Security Cloud Privacy Tech
Posts > Cloud > AWS WAF Security Automations

AWS WAF Security Automations

3 minute read | Last updated 2-Aug-2022 | An icon depicting a retail tag with a heart for 'favourite'   

AWS Labs has a lot of open source code up on GitHub. This repo contains a solid set of AWS WAF rules for common web-based attacks.

AWS WAF Security Automations creates some simple rules for common attacks that really should be part of the default offering for AWS WAF. But they aren’t, which makes this repo extremely useful.

I call out a few more details in the Twitter thread below…

Tweet 1/9  Next tweet

let’s look at this repo full of @awscloud WAF #security automations

the repo is up at https://github.com/awslabs/aws-waf-security-automations and it contains a set of WAF rules to filter out common web-based attacks

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 2/9  Next tweet  Start

this thread is available unrolled at https://t.co/Za14IqWUud

my last thread on Gluon Time Series models is spat https://markn.ca/2021/gluon-ts/

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 3/9  Next tweet  Start

AWS WAF, https://aws.amazon.com/waf/, is a bit controversial. it’s more of a skeleton than other @awscloud services. basically providing you with a framework that you have to build out before it’s useful

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 4/9  Next tweet  Start

you create a web access control list or WACL (awesome name), then add rules and resources that are a target (a/k/a where the traffic goes)

so it’ll go:

internet > WAF > [ CloudFront | API Gateway | ALB | AppSync ]

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 5/9  Next tweet  Start

the idea is that WAF drops the bad stuff. but there are no rules in place by default

this is the biggest failing of the service. now, you can buy a set of managed rules from APN partners or load up your own

this repo, has a set that you can load

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 6/9  Next tweet  Start

….honestly, they should be available in the services as a one-click option. that would reduce customer friction and provide some protection out of the box

(though WAF does have other features like IP access control and Bot Control)

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 7/9  Next tweet  Start

back to the repo, the rules in the repo provide some basic protections again SQL injection attacks, scanning/probing, cross-site scripting, flood attacks, and other attack techniques

it’s not fool proof but they are solid rules

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 8/9  Next tweet  Start

now, usually I’d go easy here and say that repos like this are a FANTASTIC way to test new functionality and customer demand before rolling it into the product

however, this repo launched in 2016 and was last updated here in Sep/2021

☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Tweet 9/9  Next tweet  Start

so, these are obviously useful and well used. that’s why I wanted to highlight this repo

if you think WAF might help improve your security posture and you don’t want to go the managed rule route, this will help get your started

/ ☁️ #cloud #devops

marknca @marknca tweeted at 16-Nov-2021, 19:33

Start