "sigv4", 343 "signingRegion": "{Region}", 344 "signingName": "waf" 345 } 346 ] 347 }, 348 "headers": {} 349 }, 350 "type": "endpoint" 351 } 352 ] 353 } 354 ] 355 } 356 ] 357}