Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
@aws-sdk/client-wafv2
Advanced tools
@aws-sdk/client-wafv2
AWS SDK for JavaScript Wafv2 Client for Node.js, Browser and React Native
What is @aws-sdk/client-wafv2?
@aws-sdk/client-wafv2 is an AWS SDK for JavaScript package that allows developers to interact with AWS WAF (Web Application Firewall) V2. This package provides functionalities to manage web ACLs, rules, and other WAF resources to protect web applications from common web exploits.
What are @aws-sdk/client-wafv2's main functionalities?
Create Web ACL
This feature allows you to create a new Web ACL (Access Control List) in AWS WAF. The code sample demonstrates how to set up a basic Web ACL with default actions and visibility configurations.
{"import":"import { WAFV2Client, CreateWebACLCommand } from '@aws-sdk/client-wafv2';","client":"const client = new WAFV2Client({ region: 'us-west-2' });","command":"const command = new CreateWebACLCommand({\n Name: 'example-web-acl',\n Scope: 'REGIONAL',\n DefaultAction: { Allow: {} },\n VisibilityConfig: {\n SampledRequestsEnabled: true,\n CloudWatchMetricsEnabled: true,\n MetricName: 'example-web-acl'\n },\n Rules: []\n});","response":"const response = await client.send(command);","log":"console.log(response);"}List Web ACLs
This feature allows you to list all Web ACLs in a specified scope (REGIONAL or CLOUDFRONT). The code sample demonstrates how to retrieve and log the list of Web ACLs.
{"import":"import { WAFV2Client, ListWebACLsCommand } from '@aws-sdk/client-wafv2';","client":"const client = new WAFV2Client({ region: 'us-west-2' });","command":"const command = new ListWebACLsCommand({ Scope: 'REGIONAL' });","response":"const response = await client.send(command);","log":"console.log(response.WebACLs);"}Update Web ACL
This feature allows you to update an existing Web ACL. The code sample demonstrates how to change the default action of a Web ACL to block requests.
{"import":"import { WAFV2Client, UpdateWebACLCommand } from '@aws-sdk/client-wafv2';","client":"const client = new WAFV2Client({ region: 'us-west-2' });","command":"const command = new UpdateWebACLCommand({\n Name: 'example-web-acl',\n Scope: 'REGIONAL',\n Id: 'web-acl-id',\n DefaultAction: { Block: {} },\n VisibilityConfig: {\n SampledRequestsEnabled: true,\n CloudWatchMetricsEnabled: true,\n MetricName: 'example-web-acl'\n },\n Rules: []\n});","response":"const response = await client.send(command);","log":"console.log(response);"}Delete Web ACL
This feature allows you to delete an existing Web ACL. The code sample demonstrates how to remove a Web ACL by specifying its name, scope, and ID.
{"import":"import { WAFV2Client, DeleteWebACLCommand } from '@aws-sdk/client-wafv2';","client":"const client = new WAFV2Client({ region: 'us-west-2' });","command":"const command = new DeleteWebACLCommand({\n Name: 'example-web-acl',\n Scope: 'REGIONAL',\n Id: 'web-acl-id'\n});","response":"const response = await client.send(command);","log":"console.log(response);"}Other packages similar to @aws-sdk/client-wafv2
cloudflare
The 'cloudflare' npm package provides an API client for interacting with Cloudflare's services, including their web application firewall (WAF). Compared to @aws-sdk/client-wafv2, it offers similar functionalities for managing web security but is specific to Cloudflare's infrastructure.
fastly
The 'fastly' npm package allows developers to interact with Fastly's edge cloud platform, including their WAF services. It provides functionalities to manage security configurations and rules for applications served through Fastly's CDN. This package is comparable to @aws-sdk/client-wafv2 but is tailored for Fastly's services.
akamai-edgegrid
The 'akamai-edgegrid' npm package is an API client for Akamai's EdgeGrid services, including their WAF. It offers similar capabilities to @aws-sdk/client-wafv2 for managing web security but is designed for use with Akamai's platform.
@aws-sdk/client-wafv2
Description
AWS SDK for JavaScript WAFV2 Client for Node.js, Browser and React Native.
WAF
This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like "V2" or "v2", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.
If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. WAF Classic support will end on September 30, 2025.
For information about WAF, including how to migrate your WAF Classic resources to this version, see the WAF Developer Guide.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.
This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.
You can make calls using the endpoints listed in WAF endpoints and quotas.
-
For regional resources, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
-
For Amazon CloudFront and Amplify, you must use the API endpoint listed for US East (N. Virginia): us-east-1.
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
Installing
To install this package, simply type add or install @aws-sdk/client-wafv2 using your favorite package manager:
npm install @aws-sdk/client-wafv2yarn add @aws-sdk/client-wafv2pnpm add @aws-sdk/client-wafv2
Getting Started
Import
The AWS SDK is modulized by clients and commands.
To send a request, you only need to import the WAFV2Client and
the commands you need, for example ListAPIKeysCommand:
// ES5 example
const { WAFV2Client, ListAPIKeysCommand } = require("@aws-sdk/client-wafv2");
// ES6+ example
import { WAFV2Client, ListAPIKeysCommand } from "@aws-sdk/client-wafv2";
Usage
To send a request, you:
- Initiate client with configuration (e.g. credentials, region).
- Initiate command with input parameters.
- Call
sendoperation on client with command object as input. - If you are using a custom http handler, you may call
destroy()to close open connections.
// a client can be shared by different commands.
const client = new WAFV2Client({ region: "REGION" });
const params = {
/** input parameters */
};
const command = new ListAPIKeysCommand(params);
Async/await
We recommend using await operator to wait for the promise returned by send operation as follows:
// async/await.
try {
const data = await client.send(command);
// process data.
} catch (error) {
// error handling.
} finally {
// finally.
}
Async-await is clean, concise, intuitive, easy to debug and has better error handling as compared to using Promise chains or callbacks.
Promises
You can also use Promise chaining to execute send operation.
client.send(command).then(
(data) => {
// process data.
},
(error) => {
// error handling.
}
);
Promises can also be called using .catch() and .finally() as follows:
client
.send(command)
.then((data) => {
// process data.
})
.catch((error) => {
// error handling.
})
.finally(() => {
// finally.
});
Callbacks
We do not recommend using callbacks because of callback hell, but they are supported by the send operation.
// callbacks.
client.send(command, (err, data) => {
// process err and data.
});
v2 compatible style
The client can also send requests using v2 compatible style. However, it results in a bigger bundle size and may be dropped in next major version. More details in the blog post on modular packages in AWS SDK for JavaScript
import * as AWS from "@aws-sdk/client-wafv2";
const client = new AWS.WAFV2({ region: "REGION" });
// async/await.
try {
const data = await client.listAPIKeys(params);
// process data.
} catch (error) {
// error handling.
}
// Promises.
client
.listAPIKeys(params)
.then((data) => {
// process data.
})
.catch((error) => {
// error handling.
});
// callbacks.
client.listAPIKeys(params, (err, data) => {
// process err and data.
});
Troubleshooting
When the service returns an exception, the error will include the exception information, as well as response metadata (e.g. request id).
try {
const data = await client.send(command);
// process data.
} catch (error) {
const { requestId, cfId, extendedRequestId } = error.$metadata;
console.log({ requestId, cfId, extendedRequestId });
/**
* The keys within exceptions are also parsed.
* You can access them by specifying exception names:
* if (error.name === 'SomeServiceException') {
* const value = error.specialKeyInException;
* }
*/
}
Getting Help
Please use these community resources for getting help. We use the GitHub issues for tracking bugs and feature requests, but have limited bandwidth to address them.
- Visit Developer Guide or API Reference.
- Check out the blog posts tagged with
aws-sdk-json AWS Developer Blog. - Ask a question on StackOverflow and tag it with
aws-sdk-js. - Join the AWS JavaScript community on gitter.
- If it turns out that you may have found a bug, please open an issue.
To test your universal JavaScript code in Node.js, browser and react-native environments, visit our code samples repo.
Contributing
This client code is generated automatically. Any modifications will be overwritten the next time the @aws-sdk/client-wafv2 package is updated.
To contribute to client you can check our generate clients scripts.
License
This SDK is distributed under the Apache License, Version 2.0, see LICENSE for more information.
Client Commands (Operations List)
AssociateWebACL
CheckCapacity
CreateAPIKey
CreateIPSet
CreateRegexPatternSet
CreateRuleGroup
CreateWebACL
DeleteAPIKey
DeleteFirewallManagerRuleGroups
DeleteIPSet
DeleteLoggingConfiguration
DeletePermissionPolicy
DeleteRegexPatternSet
DeleteRuleGroup
DeleteWebACL
DescribeAllManagedProducts
DescribeManagedProductsByVendor
DescribeManagedRuleGroup
DisassociateWebACL
GenerateMobileSdkReleaseUrl
GetDecryptedAPIKey
GetIPSet
GetLoggingConfiguration
GetManagedRuleSet
GetMobileSdkRelease
GetPermissionPolicy
GetRateBasedStatementManagedKeys
GetRegexPatternSet
GetRuleGroup
GetSampledRequests
GetWebACL
GetWebACLForResource
ListAPIKeys
ListAvailableManagedRuleGroups
ListAvailableManagedRuleGroupVersions
ListIPSets
ListLoggingConfigurations
ListManagedRuleSets
ListMobileSdkReleases
ListRegexPatternSets
ListResourcesForWebACL
ListRuleGroups
ListTagsForResource
ListWebACLs
PutLoggingConfiguration
PutManagedRuleSetVersions
PutPermissionPolicy
TagResource
UntagResource
UpdateIPSet
UpdateManagedRuleSetVersionExpiryDate
UpdateRegexPatternSet
UpdateRuleGroup
UpdateWebACL
FAQs
AWS SDK for JavaScript Wafv2 Client for Node.js, Browser and React Native
The npm package @aws-sdk/client-wafv2 receives a total of 106,372 weekly downloads. As such, @aws-sdk/client-wafv2 popularity was classified as popular.
We found that @aws-sdk/client-wafv2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 09 Jul 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025