Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- AWSTemplateFormatVersion: '2010-09-09'
- Description: 'Template for WAF Configuration'
- Parameters:
- CamerasApi:
- Description: "Arn of the Cameras Api"
- Type: String
- Default: cameras-api-dev
- StageName:
- Description: "Stage name of the Cameras Api"
- Type: String
- Default: v
- Blocking:
- Description: "Number of calls per 5 minutes for WAF IP blocking."
- Type: Number
- Default: 2000
- EnvironmentType:
- Type: String
- Default: "dev"
- Description: "Type of environment: dev, staging or prod."
- Resources:
- WAFCamerasWebACL:
- Type: AWS::WAFRegional::WebACL
- DependsOn: CamerasRateRule
- Properties:
- DefaultAction:
- Type: ALLOW
- MetricName: !Join ['', ['IPBlockingMetric', !Ref EnvironmentType]]
- Name: !Join ['', ['IPBlockingACL', !Ref EnvironmentType]]
- Rules:
- -
- Action:
- Type: "BLOCK"
- Priority: 1
- RuleId: !Ref CamerasRateRule
- CamerasRateRule:
- Type: AWS::WAFRegional::RateBasedRule
- Properties:
- MetricName: UnallowedAccessCount
- Name: FiveMinuteRule
- RateKey: IP
- RateLimit: !Ref Blocking
- MatchPredicates:
- -
- DataId: !Ref CamerasIpSet
- Negated: false
- Type: "IPMatch"
- CamerasIpSet:
- Type: AWS::WAFRegional::IPSet
- Properties:
- Name: !Join ['-', ['IpBlacklist', !Ref EnvironmentType]]
- MyWebACLAssociation:
- Type: AWS::WAFRegional::WebACLAssociation
- Properties:
- ResourceArn: !Sub arn:aws:apigateway:${AWS::Region}::/restapis/${CamerasApi}/stages/${StageName}
- WebACLId: !Ref WAFCamerasWebACL
- Outputs:
- WebACL:
- Description: Name of the web ACL
- Value: !Ref WAFCamerasWebACL
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement