## AWS WAF Automation Using Terraform
[WAF Automation on AWS](https://aws.amazon.com/solutions/implementations/aws-waf-security-automations/) solution is developed using Terraform which automatically deploys a set of [AWS WAF](https://aws.amazon.com/waf/) rules that filter common web-based attacks. Users can select from preconfigured protective features that define the rules included in an AWS WAF web access control list (web ACL). Once deployed, AWS WAF protects your [Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html) distributions or [Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) by inspecting web requests.
## Target Architecture
## Prerequisites
1. An active AWS account.
2. AWS Command Line Interface (AWS CLI) installed and configured with necessary permissions. For more information about this , refer [this documentation](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html).
3. Terraform installed and configured. For more information about this , refer [this documentation](https://learn.hashicorp.com/tutorials/terraform/install-cli).
## Deployment
```
terraform init
terraform plan -var-file="testing.tfvars"
terraform apply -var-file="testing.tfvars"
```
Check out this APG Pattern for detailed deployment instructions: [Deploy the Security Automations for AWS WAF solution by using Terraform](https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-the-security-automations-for-aws-waf-solution-by-using-terraform.html)
## Types of inputs:
```
ActivateHttpFloodProtectionParam = yes - AWS Lambda log parser, yes - Amazon Athena log parser,yes - AWS WAF rate based rule
ActivateScannersProbesProtectionParam =yes - AWS Lambda log parser, yes - Amazon Athena log parser
ENDPOINT = ALB , cloudfront
```
## Existing issue:
Error: Error deleting WAFv2 IPSet: WAFOptimisticLockException: AWS WAF couldn’t save your changes because someone changed the resource after you started to edit it. Re-apply your changes.
## Workaround:
Delete the IPsets manually and retry the terraform destroy command.
Reference : https://github.com/hashicorp/terraform-provider-aws/issues/21136
## Security
See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
## License
This library is licensed under the MIT-0 License. See the LICENSE file.
## Requirements
| Name | Version |
|------|---------|
| [aws](#requirement\_aws) | ~> 3.0 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | ~> 3.0 |
| [random](#provider\_random) | n/a |
## Modules
No modules.
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [ActivateAWSManagedRulesParam](#input\_ActivateAWSManagedRulesParam) | n/a | `string` | `"no"` | no |
| [ActivateBadBotProtectionParam](#input\_ActivateBadBotProtectionParam) | n/a | `string` | `"yes"` | no |
| [ActivateCrossSiteScriptingProtectionParam](#input\_ActivateCrossSiteScriptingProtectionParam) | n/a | `string` | `"yes"` | no |
| [ActivateHttpFloodProtectionParam](#input\_ActivateHttpFloodProtectionParam) | n/a | `string` | `"yes - AWS WAF rate based rule"` | no |
| [ActivateReputationListsProtectionParam](#input\_ActivateReputationListsProtectionParam) | n/a | `string` | `"yes"` | no |
| [ActivateScannersProbesProtectionParam](#input\_ActivateScannersProbesProtectionParam) | n/a | `string` | `""` | no |
| [ActivateSqlInjectionProtectionParam](#input\_ActivateSqlInjectionProtectionParam) | n/a | `string` | `"yes"` | no |
| [AppAccessLogBucket](#input\_AppAccessLogBucket) | Application Access Log Bucket Name | `string` | `"myownbucket-tam"` | no |
| [BadBotProtectionActivated](#input\_BadBotProtectionActivated) | n/a | `string` | `"yes"` | no |
| [DeliveryStreamName](#input\_DeliveryStreamName) | Name of the Delivery stream value | `string` | `"terraform-kinesis-firehose-extended-s3-test-stream"` | no |
| [ENDPOINT](#input\_ENDPOINT) | cloudfront or ALB | `string` | `"cloudFront"` | no |
| [ErrorThreshold](#input\_ErrorThreshold) | error threshold for Log Monitoring Settings | `number` | `50` | no |
| [IPRetentionPeriod](#input\_IPRetentionPeriod) | n/a | `string` | `"no"` | no |
| [IPRetentionPeriodAllowedParam](#input\_IPRetentionPeriodAllowedParam) | IP Retention Settings allowed value | `number` | `-1` | no |
| [IPRetentionPeriodDeniedParam](#input\_IPRetentionPeriodDeniedParam) | IP Retention Settings denied value | `number` | `-1` | no |
| [KEEP\_ORIGINAL\_DATA](#input\_KEEP\_ORIGINAL\_DATA) | S3 original data | `string` | `"No"` | no |
| [KeyPrefix](#input\_KeyPrefix) | Keyprefix values for the lambda source code | `string` | `"aws-waf-security-automations/v3.2.0"` | no |
| [LOG\_LEVEL](#input\_LOG\_LEVEL) | Log level | `string` | `"INFO"` | no |
| [MetricsURL](#input\_MetricsURL) | Metrics URL | `string` | `"https://metrics.awssolutionsbuilder.com/generic"` | no |
| [ReputationListsProtectionActivated](#input\_ReputationListsProtectionActivated) | n/a | `string` | `"yes"` | no |
| [RequestThreshold](#input\_RequestThreshold) | request threshold for Log Monitoring Settings | `number` | `100` | no |
| [SEND\_ANONYMOUS\_USAGE\_DATA](#input\_SEND\_ANONYMOUS\_USAGE\_DATA) | Data collection parameter | `string` | `"yes"` | no |
| [SNSEmailParam](#input\_SNSEmailParam) | SNS notification value | `string` | `""` | no |
| [ScannersProbesProtectionActivated](#input\_ScannersProbesProtectionActivated) | n/a | `string` | `"yes"` | no |
| [SendAnonymousUsageData](#input\_SendAnonymousUsageData) | Data collection parameter | `string` | `"yes"` | no |
| [SolutionID](#input\_SolutionID) | UserAgent id value | `string` | `"SO0006"` | no |
| [SourceBucket](#input\_SourceBucket) | Lambda source code bucket | `string` | `"solutions"` | no |
| [USER\_AGENT\_EXTRA](#input\_USER\_AGENT\_EXTRA) | UserAgent | `string` | `"AwsSolution/SO0006/v3.2.0"` | no |
| [WAFBlockPeriod](#input\_WAFBlockPeriod) | block period for Log Monitoring Settings | `number` | `240` | no |
| [app\_access\_logs\_columns](#input\_app\_access\_logs\_columns) | n/a | `map` | {
"actions_executed": "string",
"chosen_cert_arn": "string",
"client_ip": "string",
"client_port": "int",
"domain_name": "string",
"elb": "string",
"elb_status_code": "string",
"lambda_error_reason": "string",
"matched_rule_priority": "string",
"new_field": "string",
"received_bytes": "bigint",
"redirect_url": "string",
"request_creation_time": "string",
"request_processing_time": "double",
"request_proto": "string",
"request_url": "string",
"request_verb": "string",
"response_processing_time": "double",
"sent_bytes": "bigint",
"ssl_cipher": "string",
"ssl_protocol": "string",
"target_group_arn": "string",
"target_ip": "string",
"target_port": "int",
"target_processing_time": "double",
"target_status_code": "string",
"time": "string",
"trace_id": "string",
"type": "string",
"user_agent": "string"
} | no |
| [cloudfront\_app\_access\_logs\_columns](#input\_cloudfront\_app\_access\_logs\_columns) | n/a | `map` | {
"bytes": "bigint",
"cookie": "string",
"date": "date",
"encryptedfields": "int",
"filestatus": "string",
"host": "string",
"hostheader": "string",
"httpversion": "string",
"location": "string",
"method": "string",
"querystring": "string",
"referrer": "string",
"requestbytes": "bigint",
"requestid": "string",
"requestip": "string",
"requestprotocol": "string",
"responseresulttype": "string",
"resulttype": "string",
"sslcipher": "string",
"sslprotocol": "string",
"status": "int",
"time": "string",
"timetaken": "float",
"uri": "string",
"useragent": "string",
"xforwardedfor": "string"
} | no |
| [sse\_algorithm](#input\_sse\_algorithm) | sse\_algorithm | `string` | `"aws:kms"` | no |
| [waf\_access\_logs\_columns](#input\_waf\_access\_logs\_columns) | n/a | `map` | {
"action": "string",
"formatversion": "int",
"httprequest": "struct>,uri:string,args:string,httpversion:string,httpmethod:string,requestid:string>",
"httpsourceid": "string",
"httpsourcename": "string",
"nonterminatingmatchingrules": "array",
"ratebasedrulelist": "array",
"rulegrouplist": "array",
"terminatingruleid": "string",
"terminatingruletype": "string",
"timestamp": "bigint",
"webaclid": "string"
} | no |
## Outputs
No outputs.