Lambda function for populating IP reputation list not necessary for WAFv2, manged rule can be used istead

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

843 stars 361 forks source link

Lambda function for populating IP reputation list not necessary for WAFv2, manged rule can be used istead #151

Closed obounaim closed 3 years ago

obounaim commented 4 years ago

Deploying the Lambda function to populate the IP reputation list is no longer necessary for WAFv2 This Lambda should be replaced with the manged rule named : AWSManagedRulesAmazonIpReputationList

https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html

aijunpeng commented 3 years ago

Thanks for submitting the ticket. It would be nice to simplify the solution, however since the WAF service managed rule and WAF solution use different sources to populate reputation list we would still need the reputation list function in the solution.

gavinclarkeuk commented 3 years ago

Just out of interest - why have different sources for what is apparently the same thing? Sounds like you would always want both in a robust solution, but it might not be obvious to people deploying this solution that they should also deploy the managed rule