WAF Wizardry: AWS CLI Commands for Web Application Firewall
Last Updated :
25 Oct, 2024
AWS WAF can act as a strong enabler in protecting your web applications from common web exploits, which basically come in the form of SQL injection, cross-site scripting (XSS), and other variations that may affect availability, security compromise, and undue resource consumption. AWS WAF allows you to monitor HTTP and HTTPS requests forwarded to your application, allowing control of access based on specific conditions and protection against unwanted traffic.
In this article, we show you how you can manage AWS WAF using the AWS Command Line Interface. You will learn some key terminologies, go through step-by-step instructions, and understand the power of automation for WAF management with real-world examples and FAQs. Attention reader.
Primary Terminologies
- AWS WAF: This is a web application firewall that secures your web applications against the most common attack vectors and allows one to define allow, block, or count rules on web traffic based on defined conditions.
- Web ACL: A grouping of rules that allow or block traffic to applications. You define the rules within the context of a logical container called Web ACLs.
- Rules: Configuration sets in AWS WAF that define parameters such as IP address, HTTP request methods, or strings in requests, so that from these things, the web application will be able to detect and filter out threats.
- Conditions: The conditions are generally those that work very similarly in all the rules, which are necessary to come into effect. Some examples include particular IP matching, string matching and geolocation. Action to be taken by AWS WAF on a layered rule when a request is matching the rule. Example actions: allow, block, count.
Step-by-Step Process of Managing AWS WAF with CLI
Step 1: Setting up AWS CLI
Before using WAF commands, ensure that the AWS CLI is installed and configured on your machine. Use the following commands to check or install the AWS CLI:
- Check if AWS CLI is installed
aws --version
aws configure
AWS Access Key ID: You get this from your AWS account.
- AWS Secret Access Key: Associated with the Access Key ID, also available in your AWS account.
- Default region name: This is where you want your WAF resources to be located (e.g.,
us-east-1). - Default output format: You can choose JSON, text, or table. JSON is most common.
Step 2: Create Your IP Set (if not already created)
An IP Set is a collection of IP addresses that you want to allow or block. You need to create this before setting up your Web ACL if you plan on blocking specific IPs.
Before creating a Web ACL, you need an IP Set if you're going to block specific IPs.
aws wafv2 create-ip-set \
--name MyIPSet \
--scope REGIONAL \
--ip-address-version IPV4 \
--addresses '203.0.113.0/24' \
--visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=MyIPSetMetric \
--region us-east-1
Step 3: Create the Rules JSON File
Rules in AWS WAF define the Behavior and actions taken for incoming requests. You must create a JSON file that contains the specific rules to be applied to your Web ACL. Here's an example of a rules.json file:
Here's an example structure for the rules.json file:
{
"Rules": [
{
"Name": "MyIPBlockRule",
"Priority": 1,
"Statement": {
"IPSetReferenceStatement": {
"ARN": "arn:aws:wafv2:region:account-id:regional/ipset/MyIPSetName/ipset-id"
}
},
"Action": {
"Block": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "MyIPBlockMetric"
}
}
]
}
Step 3: Creating a Web ACL
A Web ACL (Web Access Control List) is a container that holds the rules you define for your WAF. The following command creates a Web ACL using the rule you created in the previous step:
To protect a web application, you need to create a Web ACL. Here’s the command:
aws wafv2 create-web-acl \
--name MyWebACL \
--scope REGIONAL \
--default-action Block={} \
--rules '[{"Name":"MyIPBlockRule","Priority":1,"Statement":{"IPSetReferenceStatement":{"ARN":"arn:aws:wafv2:us-east-1:001919753234:regional/ipset/MyIPSet/70b3ac67-bccf-433b-aa445c-ff439551976f77"}},"Action":{"Block":{}},"VisibilityConfig":{"SampledRequestsEnabled":true,"CloudWatchMetricsEnabled":true,"MetricName":"MyIPBlockMetric"}}]' \
--visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=MyMetric \
--region us-east-1
Step 4: Verify the Creation
Once the command runs successfully, you’ll see a summary of the Web ACL created, including its ARN and ID. You can verify by running:
aws wafv2 list-web-acls --scope REGIONAL --region us-east-1
Step 5: Prepare Test Requests
Replace <your-ec2-instance-public-ip> with your EC2 instance's public IP. If the IP 192.0.2.1 is part of the blocked IP set, the request should return a 403 Forbidden response, indicating that the request was blocked by AWS WAF.
Test IP Block
- Send a Request from Blocked IP: Use a tool like
curl to send a request from the blocked IP address.
curl -I http://<your-ec2-instance-public-ip> --header "X-Forwarded-For: 192.0.2.1"
- Expected Result: You should receive a response indicating the request was blocked (e.g.,
403 Forbidden).
Deleting a Web ACL
When a Web ACL is no longer needed, you can delete it using this command:
aws wafv2 delete-web-acl \
--name MyWebACL \
--scope REGIONAL \
--id 05154f56-7f2ssfsf-4adsf2-8b8a-f415f9cb8dgdfg3be \
--region us-east-1 \
--lock-token 01bsfs8e282-93sfs9a-4226-a979-43fsfe795b8f7a
Verify by using following command
aws wafv2 list-web-acls --scope REGIONAL --region us-east-1
Conclusion
AWS WAF controlled by AWS CLI provides the required scaling to manage all sizes of web applications and has the flexibility to protect your web applications from a wide variety of web threats, all with automation of WAF configurations included in your development and deployment pipelines.
AWS WAF can block or allow traffic according to sophisticated rules by handling access and monitoring threats in real time, driving automation's power through the CLI. This article walks you through step-by-step processes, real-world examples, and FAQs that will act as your comprehensive guide to effectively manage AWS WAF and protect your applications from common web vulnerabilities.
Similar Reads
AWS Web Application Firewall
AWS Web Application Firewall (WAF) is a fully managed service by AWS that protects your web applications from bad traffic and malicious threats. It integrates with many AWS services including Amazon CloudFront, Application Load Balancer (ALB), API Gateway and AWS App Runner.AWS WAF works by allowing
9 min read
What is a Web Application Firewall?
Web Application Firewall protects the web application by filtering, monitoring, and blocking any malicious HTTP/S traffic that might penetrate the web application. In simple words, a Web Application Firewall acts as a shield between a web application and the Internet. This shield protects the web ap
4 min read
How to Configure AWS X-Ray Application Tracing?
AWS X-Ray is a service that helps a developer trace and analyze distributed applications in the cloud, when dealing with a significant level of complexity, in terms of how different components interrelate, especially since the inception of microservices and serverless architecture, knowledge is key.
8 min read
AWS Application Cost Profiler
AWS is another name for Amazon Web Services. It is a cloud service platform that provides a variety of services such as databases, storage, and on-demand computing capabilities. AWS offers around 200 featured Services. Although an AWS service may be functionally restricted on its own, AWS services m
5 min read
How To Use Azure Application Gateway for Web Application Firewall and Load Balancing?
Microsoft Azure offers an application gateway solution that enables users to control inbound traffic to their web apps. For improved security and speed, it provides load balancing capabilities and a web application firewallIn this article, we'll walk you through using Azure Application Gateway for l
3 min read
AWS Application Load Balancer Using Terraform
In contemporary cloud infrastructure setups, managing and distributing incoming traffic effectively across various instances is central to ensuring the high accessibility and scalability of applications. Among the bunch of services given by AWS (Amazon Web Services), Elastic Load Balancing (ELB) sta
10 min read
Automating AWS Network Firewall Configurations with Terraform
The most crucial aspect in protecting and safeguarding network infrastructure in the landscape of cloud computing is applying security to a network. AWS Network Firewall offers high-performance, fully managed security services that provide flexible protection for all your Amazon VPCs to define, impl
8 min read
How to Use AWS Elastic Beanstalk For Scalable Web Application Deployment?
AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. Benefits of AWS Elastic BeanstalkOffers Quicker Deployment: It
5 min read
AWS Serverless Application Model (SAM)
Assume you are developing a complicated web application that calls for numerous API Gateways, Amazon Lambda functions, and serverless resources. These resources require deployment, configuration, scale management, security, and performance optimizations. When using unprocessed CloudFormation templat
6 min read
AWS Application Load Balancer
The application load balancer distributes incoming HTTP and HTTPS traffic across multiple targets such as Amazon EC2 Instances, microservices, and containers, based on request attributes. When the load balancer receives a connection request, it evaluates the Listener rules in priority order to deter
14 min read