Skip to content

Commit a03b82f

Browse files
andywick-awsandywick-aws
authored
Merge pull request #102 from thi-baut/main
Added AWS Core Ruleset in all AWF Policies (Firewall Manager)
2 parents 02bf5e0 + a55b8f5 commit a03b82f

File tree

4 files changed

+16
-7
lines changed

4 files changed

+16
-7
lines changed

aws_sra_examples/solutions/firewall_manager/firewall_manager_org/README.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ populated from the `SecurityAccountId` parameter within the `AWSControlTowerBP-B
116116
- ELBv2
117117
- API Gateway
118118
- AWS Managed Rule sets
119+
- AWS Core Ruleset
119120
- AWS Windows Operating System Ruleset
120121
- Resource Tag
121122
- Key: workload-os
@@ -125,6 +126,7 @@ populated from the `SecurityAccountId` parameter within the `AWSControlTowerBP-B
125126
- ELBv2
126127
- API Gateway
127128
- AWS Managed Rule sets
129+
- AWS Core Ruleset
128130
- AWS Linux Operating System Ruleset
129131
- Resource Tag
130132
- Key: workload-os
@@ -134,6 +136,7 @@ populated from the `SecurityAccountId` parameter within the `AWSControlTowerBP-B
134136
- ELBv2
135137
- API Gateway
136138
- AWS Managed Rule sets
139+
- AWS Core Ruleset
137140
- AWS Posix Operating System Ruleset
138141
- Resource Tag
139142
- Key: workload-os

aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-main-ssm.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ Description:
99

1010
Metadata:
1111
SRA:
12-
Version: 1.2
12+
Version: 1.3
1313
Entry: Parameters for deploying solution resolving SSM parameters
1414
Order: 1
1515
AWS::CloudFormation::Interface:
@@ -153,8 +153,8 @@ Parameters:
153153
Description: The SRA solution name. The default value is the folder name of the solution
154154
Type: String
155155
pSRASolutionVersion:
156-
AllowedValues: [v1.2]
157-
Default: v1.2
156+
AllowedValues: [v1.3]
157+
Default: v1.3
158158
Description: The SRA solution version. Used to trigger updates on the nested StackSets.
159159
Type: String
160160
pSRAStagingS3BucketName:

aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-main.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ Description:
99

1010
Metadata:
1111
SRA:
12-
Version: 1.2
12+
Version: 1.3
1313
Entry: Parameters for deploying solution
1414
Order: 1
1515
AWS::CloudFormation::Interface:
@@ -151,8 +151,8 @@ Parameters:
151151
Description: The SRA solution name. The default value is the folder name of the solution
152152
Type: String
153153
pSRASolutionVersion:
154-
AllowedValues: [v1.2]
155-
Default: v1.2
154+
AllowedValues: [v1.3]
155+
Default: v1.3
156156
Description: The SRA solution version. Used to trigger updates on the nested StackSets.
157157
Type: String
158158
pSRAStagingS3BucketName:

aws_sra_examples/solutions/firewall_manager/firewall_manager_org/templates/sra-firewall-manager-org-waf-policy.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ Description:
99

1010
Metadata:
1111
SRA:
12-
Version: 1.2
12+
Version: 1.3
1313
Order: 5
1414
AWS::CloudFormation::Interface:
1515
ParameterGroups:
@@ -105,6 +105,8 @@ Resources:
105105
Type: WAFV2
106106
ManagedServiceData:
107107
'{ "type":"WAFV2", "defaultAction":{ "type":"ALLOW" }, "preProcessRuleGroups": [ { "managedRuleGroupIdentifier": { "vendorName": "AWS",
108+
"managedRuleGroupName": "AWSManagedRulesCommonRuleSet", "version": null }, "overrideAction": { "type": "NONE" }, "ruleGroupArn": null,
109+
"excludeRules": [], "ruleGroupType": "ManagedRuleGroup" }, { "managedRuleGroupIdentifier": { "vendorName": "AWS",
108110
"managedRuleGroupName": "AWSManagedRulesWindowsRuleSet", "version": null }, "overrideAction": { "type": "NONE" }, "ruleGroupArn": null,
109111
"excludeRules": [], "ruleGroupType": "ManagedRuleGroup" } ], "postProcessRuleGroups": [], "overrideCustomerWebACLAssociation":true }'
110112

@@ -128,6 +130,8 @@ Resources:
128130
Type: WAFV2
129131
ManagedServiceData:
130132
'{ "type":"WAFV2", "defaultAction":{ "type":"ALLOW" }, "preProcessRuleGroups": [ { "managedRuleGroupIdentifier": { "vendorName": "AWS",
133+
"managedRuleGroupName": "AWSManagedRulesCommonRuleSet", "version": null }, "overrideAction": { "type": "NONE" }, "ruleGroupArn": null,
134+
"excludeRules": [], "ruleGroupType": "ManagedRuleGroup" }, { "managedRuleGroupIdentifier": { "vendorName": "AWS",
131135
"managedRuleGroupName": "AWSManagedRulesLinuxRuleSet", "version": null }, "overrideAction": { "type": "NONE" }, "ruleGroupArn": null,
132136
"excludeRules": [], "ruleGroupType": "ManagedRuleGroup" } ], "postProcessRuleGroups": [], "overrideCustomerWebACLAssociation":true }'
133137

@@ -151,6 +155,8 @@ Resources:
151155
Type: WAFV2
152156
ManagedServiceData:
153157
'{ "type":"WAFV2", "defaultAction":{ "type":"ALLOW" }, "preProcessRuleGroups": [ { "managedRuleGroupIdentifier": { "vendorName": "AWS",
158+
"managedRuleGroupName": "AWSManagedRulesCommonRuleSet", "version": null }, "overrideAction": { "type": "NONE" }, "ruleGroupArn": null,
159+
"excludeRules": [], "ruleGroupType": "ManagedRuleGroup" }, { "managedRuleGroupIdentifier": { "vendorName": "AWS",
154160
"managedRuleGroupName": "AWSManagedRulesUnixRuleSet", "version": null }, "overrideAction": { "type": "NONE" }, "ruleGroupArn": null,
155161
"excludeRules": [], "ruleGroupType": "ManagedRuleGroup" } ], "postProcessRuleGroups": [], "overrideCustomerWebACLAssociation":true }'
156162

0 commit comments

Comments
 (0)