This repository contains example scripts and sets of rules for the AWS WAF service. Please be aware that the applicability of these examples to specific workloads may vary.
MIT No Attribution
512
stars
225
forks
source link
Usage Question - Multi S3 Buckets or only 1 for DEV and PROD sites? #24
I have a question around this solution in terms of separation of endpoints, s3 buckets and WAF rules.
Example:
If I have 2 separate domain names and 2 separate clouldfront instance that share the same WAF Name/ rules and s3 bucket, does that mean if someone is hitting api.dev.abc.com hard and it triggers the lambda function to block the IP, would this also affect all domains sharing the same WAF rules and s3 log bucket? Assuming I didn't want this behaviour would I have to create an s3 access log bucket for each domain and separate WAF rules for each or just a separate WAF rule for each domain and attach the different WAF name/rule to each cloudfront instance?
I noticed that if I configure the same bucket name, that inside the bucket it creates separate folders based on the domain name (which is good), but is the lambda function using teh domain name to determine which endpoint to disable? How does it know which WAF name to update?
I have a question around this solution in terms of separation of endpoints, s3 buckets and WAF rules.
Example: If I have 2 separate domain names and 2 separate clouldfront instance that share the same WAF Name/ rules and s3 bucket, does that mean if someone is hitting api.dev.abc.com hard and it triggers the lambda function to block the IP, would this also affect all domains sharing the same WAF rules and s3 log bucket? Assuming I didn't want this behaviour would I have to create an s3 access log bucket for each domain and separate WAF rules for each or just a separate WAF rule for each domain and attach the different WAF name/rule to each cloudfront instance?
I noticed that if I configure the same bucket name, that inside the bucket it creates separate folders based on the domain name (which is good), but is the lambda function using teh domain name to determine which endpoint to disable? How does it know which WAF name to update?