Skip to content
/ awswaf-production-automation Public

Complete provisioning and automation management for AWS WAF V1 Rules - Regional Mode

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

msfidelis/awswaf-production-automation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bad_ips.tf
bad_ips.tf
 
 
body_regex.tf
body_regex.tf
 
 
ddos.tf
ddos.tf
 
 
generic_insecure_rules_qs.tf
generic_insecure_rules_qs.tf
 
 
generic_insecure_rules_uri.tf
generic_insecure_rules_uri.tf
 
 
header_regex.tf
header_regex.tf
 
 
main.tf
main.tf
 
 
sql_injection.tf
sql_injection.tf
 
 
uri_regex.tf
uri_regex.tf
 
 
variables.tf
variables.tf
 
 
waf_acl.tf
waf_acl.tf
 
 
xss.tf
xss.tf
 
 

Repository files navigation

Complete AWS WAF (Web Application Firewall) Automation with Terraform (Regional / Global)

License: MIT Twitter: fidelissauro

waf

This is an automation purposes to manage v1 WAF rules using terraform. By default all resources are deployed on Regional Mode. But you can enable Global Mode to replicate WAF rules for a cloudfront context.

variable "global_mode" {
  default = true
}

Features (Roadmap)

  • Feature Flag ❌
  • Global Mode Rules Replication from Regional Rules (For Cloudfront) ❌
  • Bad IP's ✅
  • SQL Injection protection ✅
  • XSS protection ✅
  • DDoS protection (IP Rated) ✅
  • Generic insecure patterns for Querystrings ✅
  • Generic insecure patterns for URI ✅
  • Generic insecure patterns for BODY ❌
  • Regex pattern for BODY ✅
  • Regex pattern for URI ✅
  • Regex pattern for HEADER ❌
  • Monitoring with Kinesis and Elasticsearch and Kibana ❌
  • Elasticsearch Log Retention ❌

Install

terraform init
terraform apply

Author

👤 Matheus Fidelis

🤝 Contributing

Contributions, issues and feature requests are welcome!
Feel free to check issues page.

Show your support

Give a ⭐️ if this project helped you!

📝 License

Copyright © 2019 Matheus Fidelis.
This project is MIT licensed.

About

Complete provisioning and automation management for AWS WAF V1 Rules - Regional Mode

Topics

aws elasticsearch kibana terraform waf kinesis kinesis-stream aws-waf

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages