available rulesets to use out of the box. If you’re an AWS customer, the natural choice is AWS WAF. They can also increase the time and cost of exploitation of known vulnerabilities and to serve as an early warning system of suspicious user activity (application logging typically falls short in this regard). As with any security solution, they aren’t a silver bullet but they can add a valuable layer of defense and give your team extra time to patch vulnerabilities in your application. WAFs are often used to protect web apps and APIs from common security attacks such as SQL injection, cross-site scripting, cross-site request forgery, and other attacks. If you are running any type of web application, you might have deployed a Web Application Firewall (WAF). I thought I could use !Ref however it used the CloudFront ID as per the documentation instead of the ARN.AWS WAF’s defaults make bypassing trivial in POST requests, even when you enable the AWS Managed Rules However, I can't seem to find out how to get the CloudFront distribution ARN from the official documentation. To associate the ACL to the CloudFront distribution, I've added a AWS::WAFv2::WebACLAssociation entry which requires the ARN of the CloudFront distribution for the ResourceArn entry. I've setup a CloudFront distribution in CloudFormation and I'm building an AWS WAF ACL to act as a firewall for it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |