search

mikesouza / serverless-associate-waf

Associate a regional WAF with the AWS API Gateway used by your Serverless stack.
MIT License
28 stars 17 forks source link

Usage #6

Closed davidfarinha closed 4 years ago

davidfarinha commented 5 years ago

Hello, I'm wondering what value exactly I need to provide as "myRegionalWaf". For reference- I have the following configuration:

custom:
  associateWaf:
    name: myRegionalWaf
resources:
  Resources:
    WebACL:
      Type: "AWS::WAF::WebACL"
      Properties:
        DefaultAction:
          Type: BLOCK
        MetricName: "TrustedIPs"
        Name: "WebACLTrustedIps"
        Rules:
          - Action:
              Type: ALLOW
            Priority: 1
            RuleId: {Ref: WAFRule}
    WAFRule:
      Type: "AWS::WAF::Rule"
      Properties:
        Name: "IPSetRuleWhitelistedIps"
        MetricName: "MyIPSetRule"
        Predicates:
          - DataId: {Ref: WAFIpSet}
            Negated: false
            Type: "IPMatch"
    WAFIpSet:
      Type: "AWS::WAF::IPSet"
      Properties:
        IPSetDescriptors:
          - Type: "IPV4"
            Value: "xxxxxxxx/32"
        Name: "IPSetWhitelistedIps"

@MikeSouza @vasudevan-palani

mikesouza commented 5 years ago

You provide the name of the region WAF Web ACL as displayed in AWS Console. Do not specify the Web ACL ID.

On Fri, May 10, 2019 at 9:53 AM David Andre Evans Farinha < notifications@github.com> wrote:

Hello, I'm wondering what value exactly I need to provide as "myRegionalWaf". For reference- I have the following configuration:

custom: associateWaf: name: myRegionalWafresources: Resources: WebACL: Type: "AWS::WAF::WebACL" Properties: DefaultAction: Type: BLOCK MetricName: "TrustedIPs" Name: "WebACLTrustedIps" Rules:

  • Action: Type: ALLOW Priority: 1 RuleId: {Ref: WAFRule} WAFRule: Type: "AWS::WAF::Rule" Properties: Name: "IPSetRuleWhitelistedIps" MetricName: "MyIPSetRule" Predicates:
  • DataId: {Ref: WAFIpSet} Negated: false Type: "IPMatch" WAFIpSet: Type: "AWS::WAF::IPSet" Properties: IPSetDescriptors:
  • Type: "IPV4" Value: "xxxxxxxx/32" Name: "IPSetWhitelistedIps"

@MikeSouza https://github.com/MikeSouza @vasudevan-palani https://github.com/vasudevan-palani

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MikeSouza/serverless-associate-waf/issues/6, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYLNEEH7IZXVR3FBMSPKLPUV453ANCNFSM4HMDGDPA .

mikesouza commented 5 years ago

In your example it would be: WebACLTrustedIps

On Fri, May 10, 2019 at 10:09 AM Michael Souza contact@michael-souza.com wrote:

You provide the name of the region WAF Web ACL as displayed in AWS Console. Do not specify the Web ACL ID.

On Fri, May 10, 2019 at 9:53 AM David Andre Evans Farinha < notifications@github.com> wrote:

Hello, I'm wondering what value exactly I need to provide as "myRegionalWaf". For reference- I have the following configuration:

custom: associateWaf: name: myRegionalWafresources: Resources: WebACL: Type: "AWS::WAF::WebACL" Properties: DefaultAction: Type: BLOCK MetricName: "TrustedIPs" Name: "WebACLTrustedIps" Rules:

  • Action: Type: ALLOW Priority: 1 RuleId: {Ref: WAFRule} WAFRule: Type: "AWS::WAF::Rule" Properties: Name: "IPSetRuleWhitelistedIps" MetricName: "MyIPSetRule" Predicates:
  • DataId: {Ref: WAFIpSet} Negated: false Type: "IPMatch" WAFIpSet: Type: "AWS::WAF::IPSet" Properties: IPSetDescriptors:
  • Type: "IPV4" Value: "xxxxxxxx/32" Name: "IPSetWhitelistedIps"

@MikeSouza https://github.com/MikeSouza @vasudevan-palani https://github.com/vasudevan-palani

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/MikeSouza/serverless-associate-waf/issues/6, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHYLNEEH7IZXVR3FBMSPKLPUV453ANCNFSM4HMDGDPA .

davidfarinha commented 5 years ago

@MikeSouza Great thanks for the swift response! I'll test this out and close, cheers