AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
AWS WAF can protect two types of global (Cloudfront) and Regional resources like
Steps of Creating Web ACL
Creating Web ACL
Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/.
Click on Create Web ACL
Enter the name for your web ACL and also make sure regional resources is selected, right now we are just creating Web ACL we will see later how we can add a resource to protect.
keep default options and again click next
on the set rule priority keep default and click next
Protect Resource with Web ACL
Select the resource type and then select the resource you want to associate with this web ACL, I am doing this demo for Amazon API Gateway REST API
I have my Example REST API running at this URL
Adding Rule in AWS WAF
There are two types of Rule Groups in AWS WAF,
Custom Rules Group
let's see each one by one first, we will see Managed Rules
Adding AWS Managed Rules Group in WEB ACL
Managed rule groups are created and maintained for you by AWS and AWS Marketplace sellers. Any fees that a managed rule group provider charges for using a managed rule group are in addition to the standard service charges for AWS WAF
Which AWS-managed rule to add depends upon your requirement AWS also offers some Free rule groups (you can use the free rule groups without any added charges beyond the standard service charges for AWS WAF)
I am adding SQL database rule groups to show this demo that this group will block any SQL injection attempts
Click on save
Attempting to SQL injection is getting Denied,
we can also add other rules groups if required like (Admin protection, Amazon IP reputation list, Anonymous IP list, Linux operating system etc)
Adding Custom Rules Group in WEB ACL
When creating custom rule groups custom rules can be categorized into three categories
IP set (Use IP sets to identify a specific list of IP addresses)
Rule builder (Use a custom rule to inspect for patterns including query strings, headers, countries, and rate limit violations.)
Rule group (Use a rule group to combine rules into a single logical set.)
Now we have seen how to add a managed rules group let's go web ACL page and see how we can add a custom rule
we can also create a rule group from here and use rule groups across other WAF ACL
IP set in AWS WAF ACL
One of the scenarios could be when you need to add a custom domain to your AWS access and your domain Nameserver is in Cloudflare and you want to allow only Cloudflare
ips to access your resource and proxy traffic, you can create an IP set and allow only access to Cloudflare and block all.
When we add multiple rules then Rule priority comes into to picture If a request matches a rule, take the corresponding action. The rules are prioritized in the order they appear.
Custom response bodies
Custom response bodies are plain text, JSON, or HTML content that you use to customize a response to blocked requests. You can use a response body anywhere in the web ACL where you create it.
Before you leave these are the Additional considerations and best practices you can follow
you can send tog to CloudWatch Logs log group, Kinesis Data Firehose stream,S3 bucket
Block Default web ACL action for requests that don't match any rules
Regex pattern sets
A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement
AWS WAF Pricing
You need to disassociate your attached resource before deleting AWS WAF ACL