Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Waf, Waf-v2, Waf-regional documentation
See original GitHub issueHey guys, there is a lack of documentation regarding Waf - see #7925. But I could create a working example with api-gateway. Maybe you wanna add it to your docs?
import * as apigateway from "@aws-cdk/aws-apigateway";
import * as wafv2 from "@aws-cdk/aws-wafv2";
import * as cdk from "@aws-cdk/core";
export class WafStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const testApi = new apigateway.RestApi(this, "Test-API", {
endpointConfiguration: {
types: [apigateway.EndpointType.REGIONAL],
},
});
testApi.root.addMethod("GET", new apigateway.MockIntegration());
// @ts-ignore
const webAcl = new wafv2.CfnWebACL(this, "WebAcl", {
defaultAction: { allow: {} },
rules: [
{
priority: 1,
overrideAction: { none: {} },
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesAmazonIpReputationList",
},
name: "AWS-AWSManagedRulesAmazonIpReputationList",
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesAmazonIpReputationList",
},
},
},
{
priority: 2,
overrideAction: { none: {} },
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesCommonRuleSet",
},
name: "AWS-AWSManagedRulesCommonRuleSet",
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesCommonRuleSet",
},
},
},
{
priority: 3,
overrideAction: { none: {} },
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesKnownBadInputsRuleSet",
},
name: "AWS-AWSManagedRulesKnownBadInputsRuleSet",
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesKnownBadInputsRuleSet",
},
},
},
],
scope: "REGIONAL",
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "web-acl",
},
});
// Output of 'testApi.arnForExecuteApi(...)': 'arn:aws:execute-api:region:accout-id:api-id/*/*/*'
// For webAcls we need the following pattern: 'arn:aws:apigateway:region::/restapis/api-id/stages/stage-name'
// See here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html#cfn-wafv2-webaclassociation-resourcearn
const region = cdk.Stack.of(this).region;
const arn = `arn:aws:apigateway:${region}::/restapis/${testApi.restApiId}/stages/${testApi.deploymentStage.stageName}`;
// @ts-ignore
new wafv2.CfnWebACLAssociation(this, "WebAclAssociation", {
webAclArn: webAcl.attrArn,
resourceArn: arn,
});
}
}
const app = new cdk.App();
new WafStack(app, "Waf-Stack");
Issue Analytics
- State:
- Created 3 years ago
- Reactions:14
- Comments:9 (2 by maintainers)
Top Results From Across the Web
Welcome - AWS WAFV2
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an...
Read more >waf-regional — AWS CLI 2.9.6 Command Reference
This is AWS WAF Classic Regional documentation. ... For the latest version of AWS WAF , use the AWS WAFV2 API and see...
Read more >Waf, Waf-v2, Waf-regional documentation · Issue #7925 - GitHub
I have tried to reference AWS-managed waf-rules, to create a WebACL based on these rules ... Waf, Waf-v2, Waf-regional documentation #7925.
Read more >aws_sdk_wafregional - Rust - Docs.rs
This is the AWS WAF Regional Classic API Reference for using AWS WAF Classic with the AWS resources, Elastic Load Balancing (ELB) Application...
Read more >aws waf-regional delete-permission-policy - Fig.io
This is AWS WAF Classic documentation. ... For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thanks for the example!
An unfortunate truth is that we don’t have time to spend on WAF right now, and even though it might sound that any example is better than no example, we also cannot readily accept your code for multiple reasons:
I would heartily recommend that you get this content out there and publish this content under your own name to your own platforms: maybe to a blog, maybe to a GitHub repository or a Gist. But we can’t accept it into the upstream repository or docs, however silly that may sound.
Cheers!
thanks to @Syy0n
this really saved me a ton of time , I spent 6 hrs wasting on this issue thanks again for this one
I really feel AWS has poor examples on WAF - APIGW association and for some reason
This works
This did not work