Security Cloud Courses About

AWS WAF Security Automations

AWS Labs has a lot of open source code up on GitHub. This repo contains a solid set of AWS WAF rules for common web-based attacks.

AWS WAF Security Automations creates some simple rules for common attacks that really should be part of the default offering for AWS WAF. But they aren’t, which makes this repo extremely useful.

I call out a few more details in the Twitter thread below…

Tweet 1/9 ๐Ÿ‘‡ Next tweet

let's look at this repo full of @awscloud WAF #security automations

the repo is up at and it contains a set of WAF rules to filter out common web-based attacks

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 2/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

this thread is available unrolled at

my last thread on Gluon Time Series ๐Ÿง  models is spat

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 3/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

AWS WAF,, is a bit controversial. it's more of a skeleton than other @awscloud services. basically providing you with a framework that you have to build out before it's useful

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 4/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

you create a web access control list or WACL (awesome name), then add rules and resources that are a target (a/k/a where the traffic goes)

so it’ll go:

internet > WAF > [ CloudFront | API Gateway | ALB | AppSync ]

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 5/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

the idea is that WAF drops the bad stuff. but there are no rules in place by default

this is the biggest failing of the service. now, you can buy a set of managed rules from APN partners or load up your own

this repo, has a set that you can load

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 6/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

....honestly, they should be available in the services as a one-click option. that would reduce customer friction and provide some protection out of the box

(though WAF does have other features like IP access control and Bot Control)

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 7/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

back to the repo, the rules in the repo provide some basic protections again SQL injection attacks, scanning/probing, cross-site scripting, flood attacks, and other attack techniques

it’s not fool proof but they are solid rules

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 8/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

now, usually I'd go easy here and say that repos like this are a FANTASTIC way to test new functionality and customer demand before rolling it into the product

however, this repo launched in 2016 and was last updated here in Sep/2021

๐Ÿงตโ˜๏ธ #cloud #devops

Tweet 9/9 ๐Ÿ‘‡ Next tweet ๐Ÿ‘† Start

so, these are obviously useful and well used. that's why I wanted to highlight this repo

if you think WAF might help improve your security posture and you don’t want to go the managed rule route, this will help get your started

/๐Ÿงตโ˜๏ธ #cloud #devops