Comments (4)
Hi @rectalogic
In this case, I would recommend create a separated new stack and associate you web app endpoit to it. Just be aware to delete the existing Access Log bucket event if you plan to reuse the same S3 location for logs.
from aws-waf-security-automations.
Did it work?
from aws-waf-security-automations.
Yes, I tried this on a test stack. We use the WAF stack as a nested stack in our main stack, so I changed the nested stack name so that CF destroyed the old one and recreated a new one. I did not delete the S3 bucket.
Will this result in an outage for our users though? When the old WebACL is detached and destroyed and the new one is attached to our ALBs, will in-flight HTTP connections be disrupted?
from aws-waf-security-automations.
Hi @rectalogic
You shouldn't have any problem to associate the new webACL (https://amzn.to/2GQZVxt). However, as you've mentioned that this might be a prod/critical endpoint, I recommend:
-
Use a blue-green deployment approach by creating a new stack and just switch your endpoint to use the new webACL. This way you'll have a easy way to rollback if needed.
-
Change the new webACL to test-mode for a while just to triple check if it is working as expected. More info: https://amzn.to/2s3nglj
Regards
from aws-waf-security-automations.
Related Issues (20)
- missing file HOT 1
- Runtime.ImportModuleError: Unable to import module 'helper': No module named 'lib.s3_util' HOT 2
- Need help writing Custom ACL HOT 3
- Most if not all of Lambda functions created by version 4.0.0 contain vulnerability in requests package of Python HOT 1
- Honeypot doesn't detect correct IP address with CloudFront and recommended cache configuration. HOT 4
- 4.0.2 helper.zip not available in cn-north-1 HOT 1
- Failing to create security-automations-for-aws-waf in il-central-1 HOT 3
- Support for Cloudfront realtime logs HOT 2
- Failing to create security-automations-for-aws-waf in il-central-1 HOT 3
- WAFWebACL Drift for Security Automations for AWS WAF Solution HOT 1
- Glue Table for WAF Access Logs is missing some of the log fields (e.g. labels) HOT 4
- allow cloudwatch logs destination for traffic logs, currently only supported target is s3 HOT 8
- Invalid CRON expression `cron(* ? * * * *)` HOT 6
- Can we align the resources to CIS standards from security hub. HOT 1
- Support for COUNT mode for WAF HOT 2
- How to disable managed ruleset options HOT 1
- Add a option to use a existing WebACL HOT 1
- Based on the template https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/aws-cloudformation-templates.html the KeyPrefix: 'security-automations-for-aws-waf/v4.0.3' was associated with Python 3.10. Do you have a release for python 3.11? HOT 1
- S3 Access Denied for eu-central-1 HOT 1
- Unable to upgrade from v3.2.5 to v4.x HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-waf-security-automations.