I've noticed that if you enable the "Windows Operating System" rule group from the "AWS Managed Rules" rule group against your Web ACL in WAF that SNS notifications generated by AWS Textract are blocked due to matching the rule:
AWS#AWSManagedRulesWindowsRuleSet#WindowsShellCommands_BODY
Whilst that rule can be edited and "count" switched on instead to mitigate the issue the problem then is that you loose that rules protection against legitimate attacks. My questions therefore is how can do we add the AWS services to an allow list so that they do not trigger the block themselves whilst leaving the rule in place for all other requests? Do we have to allow all AWS IPs by creating a IP set covering the all IP ranges within expected regions or is there another way to simply say "allow AWS based services"?
AWS 官方已更新 2 年前