By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to associate Web ACL rule to EB/ALB on creation?

0

I created a Web ACL rule that allows traffic to two exact URI paths and blocks everything else. I am able to manually associate it to my Application Load Balancer, but when I terminate my Elastic Beanstalk environment (which the Application Load Balancer is a part of) and recreate the Elastic Beanstalk environment the rule is not associated with the new Application Load Balancer that is created.

Is there a way to configure it so that my Web ACL rule is associated with the Application Load Balancer with the Elastic Beanstalk environment is created?

Topics
Security, Identity, & ComplianceCompute
Tags
AWS WAFAWS Elastic BeanstalkApplication Load Balancer
Language
English
Jeff
asked 2 years ago673 views
1 Answer
0

This sounds like a good fit for Firewall Manager: https://aws.amazon.com/firewall-manager/ - it does require that you are using AWS Organizations and AWS Config, but it is possible to enable these even if you only have a single account. Firewall Manager can automatically associate a WAF WebACL with newly created resources.

AWS
EXPERT
Paul_L
answered 2 years ago
  • Jeff
    2 years ago

    I was hoping there was a way to do it in the Elastic Beanstalk config. Spending $100 a month to use Firewall Manager isn't an option for me.

  • Paul_L EXPERT
    2 years ago

    In that case, could you use Eventbridge to trigger a Lambda function, which associate the WebACL with your ALB? You should be able to do this once the Create operation is complete in Elastic Beanstalk: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.eventbridge.html

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content