The intention of this document is to provide a clear documentation about the artifacts created to deploy AWS WAF and its configuration using Terraform as IaC provider.ĪWS Firewall Manager WAF policy with account and resource scopeĬentralized logging configuration for AWS WAF Web ACLsĪutomation of AWS WAF IP set with CloudFront IP addresses and AWS WAF IP ruleĬreation of AWS WAF custom rules (XSS, Regex, IP set, SQLi, Rate based)ĪWS Managed Bot rules are used as an exampleĪWS WAF Rate based rule deployed with AWS Firewall Managerģ types of logging configuration: 1) Kinesis -> S3, 2) Kinesis -> (cross account) S3 -> ES (private in VPC) and 3) Kinesis->lambda->ES->Kibana in the same account Architecture We are going to set up a simple ACL, that has one rule, consisting of two conditions.Check documentation under the folder /documentation. The WAF interface provides a wizard which does make setup quite quick and easy, but we decided to use Terraform to be consistent with the rest of our infrastructure. In our case, we wanted to use the WAF prevent the consumption of excess resources due to a high volume of bot traffic coming to a specific endpoint. Your rules are compiled into an access-control list (ACL), which you attach to either Cloudfront, or a load balancer.Rate-based rules block or allow requests matching it’s conditions, based on the amount of matching requests received in a five minute period. Standard can be configured to block or allow requests matching it’s conditions.
You create rules based off of a singular, or multiple, conditions.Such as a string match for a user agent, an IP match, or for the presence of dodgy SQL. You create specific conditions to be run against an incoming request.Known to our team as ‘The Woff’ (like a knock-off version of ‘The Hoff’, a mispronunciation of it’s acronym), Amazon’s Web Application Firewall (WAF) is by AWS standards very quick and simple to set up.
0 kommentar(er)
