markn.ca
Archive Β· Β· 2 min read

AWS WAF Security Automations

AWS Labs has a lot of open source code up on GitHub. This repo contains a solid set of AWS WAF rules for common web-based attacks.

AWS WAF Security Automations

AWS Labs has a lot of open source code up on GitHub. This repo contains a solid set of AWS WAF rules for common web-based attacks.

AWS WAF Security Automations creates some simple rules for common attacks that really should be part of the default offering for AWS WAF. But they aren’t, which makes this repo extremely useful.

I call out a few more details in the Twitter thread below…

Tweet 1/9 πŸ‘‡ Next tweet

let's look at this repo full of @awscloud WAF #security automations the repo is up at https://github.com/awslabs/aws-waf-security-automations and it contains a set of WAF rules to filter out common web-based attacks 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 2/9 πŸ‘‡ Next tweet πŸ‘† Start

this thread is available unrolled at https://t.co/Za14IqWUud my last thread on Gluon Time Series 🧠 models is spat https://markn.ca/2021/gluon-ts/ 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 3/9 πŸ‘‡ Next tweet πŸ‘† Start

AWS WAF, https://aws.amazon.com/waf/, is a bit controversial. it's more of a skeleton than other @awscloud services. basically providing you with a framework that you have to build out before it's useful 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 4/9 πŸ‘‡ Next tweet πŸ‘† Start

you create a web access control list or WACL (awesome name), then add rules and resources that are a target (a/k/a where the traffic goes) so it'll go: internet > WAF > [ CloudFront | API Gateway | ALB | AppSync ] 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 5/9 πŸ‘‡ Next tweet πŸ‘† Start

the idea is that WAF drops the bad stuff. but there are no rules in place by default this is the biggest failing of the service. now, you can buy a set of managed rules from APN partners or load up your own this repo, has a set that you can load 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 6/9 πŸ‘‡ Next tweet πŸ‘† Start

....honestly, they should be available in the services as a one-click option. that would reduce customer friction and provide some protection out of the box (though WAF does have other features like IP access control and Bot Control) 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 7/9 πŸ‘‡ Next tweet πŸ‘† Start

back to the repo, the rules in the repo provide some basic protections again SQL injection attacks, scanning/probing, cross-site scripting, flood attacks, and other attack techniques it's not fool proof but they are solid rules 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 8/9 πŸ‘‡ Next tweet πŸ‘† Start

now, usually I'd go easy here and say that repos like this are a FANTASTIC way to test new functionality and customer demand before rolling it into the product however, this repo launched in 2016 and was last updated here in Sep/2021 🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

Tweet 9/9 πŸ‘‡ Next tweet πŸ‘† Start

so, these are obviously useful and well used. that's why I wanted to highlight this repo if you think WAF might help improve your security posture and you don't want to go the managed rule route, this will help get your started /🧡☁️ #cloud #devops

@marknca tweeted at 16-Nov-2021, 19:33

πŸ‘† Start

Share Tweet Share Share Email

Read next