Skip to content
/ aws-waf-security-automation Public

Amazon WAF Security Automation deployment (modular with Terraform)

License

Apache-2.0 license
73 stars 28 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cerbo/aws-waf-security-automation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
files
files
 
 
.template.main.tf
.template.main.tf
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
amazon-cred-file.tf
amazon-cred-file.tf
 
 
apigatewaybadbot.tf
apigatewaybadbot.tf
 
 
apigatewaybadbotmethod.tf
apigatewaybadbotmethod.tf
 
 
lambdainvokepermissionbadbot.tf
lambdainvokepermissionbadbot.tf
 
 
lambdainvokepermissionlogparser.tf
lambdainvokepermissionlogparser.tf
 
 
lambdainvokepermissionreputationlistsparser.tf
lambdainvokepermissionreputationlistsparser.tf
 
 
lambdarolebadbot.tf
lambdarolebadbot.tf
 
 
lambdarolecustomresource.tf
lambdarolecustomresource.tf
 
 
lambdarolelogparser.tf
lambdarolelogparser.tf
 
 
lambdarolereputationlistsparser.tf
lambdarolereputationlistsparser.tf
 
 
lambdawafbadbotparserfunction.tf
lambdawafbadbotparserfunction.tf
 
 
lambdawafcustomresourcefunction.tf
lambdawafcustomresourcefunction.tf
 
 
lambdawaflogparserfunction.tf
lambdawaflogparserfunction.tf
 
 
lambdawaflogparsers3notification.tf
lambdawaflogparsers3notification.tf
 
 
lambdawafreputationlistsparsereventsrule.tf
lambdawafreputationlistsparsereventsrule.tf
 
 
lambdawafreputationlistsparserfunction.tf
lambdawafreputationlistsparserfunction.tf
 
 
solutionhelper.tf
solutionhelper.tf
 
 
solutionhelperrole.tf
solutionhelperrole.tf
 
 
waf
waf
 
 
wafautoblockrule.tf
wafautoblockrule.tf
 
 
wafautoblockset.tf
wafautoblockset.tf
 
 
wafbadbotrule.tf
wafbadbotrule.tf
 
 
wafbadbotset.tf
wafbadbotset.tf
 
 
wafblacklistrule.tf
wafblacklistrule.tf
 
 
wafblacklistset.tf
wafblacklistset.tf
 
 
wafipreputationlistsrule1.tf
wafipreputationlistsrule1.tf
 
 
wafipreputationlistsrule2.tf
wafipreputationlistsrule2.tf
 
 
waflambdafiles.tf
waflambdafiles.tf
 
 
wafreputationlistsset1.tf
wafreputationlistsset1.tf
 
 
wafreputationlistsset2.tf
wafreputationlistsset2.tf
 
 
wafsqlinjectiondetection.tf
wafsqlinjectiondetection.tf
 
 
wafsqlinjectionrule.tf
wafsqlinjectionrule.tf
 
 
wafwebacl.tf
wafwebacl.tf
 
 
wafwhitelistrule.tf
wafwhitelistrule.tf
 
 
wafwhitelistset.tf
wafwhitelistset.tf
 
 
wafxssdetection.tf
wafxssdetection.tf
 
 
wafxssrule.tf
wafxssrule.tf
 
 

Repository files navigation

AWS WAF Security Automation - modular with Terraform

For more info/help, contact us: [email protected] (http://cerbo.io)

This provides a modular way to deploy the WAF Reference Architecture (see bellow for image) The key things about this (and comparison with the official Amazon Cloud Formation) are:

  • It is ridiculously fast - 6-8x faster than Amazon's Cloud Formation method
  • It provides roll-back, undo, recovery, and clean delete abilities - all automatically
  • It is modular (with Terraform)! This is extremely important. Any component can be replaced, extended, or integrated with something else. You can very easily re-purpose all of this (or any part) for a different AWS Automation project/purpose.

Getting Started is very simple

First: Edit "amazon-cred-file.tf", and point to your AWS cred file.

Then, for each project/customer's CDN S3 bucket, run:



% ./waf --help
Usage: ./waf <customer> <s3-logs-bucket> <command>

<command> Options:
    create = create a new WAF setup for <customer>
    delete = delete a given <customer> WAF setup

Example: ./waf cerbo s3-bucket-name create
Example: ./waf customer01 s3-bucket-name delete

WAF Reference Architecture:

https://d0.awsstatic.com/aws-answers/answers-images/waf-solution-architecture.png

Documentation on WAF Security Automation:

http://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/architecture.html

Amazon WAF 4 Steps to customization:

http://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/deployment.html

Amazon's WAF Security Lambdas (latest via GitHub):

https://github.com/awslabs/aws-waf-security-automations

Cloud Formation for WAF Reference Architecture:

LICENSE

Copyright 2016 Cerbo.IO, LLC.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

Amazon WAF Security Automation deployment (modular with Terraform)

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

73 stars

Watchers

12 watching

Forks

28 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages