Skip to content

Latest commit

 

History

History
36 lines (28 loc) · 2.15 KB

Deployment.md

File metadata and controls

36 lines (28 loc) · 2.15 KB
Raw

🛡️ Deployment

⚙️ Prerequisites

  1. Organizations trusted access with Firewall Manager

  2. Taskfile

  3. AWS CDK

  4. Sops

  5. cfn-dia

  6. Invoke npm i to install dependencies

  7. ⚠️ Before installing a stack to your aws account using aws cdk you need to prepare the account using a cdk bootstrap

  8. (Optional) If you want to use CloudWatch Dashboards - You need to enable your target accounts to share CloudWatch data with the central security account follow this to see how to do it.

  9. (Optional) If you want to use the UnutilizedWafs Feature - You need to enable your target accounts with a Cross Account Role - You can find an example CfnTemplate you can use here.

  10. Assume AWS Profile awsume PROFILENAME

  11. (Optional) Enter task generateprerequisitesconfig

Parameter Value
Prefix Prefix for all Resources
BucketName [^1] Name of the S3 Bucket
KmsEncryptionKey true or false
ObjectLock - Days [^1] A period of Days for ObjectLock
ObjectLock - Mode [^1] COMPLIANCE or GOVERNANCE
FireHoseKey - KeyAlias [^1] Alias for Key
CrossAccountIdforPermissions [^1] Id of AWS Account for CrossAccount Permission for Bucket and KMS Key(s)
  1. Enter task deploy config=NAMEOFYOURCONFIGFILE prerequisite=true

🏁 Deployment via Taskfile

  1. Create new ts file for you WAF and configure Rules in the Configuration (see owasptopten.ts to see structure) or use enter task generate-waf-skeleton

  2. Assume AWS Profile awsume / assume PROFILENAME

  3. (Optional) Enter task generate-waf-skeleton

  4. Enter task deploy config=NAMEOFYOURCONFIGFILE