- 최신
- 최다 투표
- 가장 많은 댓글
Slightly different use case but similar idea of using Lambda to automatically update AWS WAF IP sets with IP ranges. https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Yes, you can add an IP to an IPSet when it exceeds the rate limit fixed by a WAF rule. You can do this by creating an Eventbridge event rule that triggers a Lambda function. The Lambda function can then add the IP address to the IPSet.
Create an Eventbridge event rule that is triggered by the WAF logs. The event rule should have the following conditions:
The source is the WAF log group. The event type is "AWS WAF Rule Matched". The rule name is the name of the WAF rule that you want to use to trigger the event.
Create a Lambda function that adds the IP address to the IPSet. The Lambda function should have the following permissions:
The ability to call the AWS WAF API. The ability to create and update IPSets. In the Lambda function, add the following code:
def handler(event, context):
# Get the IP address from the event.
ip_address = event["detail"]["request"]["clientIp"]
# Add the IP address to the IPSet.
client = boto3.client("waf-v2")
client.update_ip_set(
Name=IPSetName,
Addresses=[ip_address],
)
Once you have completed these steps, the Lambda function will be triggered whenever an IP address exceeds the rate limit fixed by the WAF rule. The Lambda function will then add the IP address to the IPSet.
Thx for your detailed answer !
Hello.
CloudWatch Logs subscription filters can be used to run Lambda when specific logs are output.
I believe this could be automated by using this feature to create a Lambda that registers with IP Sets when an IP block occurs in the WAF.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#LambdaFunctionExample
관련 콘텐츠
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
If there are any further questions feel free to ask. If this answer below is satisfactory to you please mark it as accepted. Thanks!