![]() ![]() AWS is mostly available for free (only AWS WAF Bot Control and AWS WAF Fraud Control account takeover prevention rule groups have additional fees) whereas Marketplace managed rule groups are available by subscription through AWS Marketplace. There is one difference between AWS and Marketplace rule groups. Managed rule groups are collections of predefined rules that AWS and AWS Marketplace sellers will maintain for you. In this post, I will show you which AWS Managed Rule Group is addressing which Web Application Security Risk from the OWASP TOP 10. ![]() It represents a broad consensus about the most critical security risks to web applications. Formatting your API Gateway’s Application Resource Name (ARN), you will need this to associate it to the WebACL.The OWASP Top 10 is a standard awareness document for developers and web application security.YAML indentation - I’d recommend installing cfn-lint, a huge help for formatting YAML files and catching bugs early.I got the tip on these ahead of my implementation thanks to Natalie’s article. Hence, this post is to help those who are as lost as I was configuring a WAFV2 with an API gateway. Configuring the WAFV2 with an API is pretty straightforward, however, there are little resources available online. After some research I found that many others also faced this issue, mainly because the ‘Classic WAF’ has been depreciated by AWS.ĪWS WAFV2 is the latest version of the AWS WAF API released in November 2019. I ran into an issue where my WebACL would not properly associate to the API. The only quality documentation I could find was from our very own Natalie Laing in this post she wrote back in 2019. I recently had to attach a Web Application Firewall (WAF) regional Access Control List (ACL) to an API gateway created using the Serverless Framework. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |