1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
2
Hello.
I think you can check it with "UpdateWebACL" from CloudTrail.
When WebACL rules are updated, the following events are likely to be recorded.
https://docs.aws.amazon.com/waf/latest/developerguide/understanding-waf-entries.html
{
"eventVersion": "1.05",
"userIdentity": {
"type": "AssumedRole",
"principalId": "principalId",
"arn": "arn:aws:sts::112233445566:assumed-role/Admin",
"accountId": "112233445566",
"accessKeyId": "accessKeyId",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "principalId",
"arn": "arn:aws:iam::112233445566:role/Admin",
"accountId": "112233445566",
"userName": "Admin"
},
"webIdFederationData": {},
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2019-11-06T19:17:20Z"
}
}
},
"eventTime": "2019-11-06T19:20:56Z",
"eventSource": "wafv2.amazonaws.com",
"eventName": "UpdateWebACL",
"awsRegion": ""us-east-1,
"sourceIPAddress": "10.0.0.1",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36",
"requestParameters": {
"name": "foo",
"scope": "CLOUDFRONT",
"id": "ebbcb976-8d59-4d20-8ca8-4ab2f6b7c07b",
"defaultAction": {
"block": {}
},
"description": "foo",
"rules": [
{
"name": "foo",
"priority": 1,
"statement": {
"geoMatchStatement": {
"countryCodes": [
"AF"
]
}
},
"action": {
"block": {}
},
"visibilityConfig": {
"sampledRequestsEnabled": true,
"cloudWatchMetricsEnabled": true,
"metricName": "foo"
}
}
],
"visibilityConfig": {
"sampledRequestsEnabled": true,
"cloudWatchMetricsEnabled": true,
"metricName": "foo"
},
"lockToken": "67551e73-49d8-4363-be48-244deea72ea9"
},
"responseElements": {
"nextLockToken": "a6b54c01-7975-4e6d-b7d0-2653cb6e231d"
},
"requestID": "41c96e12-9790-46ab-b145-a230f358f2c2",
"eventID": "517a10e6-4ca9-4828-af90-a5cff9756594",
"eventType": "AwsApiCall",
"apiVersion": "2019-04-23",
"recipientAccountId": "112233445566"
}
