Skip to content
This repository was archived by the owner on Oct 7, 2022. It is now read-only.
/ aws-waf-security-automation Public archive
forked from cerbo/aws-waf-security-automation

Amazon WAF Security Automation deployment (modular with Terraform)

License

Apache-2.0 license
0 stars 27 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TradeRev/aws-waf-security-automation

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
files
files
 
 
CloudfrontAccessLogS3Bucket.tf
CloudfrontAccessLogS3Bucket.tf
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
WAFBrokenAuthSessionManageRule.tf
WAFBrokenAuthSessionManageRule.tf
 
 
WAFBrokenAuthSessionManageSet.tf
WAFBrokenAuthSessionManageSet.tf
 
 
apigatewaybadbot.tf
apigatewaybadbot.tf
 
 
apigatewaybadbotmethod.tf
apigatewaybadbotmethod.tf
 
 
inline-policy.json
inline-policy.json
 
 
kinesis_iam.tf
kinesis_iam.tf
 
 
kinesis_s3.tf
kinesis_s3.tf
 
 
kinesisfirehose.tf
kinesisfirehose.tf
 
 
lambdainvokepermissionbadbot.tf
lambdainvokepermissionbadbot.tf
 
 
lambdainvokepermissionlogparser.tf
lambdainvokepermissionlogparser.tf
 
 
lambdainvokepermissionreputationlistsparser.tf
lambdainvokepermissionreputationlistsparser.tf
 
 
lambdarolebadbot.tf
lambdarolebadbot.tf
 
 
lambdarolecustomresource.tf
lambdarolecustomresource.tf
 
 
lambdarolelogparser.tf
lambdarolelogparser.tf
 
 
lambdarolereputationlistsparser.tf
lambdarolereputationlistsparser.tf
 
 
lambdawafbadbotparserfunction.tf
lambdawafbadbotparserfunction.tf
 
 
lambdawafcustomresourcefunction.tf
lambdawafcustomresourcefunction.tf
 
 
lambdawaflogparserfunction.tf
lambdawaflogparserfunction.tf
 
 
lambdawaflogparsers3notification.tf
lambdawaflogparsers3notification.tf
 
 
lambdawafreputationlistsparsereventsrule.tf
lambdawafreputationlistsparsereventsrule.tf
 
 
lambdawafreputationlistsparserfunction.tf
lambdawafreputationlistsparserfunction.tf
 
 
main.tf
main.tf
 
 
solutionhelper.tf
solutionhelper.tf
 
 
solutionhelperrole.tf
solutionhelperrole.tf
 
 
terraform.tfstate
terraform.tfstate
 
 
terraform.tfstate.backup
terraform.tfstate.backup
 
 
variables.tf
variables.tf
 
 
wafautoblockrule.tf
wafautoblockrule.tf
 
 
wafautoblockset.tf
wafautoblockset.tf
 
 
wafbadbotrule.tf
wafbadbotrule.tf
 
 
wafbadbotset.tf
wafbadbotset.tf
 
 
wafblacklistrule.tf
wafblacklistrule.tf
 
 
wafblacklistset.tf
wafblacklistset.tf
 
 
wafcloudwatchalarm.tf
wafcloudwatchalarm.tf
 
 
wafhttpfloodrule.tf
wafhttpfloodrule.tf
 
 
wafipreputationlistsrule1.tf
wafipreputationlistsrule1.tf
 
 
wafipreputationlistsrule2.tf
wafipreputationlistsrule2.tf
 
 
wafreputationlistsset1.tf
wafreputationlistsset1.tf
 
 
wafreputationlistsset2.tf
wafreputationlistsset2.tf
 
 
wafsns.tf
wafsns.tf
 
 
wafsqlinjectiondetection.tf
wafsqlinjectiondetection.tf
 
 
wafsqlinjectionrule.tf
wafsqlinjectionrule.tf
 
 
wafwebacl.tf
wafwebacl.tf
 
 
wafwhitelistrule.tf
wafwhitelistrule.tf
 
 
wafwhitelistset.tf
wafwhitelistset.tf
 
 
wafxssdetection.tf
wafxssdetection.tf
 
 
wafxssrule.tf
wafxssrule.tf
 
 

Repository files navigation

AWS WAF Security Automation - modular with Terraform

This terraform code is the converted code from a Cloudformation template created by Amazon.

alt text

Follow the links below for more information: https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/template.html https://github.com/awslabs/aws-waf-security-automations

Changes made

Add a Brute Force Authentication rule Added cloudwatch alarms for all rules (Exception whitelist) that will be triggered if a certain threshold is hit:

WAF Rule Threshold
Blacklist 5 hits in 5 minutes
HTTP Flood 2000 hits in 5 minutes
Scan Probes 5 hits in one day
Reputation list 1 5 hits in 5 minutes
Reputation list 2 5 hits in 5 minutes
Bad Bot 5 hits in one day
SQL Injection 5 hits in one day
XSS 5 hits in one day

When the the threshold has been reached, it will raise an incident in pagerduty via sns The lambdas are created without using s3 buckets

The setup

  1. Create a pagerduty service with cloudwatch alarm integeration
  2. Run the terraform code
  3. Add the cloudfront distributions that you wished to have behind the waf

Credits goes to the creator, Cerbo, for the original terraform code:

For more info/help, contact them at: support@cerbo.io (http://cerbo.io)

LICENSE

Copyright 2016 Cerbo.IO, LLC.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

About

Amazon WAF Security Automation deployment (modular with Terraform)

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 89.3%
  • HCL 8.0%
  • JavaScript 2.7%