Skip to content
A workshop about AWS WAF Classic and the WAF Security Automations Solution
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
ci Add travis, lint some cfn, integrate cfn-publish Sep 27, 2019
docs
templates Remove WIP banner Oct 25, 2019
.gitignore Fix Outputs in main stack Sep 27, 2019
.travis.yml
CODE_OF_CONDUCT.md Initial commit Sep 26, 2019
CONTRIBUTING.md
LICENSE Initial commit Sep 26, 2019
README.md Update README.md Dec 10, 2019
cfn-publish.config
requirements.txt

README.md

AWS WAF workshop

⚠️ This workshop uses AWS WAF Classic

A workshop about AWS WAF and the WAF Security Automations Solution

Introduction

This workshop introduces AWS WAF and the AWS WAF Security Automations solution.

The AWS WAF enables customers to create rules to block common attack patterns, administered via APIs. The Security Automation Solution extends WAF by deploying a set of preconfigured rules to protect applications. These rules can be customised for your application.

Learning Objectives

  • Understand the built in functionality provided by AWS WAF
  • Understand how the Security Automation Solution extends AWS WAF
  • Understand how to configure the Security Automation Solution

Prerequisites

To complete this workshop you will require the following:

  • An AWS Account.
    • If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions
  • Your access to the AWS account must have IAM permissions to launch AWS CloudFormation templates that create IAM roles.

Contents

Step 0 - Deploy the Cloudformation Stacks

In step 0 you will deploy the AWS resources required for later steps of the workshop.

Step 1 - Getting Started with AWS WAF Security Automations Solution

In step 1 you will set up the AWS WAF with an example web application and explore how the AWS WAF Security Automation Solution blocks three common types of attack.

  • SQL Injection & Cross Site Scripting
  • HTTP Flood
  • Scanners and Probes

Step 2 - Customising and extending AWS WAF Security Automations Solution

In step 2 you will customise the rules and settings of the the AWS WAF Security Automation Solution.

Step 3 - Optional Extensions

Step 3 contains two optional extensions to the workshop.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

You can’t perform that action at this time.