[英]Create a geomatching AWS WAF condition/rule and connect it to an existing CloudFront distribution using CloudFormation
简而言之,我要完成的工作如下:
这似乎足够简单,可以在Web控制台中进行设置,但是CloudFormation API似乎更受限制吗?
我能够WebACL部署“ WAFRegional” GeoMatchSet , Rule和WebACL 。 然后,当尝试将其与现有的CloudFront分布关联时,似乎我要使用的不是“ WAFRegional”类型,而只是“ WAF”类型。 但是,没有针对“ WAF”的GeoMatchSet API吗?
AWSTemplateFormatVersion: 2010-09-09
Resources:
# Match Sets
GeoMatchSetWhitelist:
Type: "AWS::WAFRegional::GeoMatchSet"
Properties:
Name: "GeoMatchSet for whitelist countries"
GeoMatchConstraints:
-
Type: "Country"
Value: "CA"
-
Type: "Country"
Value: "US"
ByteMatchSetLoginURIs:
Type: "AWS::WAFRegional::ByteMatchSet"
Properties:
Name: "ByteMatchSet for Login URIs"
ByteMatchTuples:
-
FieldToMatch:
Type: "URI"
TargetString: "/my/uri"
TextTransformation: "NONE"
PositionalConstraint: "EXACTLY"
# Rules
WhitelistRule:
Type: "AWS::WAFRegional::Rule"
Properties:
Name: "WhitelistRule"
MetricName: "WhitelistRule"
Predicates:
-
DataId:
Ref: "GeoMatchSetWhitelist"
# True here means match everying NOT in this match set
Negated: true
Type: "GeoMatch"
-
DataId:
Ref: "ByteMatchSetLoginURIs"
Negated: false
Type: "ByteMatch"
# Web Access Control Lists
WebACL:
Type: "AWS::WAFRegional::WebACL"
Properties:
Name: "WhitelistWebACL"
DefaultAction:
Type: "ALLOW"
MetricName: "WebACL"
Rules:
-
Action:
Type: "BLOCK"
Priority: 2
RuleId:
Ref: "WhitelistRule"
# Web ACL Association
WebACLAssociation:
Type: "AWS::WAF::WebACLAssociation"
Properties:
ResourceArn:
Ref: "arn:aws:cloudfront::999999999999:distribution/AAAAAAAAAAAA"
WebACLId:
Ref: "WebACL"
运行上面的代码给我An error occurred (ValidationError) when calling the CreateChangeSet operation: Template format error: Unresolved resource dependencies [arn:aws:cloudfront::999999999999:distribution/AAAAAAAAAAAA] in the Resources block of the template 。
最后,是否可以将GeoMatchSet与GeoMatchSet , ByteMatchSet和现有的CloudFront发行版一起使用?
上次检查时,对于区域区域存在对GeoMatchSet的CloudFormation支持,但对于全局区域(CloudFront)不存在。 不幸的是,CloudFormation以功能丰富的功能而闻名,尽管它逐渐变得越来越好...
如何通过使用CloudFormation将CloudFront分发集成到AWS WAF?
[英]How to integrate CloudFront distribution to AWS WAF by using CloudFormation?
使用 CloudFormation 将 LambdaFunctionAssociation 添加到现有 CloudFront 分配
[英]Add LambdaFunctionAssociation to existing CloudFront distribution with CloudFormation
如何使用 AWS CDK 将域别名添加到现有 CloudFront 分配
[英]How to add domain alias to existing CloudFront distribution using AWS CDK
如何通过cloudformation向现有的Cloudfront发行中添加新来源?
[英]How to add new origins to an already existing cloudfront distribution through cloudformation?
如何将新的“aws_wafregional_rule”与现有的 WAF ACL 相关联
[英]How to associate new “aws_wafregional_rule” with existing WAF ACL
如何使用 Cloudformation 在 AWS WAF 中启用 WebACL 日志记录?
[英]How to enable logging for WebACL in AWS WAF using Cloudformation?
如何使用 Terraform 在一个 AWS WAF 规则中使用多个谓词(条件)?
[英]How to Use Multiple Predicate ( Condition ) in one AWS WAF Rule with Terraform?
AWS:使用 cloudformation 模板将 WAF 附加到 api 网关
[英]AWS: Attach WAF to api gateway using cloudformation template
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.