Skip to content

Latest commit

 

History

History
executable file
·
128 lines (78 loc) · 6.47 KB

Lab_Guide.md

File metadata and controls

executable file
·
128 lines (78 loc) · 6.47 KB
Raw

Level 200: Automated Deployment of Web Application Firewall: Lab Guide

Authors

  • Ben Potter, Security Lead, Well-Architected

Table of Contents

  1. Configure WAF
  2. Configure CloudFront for WAF
  3. Tear Down

1. Configure AWS WAF

Using AWS CloudFormation, we are going to deploy a basic example AWS WAF configuration for use with CloudFront.

  1. Sign in to the AWS Management Console, select your preferred region, and open the CloudFormation console at https://console.aws.amazon.com/cloudformation/. Note if your CloudFormation console does not look the same, you can enable the redesigned console by clicking New Console in the CloudFormation menu.
  2. Click Create stack.

cloudformation-createstack-1

  1. Enter the following Amazon S3 URL: https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Security/Code/waf-global.yaml and click Next.

cloudformation-createstack-s3

  1. Enter the following details:
  • Stack name: The name of this stack. For this lab, use waf.
  • WAFName: Enter the base name to be used for resource and export names for this stack. For this lab, you can use Lab1.
  • WAFCloudWatchPrefix: Enter the name of the CloudWatch prefix to use for each rule using alphanumeric characters only. For this lab, you can use Lab1. The remainder of the parameters can be left as defaults.

waf-create-stack

  1. At the bottom of the page click Next.
  2. In this lab, we won't add any tags or other options. Click Next. Tags, which are key-value pairs, can help you identify your stacks. For more information, see Adding Tags to Your AWS CloudFormation Stack.
  3. Review the information for the stack. When you're satisfied with the configuration, click Create stack.
  4. After a few minutes the stack status should change from CREATE_IN_PROGRESS to CREATE_COMPLETE.
  5. You have now set up a basic AWS WAF configuration ready for CloudFront to use!

2. Configure Amazon CloudFront

Using the AWS Management Console, we will create a CloudFront distribution, and link it to the AWS WAF ACL we previously created.

  1. Open the Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/home.
  2. From the console dashboard, choose Create Distribution.

cloudfront-create

  1. Click Get Started in the Web section.

cloudfront-getstarted

  1. Specify the following settings for the distribution:
  • In Origin Domain Name enter the DNS or domain name from your elastic load balancer or EC2 instance.

cloudfront-create-distribution

  • In the distribution Settings section, click AWS WAF Web ACL, and select the one you created previously.

cloudfront-distribution-settings

  1. After CloudFront creates your distribution, the value of the Status column for your distribution will change from In Progress to Deployed.

cloudfront-deployed

  1. When your distribution is deployed, confirm that you can access your content using your new CloudFront URL or CNAME. Copy the Domain Name into a web browser to test.

cloudfront-test

For more information, see Testing a Web Distribution in the CloudFront documentation.

  1. You have now configured Amazon CloudFront with basic settings and AWS WAF.

For more information on configuring CloudFront, see Viewing and Updating CloudFront Distributions in the CloudFront documentation.

3. Tear down this lab

The following instructions will remove the resources that have a cost for running them. Please note that Security Groups and SSH key will exist. You may remove these also or leave for future use.

Delete the CloudFront distribution:

  1. Open the Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/home.
  2. From the console dashboard, select the distribution you created earlier and click the Disable button. To confirm, click the Yes, Disable button.
  3. After approximately 15 minutes when the status is Deployed, select the distribution and click the Delete button, and then to confirm click the Yes, Delete button.

Delete the AWS WAF stack:

  1. Sign in to the AWS Management Console, and open the CloudFormation console at https://console.aws.amazon.com/cloudformation/.
  2. Select the waf-cloudfront stack.
  3. Click the Actions button, and then click Delete Stack.
  4. Confirm the stack, and then click the Yes, Delete button.

References & useful resources

Amazon Elastic Compute Cloud User Guide for Linux Instances Amazon CloudFront Developer Guide Tutorial: Configure Apache Web Server on Amazon Linux 2 to Use SSL/TLS AWS WAF, AWS Firewall Manager, and AWS Shield Advanced Developer Guide

License

Licensed under the Apache 2.0 and MITnoAttr License.

Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.

Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at

https://aws.amazon.com/apache2.0/

or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.