如何使用CloudFormation排除AWS托管规则组中的特定规则
0
【以下的问题经过翻译处理】 大家好,
我正在使用CloudFormation来管理AWS Firewall策略。
我根据如下文档指引:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html
定义了WAFV2类型的SecurityServicePolicyData策略,示例代码如下:
“ManagedServiceData”:“{\“type\”:\“WAFV2\”,\”preProcessRuleGroups \“: [{\”ruleGroupArn\“:null,\“overrideAction\“:{\”type\“:\“NONE\”},\”managedRuleGroupIdentifier \“:{\”version\“:null,\“vendorName \“:\”AWS\“,\”managedRuleGroupName\“:\” AWSManagedRulesCommonRuleSet \“},\”ruleGroupType\“:\“ManagedRuleGroup\” ,\”excludeRules \“:[]}],\”postProcessRuleGroups \“:[],\”defaultAction \“:{\”type\“:\“ALLOW\”},\”overrideCustomerWebACLAssociation \“:false,\”loggingConfiguration \“:{\”logDestinationConfigs \“:[\”arn:aws:firehose:us-west-2:12345678912:deliverystream / aws-waf- logs-fms-admin-destination \“],\”redactedFields \“: [{\”redactedFieldType \“:\”SingleHeader\“,\”redactedFieldValue \“:\” Cookies \“},{\”redactedFieldType \“:\”Method\“}]}}”
现在我想排除AWSManagedRulesCommonRuleSet中的一个规则,但我没有看到任何指南或示例来执行此操作。我的问题是如何在例如CloudFormation中排AWSManagedRulesCommonRuleSet中的一个规则?
1 回答
- 最新
- 投票最多
- 评论最多
0
【以下的回答经过翻译处理】 你好,
以下是一个从 AWS 管理规则中排除一条规则的示例:
{
"Resources": {
"PolicyWAFv2": {
"Type": "AWS::FMS::Policy",
"Properties": {
"ExcludeResourceTags": false,
"PolicyName": "Policy",
"RemediationEnabled": false,
"ResourceType": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"SecurityServicePolicyData": {
"Type": "WAFV2",
"ManagedServiceData": {
"Fn::Sub": "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
}
}
}
}
}
}