Skip to content
Amazon WAF Security Automation deployment (modular with Terraform)
Branch: master
ventz Merge pull request #7 from interisti/patch-1
Fix for missing `ApiGatewayBadBotIntegration` resource dependency.
Latest commit 026f6f8 Oct 25, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
files Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
.template.main.tf Moved the TF amazon credential config to it's own file in order to si… Jul 11, 2017
LICENSE Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
README.md Moved the TF amazon credential config to it's own file in order to si… Jul 11, 2017
VERSION Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
amazon-cred-file.tf Moved the TF amazon credential config to it's own file in order to si… Jul 11, 2017
apigatewaybadbot.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
apigatewaybadbotmethod.tf fix #1 Oct 24, 2018
lambdainvokepermissionbadbot.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdainvokepermissionlogparser.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdainvokepermissionreputationlistsparser.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdarolebadbot.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdarolecustomresource.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdarolelogparser.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdarolereputationlistsparser.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdawafbadbotparserfunction.tf Added an unique Lambda WAF s3 bucket per customer/project. This way i… Jul 11, 2017
lambdawafcustomresourcefunction.tf Added an unique Lambda WAF s3 bucket per customer/project. This way i… Jul 11, 2017
lambdawaflogparserfunction.tf Added an unique Lambda WAF s3 bucket per customer/project. This way i… Jul 11, 2017
lambdawaflogparsers3notification.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdawafreputationlistsparsereventsrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
lambdawafreputationlistsparserfunction.tf Added an unique Lambda WAF s3 bucket per customer/project. This way i… Jul 11, 2017
solutionhelper.tf Added an unique Lambda WAF s3 bucket per customer/project. This way i… Jul 11, 2017
solutionhelperrole.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
waf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafautoblockrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafautoblockset.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafbadbotrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafbadbotset.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafblacklistrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafblacklistset.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafipreputationlistsrule1.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafipreputationlistsrule2.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
waflambdafiles.tf Added an unique Lambda WAF s3 bucket per customer/project. This way i… Jul 11, 2017
wafreputationlistsset1.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafreputationlistsset2.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafsqlinjectiondetection.tf Fixed description typo, and modified the sql injection rule creation … Jul 11, 2017
wafsqlinjectionrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafwebacl.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafwhitelistrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafwhitelistset.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017
wafxssdetection.tf Fixed description typo, and modified the sql injection rule creation … Jul 11, 2017
wafxssrule.tf Public Release of project under Apache 2.0 License. Wrapping up 19 pr… May 30, 2017

README.md

AWS WAF Security Automation - modular with Terraform

For more info/help, contact us: support@cerbo.io (http://cerbo.io)

This provides a modular way to deploy the WAF Reference Architecture (see bellow for image) The key things about this (and comparison with the official Amazon Cloud Formation) are:

  • It is ridiculously fast - 6-8x faster than Amazon's Cloud Formation method
  • It provides roll-back, undo, recovery, and clean delete abilities - all automatically
  • It is modular (with Terraform)! This is extremely important. Any component can be replaced, extended, or integrated with something else. You can very easily re-purpose all of this (or any part) for a different AWS Automation project/purpose.

Getting Started is very simple

First: Edit "amazon-cred-file.tf", and point to your AWS cred file.

Then, for each project/customer's CDN S3 bucket, run:



% ./waf --help
Usage: ./waf <customer> <s3-logs-bucket> <command>

<command> Options:
    create = create a new WAF setup for <customer>
    delete = delete a given <customer> WAF setup

Example: ./waf cerbo s3-bucket-name create
Example: ./waf customer01 s3-bucket-name delete

WAF Reference Architecture:

https://d0.awsstatic.com/aws-answers/answers-images/waf-solution-architecture.png

Documentation on WAF Security Automation:

http://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/architecture.html

Amazon WAF 4 Steps to customization:

http://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/deployment.html

Amazon's WAF Security Lambdas (latest via GitHub):

https://github.com/awslabs/aws-waf-security-automations

Cloud Formation for WAF Reference Architecture:

LICENSE

Copyright 2016 Cerbo.IO, LLC.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
You can’t perform that action at this time.