Managing of individual rules in an ACL deployed by AWS Firewall Manager

0

Hello,

When you roll out WAF ACLs with the Firewall Manager on organisation level, individual account managers can add rules and rule groups, in addition to the rule groups that were defined through Firewall Manager.

Can this be done programatically, via API or CDK for example, or is it only possible via AWS console? I didn't find anything about that in the API description.

profile picture
ABCKaNi
demandé il y a un an397 vues
2 réponses
0
Réponse acceptée

Hello,

Unfortunately, there is no public document which specifies the use case for individual account administrators to add rules/rule groups inside the WebACL managed by Firewall Manager using CDK.

  • When you create the Firewall Manager service policy for WAFv2 type, it will create the WebACL resource and adds PreProcessFirewallManagerRuleGroups and PostProcessFirewallManagerRuleGroups properties. Document [1] explains these two properties can only be defined by Firewall Manager.

  • These properties cannot be added directly to the AWS::WAFV2::WebACL resource if you are using CloudFormation template for example. The API reference guide [2] defines the properties with AWS CDK CloudFormation Resources.

  • If your use case involves CloudFormation to manage the rules on Firewall Managed WebACLs, then you can use Lambda backed custom resource. In the custom resource Lambda function, you can use UpdateWebACL API calls to create or modify the rules on the WebACL resources. [3]

We recommend to use AWS Console or CLI to avoid any validation issues with CDK in this particular case.

AWS
INGÉNIEUR EN ASSISTANCE TECHNIQUE
Vimal_P
répondu il y a un an
0

That is unfortunate in the spirit of IaC, but thanks for the answer.

profile picture
ABCKaNi
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions