-
Invoke
npm i
to install dependencies -
⚠️ Before installing a stack to your aws account using aws cdk you need to prepare the account using a cdk bootstrap -
(Optional) If you want to use CloudWatch Dashboards - You need to enable your target accounts to share CloudWatch data with the central security account follow this to see how to do it.
-
(Optional) If you want to use the UnutilizedWafs Feature - You need to enable your target accounts with a Cross Account Role - You can find an example CfnTemplate you can use here.
-
Assume AWS Profile
awsume PROFILENAME
-
(Optional) Enter
task generateprerequisitesconfig
Parameter | Value |
---|---|
Prefix | Prefix for all Resources |
BucketName [^1] | Name of the S3 Bucket |
KmsEncryptionKey | true or false |
ObjectLock - Days [^1] | A period of Days for ObjectLock |
ObjectLock - Mode [^1] | COMPLIANCE or GOVERNANCE |
FireHoseKey - KeyAlias [^1] | Alias for Key |
CrossAccountIdforPermissions [^1] | Id of AWS Account for CrossAccount Permission for Bucket and KMS Key(s) |
- Enter
task deploy config=NAMEOFYOURCONFIGFILE prerequisite=true
-
Create new ts file for you WAF and configure Rules in the Configuration (see owasptopten.ts to see structure) or use enter
task generate-waf-skeleton
-
Assume AWS Profile
awsume / assume PROFILENAME
-
(Optional) Enter
task generate-waf-skeleton
-
Enter
task deploy config=NAMEOFYOURCONFIGFILE