How to Create Web Application Firewall (WAF) on Amazon Web Service(AWS).

AWS WAF is a web application firewall service that lets you monitor web requests that are forwarded to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer.

We can protect those resources based on conditions that you specify, such as the IP addresses that the requests originate from.AWS WAF gives near real-time visibility into your web traffic, which we can use to create new rules or alerts in Amazon CloudWatch.

 

  • Login to aws portal.
  • Click on Services.

 

Fig 1

 

  • Under Security, Identity,& Compliance select WAF & Shield.

 

Fig 2

 

  • Click on Create WEB ACL.

 

Fig 17

 

  • Provide Web ACL details name
  • Provide CloudWatch metric name.
  • There are two type of resource type:CloudFront distributions or Regional resources.
  • When we select Regional Resources.

 

Fig. 4

 

  • Click on Add AWS resources.

 

Fig. 4

 

  • Select Resource types to associate with Web ACL.
  • Click on Add.
  • Click on Next.
  • Otherwise we can select CloudFront distributions resource type.

 

Fig. 5

 

  • Click on Add Rules & rules group.
  • When we select Add managed rule groups.

 

Fig. 6

 

  • Select exisitng Add managed rule groups.
  • Click on Add rules.

Fig. 6

 

  • When we select Add my own rules & rules groups.

 

Fig. 7

 

  • Select Rule type.
  • Provide Rule name.

 

Fig. 8

 

  • Select Conditions & Statement(Inspect).
  • Click on Add rule.

 

Fig. 9

 

  • Rule is created.

 

Fig 18

 

  • Click on Next.

 

Fig 11

 

  • Set Rule Priority.
  • Click on Next.

 

Fig 12

 

  • Provide CloudWatch Metric name.
  • Click on Next.

 

Fig 12

 

  • Review all configurations.

 

Fig 13

 

  • Click on Create Web ACL.

 

Fig 14

 

  • After sometime Web ACL created successfully.

 

Fig 15

 

Create Web Application Firewall (WAF) using Shell

aws wafv2 create-web-acl –name Web-Acl-name  –scope REGIONAL  –default-action Allow={} –visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=TestWebAclMetrics –rules /path/of/waf-rule.json –region us-west-2

The waf-rule.json file is given below:

[
{
“Name”:”basic-rule”,
“Priority”:0,
“Statement”:{
“AndStatement”:{
“Statements”:[
{
“ByteMatchStatement”:{
“SearchString”:”example.com”,
“FieldToMatch”:{
“SingleHeader”:{
“Name”:”host”
}
},
“TextTransformations”:[
{
“Priority”:0,
“Type”:”LOWERCASE”
}
],
“PositionalConstraint”:”EXACTLY”
}
},
{
“GeoMatchStatement”:{
“CountryCodes”:[
“US”,
“IN”
]
}
}
]
}
},
“Action”:{
“Allow”:{

}
},
“VisibilityConfig”:{
“SampledRequestsEnabled”:true,
“CloudWatchMetricsEnabled”:true,
“MetricName”:”basic-rule”
}
}
]

Leave a Reply

Your email address will not be published. Required fields are marked *