How to implement WAF on Greengrass devices?

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

837 stars 359 forks source link

How to implement WAF on Greengrass devices? #207

Closed sandeepmohanadasan closed 2 years ago

sandeepmohanadasan commented 2 years ago

Hi Team, I want to implement a Firewall on API Gateway to allow requests based on the CIDR block string. I have noted that we can allow /block based on the IP range on the AWS WAF service.

Is there any better way to allow only from the devices from a Greengrass group?

aijunpeng commented 2 years ago

Thanks for opening the issue. I am not that familiar with Greengrass, but you can try by adding IPs for the devices to the Allowed IP set (created by the WAF Security Automations solution), and add any IPs that are out of the allowed IP range to the Denied IP set.