August 29, 2021

WAFv2 CloudFront CDK

In the last post I covered off how to create a REGIONAL WAF in CDK. In this post I’m going to create a CLOUDFRONT WAF. This is a little bit more involved. I’m going to assume that your application stack is not in us-east-1 and thus we’ll need to create another stack in us-east-1. This is going to use several of the tricks we discussed in an earlier post. Existing Let’s say you have an existing stack that has a CloudFront distribution in it. Read more

August 29, 2021

WAFv2 CDK

AWS CDK Doesn’t yet have a highlevel WAFv2 construct. Using the learnings I’ve recently discussed, I’ve created two constructs. One you can use for REGIONAL WAFs and one for CLOUDFRONT WAFs. AWS CDK seems to be moving towards an approach of having cross regional resources created via custom resources, but this doesn’t exist for WAF yet, and I’ve had mixed results. In this post we will first start with the REGIONAL solution. Read more

April 5, 2021

WAF insights with QuickSight

Following on from my last post using Athena to query WAF logs, I decided to take this a big further and look at what I can do with QuickSight to get some insights. Directly quoted from the Amazon QuickSight home page: Amazon QuickSight is a scalable, serverless, embeddable, machine learning-powered business intelligence (BI) service built for the cloud. QuickSight lets you easily create and publish interactive BI dashboards that include Machine Learning-powered insights. Read more

March 23, 2021

Query WAF logs with Athena

I’ve been using AWS WAF a bit recently and I needed a way to query the logs that are shipped to S3. Athena is the logical solution to this. There is great documentation to get you started with querying WAF logs via Athena and also how to setup WAF logging. My specific requirement required me to start off with the WAF in COUNT mode. While WAF has an excellent facility to to see samples, they only last for 3 hours so I needed the ability to get the logs. Read more

© Greg Cockburn

Powered by Hugo & Kiss.