Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

yandex_sws_advanced_rate_limiter_profile (Resource)

Written by
Updated at September 11, 2025

Creates an SWS Advanced Rate Limiter (ARL) profile in the specified folder. For more information, see the official documentation.

Example usage

//
// Create a new SWS Advanced Rate Limiter Profile.
//
resource "yandex_sws_advanced_rate_limiter_profile" "demo-profile" {
  name = "demo-profile"

  advanced_rate_limiter_rule {
    name        = "rule1"
    priority    = 10
    description = "First test rule"
    dry_run     = true

    static_quota {
      action = "DENY"
      limit  = 10000000
      period = 1
      condition {
        request_uri {
          path {
            exact_match = "/api"
          }
        }
      }
    }
  }
}

Schema

Optional

  • advanced_rate_limiter_rule (Block List) List of rules.

Warning

Exactly one rule specifier: static_quota or dynamic_quota should be specified. (see below for nested schema)

  • cloud_id (String) The Cloud ID which resource belongs to. If it is not provided, the default provider cloud-id is used.
  • description (String) The resource description.
  • folder_id (String) The folder identifier that resource belongs to. If it is not provided, the default provider folder-id is used.
  • labels (Map of String) A set of key/value label pairs which assigned to resource.
  • name (String) The resource name.
  • timeouts (Block, Optional) (see below for nested schema)

Read-Only

  • created_at (String) The creation timestamp of the resource.
  • id (String) The ID of this resource.

Nested Schema for advanced_rate_limiter_rule

Optional:

  • description (String) Description of the rule. 0-512 characters long.
  • dry_run (Boolean) This allows you to evaluate backend capabilities and find the optimum limit values. Requests will not be blocked in this mode.
  • dynamic_quota (Block List, Max: 1) Dynamic quota. Grouping requests by a certain attribute and limiting the number of groups. (see below for nested schema)
  • name (String) Name of the rule. The name is unique within the ARL profile. 1-50 characters long.
  • priority (Number) Determines the priority in case there are several matched rules. Enter an integer within the range of 1 and 999999. The rule priority must be unique within the entire ARL profile. A lower numeric value means a higher priority.
  • static_quota (Block List, Max: 1) Static quota. Counting each request individually. (see below for nested schema)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota

Optional:

  • action (String) Action in case of exceeding this quota. Possible values: DENY.
  • characteristic (Block List) List of characteristics.

Warning

Exactly one characteristic specifier: simple_characteristic or key_characteristic should be specified. (see below for nested schema)

  • condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)
  • limit (Number) Desired maximum number of requests per period.
  • period (Number) Period of time in seconds.

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.characteristic

Optional:

  • case_insensitive (Boolean) Determines case-sensitive or case-insensitive keys matching.
  • key_characteristic (Block List, Max: 1) Characteristic based on key match in the Query params, HTTP header, and HTTP cookie attributes. See Rules for more details. (see below for nested schema)
  • simple_characteristic (Block List, Max: 1) Characteristic automatically based on the Request path, HTTP method, IP address, Region, and Host attributes. See Rules for more details. (see below for nested schema)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.characteristic.key_characteristic

Optional:

  • type (String) Type of key characteristic. Possible values: COOKIE_KEY, HEADER_KEY, QUERY_KEY.
  • value (String) String value of the key.

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.characteristic.simple_characteristic

Optional:

  • type (String) Type of simple characteristic. Possible values: REQUEST_PATH, HTTP_METHOD, IP, GEO, HOST.

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition

Optional:

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.authority

Optional:

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.authority.authorities

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.headers

Required:

Optional:

  • name (String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.headers.value

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.http_method

Optional:

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.http_method.http_methods

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.request_uri

Optional:

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.request_uri.path

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.request_uri.queries

Required:

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.request_uri.queries.value

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.source_ip

Optional:

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.source_ip.geo_ip_match

Optional:

  • locations (List of String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.source_ip.geo_ip_not_match

Optional:

  • locations (List of String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.source_ip.ip_ranges_match

Optional:

  • ip_ranges (List of String)

Nested Schema for advanced_rate_limiter_rule.dynamic_quota.condition.source_ip.ip_ranges_not_match

Optional:

  • ip_ranges (List of String)

Nested Schema for advanced_rate_limiter_rule.static_quota

Optional:

  • action (String) Action in case of exceeding this quota. Possible values: DENY.
  • condition (Block List, Max: 1) The condition for matching the rule. You can find all possibilities of condition in gRPC specs. (see below for nested schema)
  • limit (Number) Desired maximum number of requests per period.
  • period (Number) Period of time in seconds.

Nested Schema for advanced_rate_limiter_rule.static_quota.condition

Optional:

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.authority

Optional:

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.authority.authorities

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.headers

Required:

Optional:

  • name (String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.headers.value

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.http_method

Optional:

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.http_method.http_methods

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.request_uri

Optional:

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.request_uri.path

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.request_uri.queries

Required:

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.request_uri.queries.value

Optional:

  • exact_match (String)
  • exact_not_match (String)
  • pire_regex_match (String)
  • pire_regex_not_match (String)
  • prefix_match (String)
  • prefix_not_match (String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.source_ip

Optional:

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.source_ip.geo_ip_match

Optional:

  • locations (List of String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.source_ip.geo_ip_not_match

Optional:

  • locations (List of String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.source_ip.ip_ranges_match

Optional:

  • ip_ranges (List of String)

Nested Schema for advanced_rate_limiter_rule.static_quota.condition.source_ip.ip_ranges_not_match

Optional:

  • ip_ranges (List of String)

Nested Schema for timeouts

Optional:

  • create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
  • delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
  • read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
  • update (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Import

The resource can be imported by using their resource ID. For getting the resource ID you can use Yandex Cloud Web Console or YC CLI.

# terraform import yandex_sws_advanced_rate_limiter_profile.<resource Name> <resource Id>
terraform import yandex_sws_advanced_rate_limiter_profile.demo-profile ...
Previous
sws_waf_rule_set_descriptor
Next
sws_security_profile