Links

AWS WAF

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Payload Inspection

AWS::WAF::ByteMatchSet

Field To Match-Data
Terraform
Field To Match-Type
Terraform
Byte Match Tuples-Positional Constraint
Terraform
Byte Match Tuples-Target String
Terraform
Byte Match Tuples-Target String Base64
Terraform
Name
Terraform

AWS::WAF::Rule

Metric Name
Terraform
Name
Terraform
Predicates-Data Id
Terraform
Predicates-Negated
Terraform
Predicates-Type
Terraform

AWS::WAF::SizeConstraintSet

Size Constraints-Comparison Operator
Terraform
Field To Match-Data
Terraform
Field To Match-Type
Terraform
Size Constraints-Size
Terraform

AWS::WAF::SqlInjectionMatchSet

Name
Terraform
Field To Match-Data
Terraform
Field To Match-Type
Terraform

AWS::WAF::WebACL

Rules-Priority
Terraform
Rules-Rule Id
Terraform

AWS::WAF::XssMatchSet

Name
Terraform
Field To Match-Data
Terraform
Field To Match-Type
Terraform

Input Validation

Design Guidance:

AWS::WAF::ByteMatchSet

Byte Match Tuples-Text Transformation
Terraform

AWS::WAF::SizeConstraintSet

Size Constraints-Text Transformation
Terraform

AWS::WAF::SqlInjectionMatchSet

Sql Injection Match Tuples-Text Transformation
Terraform

AWS::WAF::XssMatchSet

Xss Match Tuples-Text Transformation
Terraform

IP Whitelisting

Design Guidance:

AWS::WAF::IPSet

Ipset Descriptors-Type
Terraform
Ipset Descriptors-Value
Terraform
Name
Terraform

Deny-all Communications and Only Allow-by-Exception

Design Guidance:

AWS::WAF::WebACL

Default Action-Type
Terraform
Action-Type
Terraform

Firewalls

Design Guidance:

AWS::WAF::WebACL

Metric Name
Terraform
Name
Terraform

Last modified 1yr ago