Amazon WAF WEB ACLs
- Product name
- Category
- Storage system
- Release
- TKU 2022-Nov-1
A web access control list (web ACL) gives you fine-grained control over all HTTP(S) web requests your protected resource responds to. You can defend Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, and Amazon Cognito resources.
Identification
Triggers
Pattern | Trigger Node | Attribute | Condition | Argument | ||
---|---|---|---|---|---|---|
InferWAFRegionalwebACL | DiscoveredCloudAPIResultList | discovery_method | = | 'AWS.WAF.ListRegionalWebAcls' | ||
InferWAFv2RegionalwebACL | DiscoveredCloudAPIResultList | discovery_method | = | 'AWS.WAF2.ListRegionalWebAcls' | ||
InferWAFwebACL | DiscoveryAccess | provider | and | = | 'aws' | |
da.region | in | 'supported regions' | ||||
is first in | 'DiscoveryRun' | |||||
InferWAFv2webACL | DiscoveryAccess | provider | and | = | 'aws' | |
da.region | in | 'supported regions' | ||||
is first in | 'DiscoveryRun' |
Endpoints in the REST APIs
REST APIs | Comments |
---|---|
AWS.WAF2.ListTagsForResource | Get tags |
AWS.WAF.ListWebAcls | List AWS WAF web ACLs (Classic) |
AWS.WAF2.ListWebAcls | List AWS WAF web ACLs (Classic) |
AWS.WAF2.ListTagsForResource | Get tags |
Attributes
Patterns InferWAFRegionalwebACL models WAF regional CloudService for each region.
Node Kind | Attribute | Default Value |
---|---|---|
CloudService | type | Security |
code | waf regional | |
name | AWS WAF Regional (Classic) (AWS Global) : <region.account_name> |
Patterns InferWAFv2RegionalwebACL models waf2 regional CloudService for each region.
Node Kind | Attribute | Default Value |
---|---|---|
CloudService | type | Security |
code | waf2regional | |
name | AWS WAF Regional (<region.location>) : <region.account_name> |
Patterns InferWAFwebACL models waf CloudService for each region.
Node Kind | Attribute | Default Value |
---|---|---|
CloudService | type | Security |
code | waf | |
name | AWS WAF (Classic) (AWS Global) : <region.account_name> |
Patterns InferWAFv2webACL models waf2 CloudService for each region.
Node Kind | Attribute | Default Value |
---|---|---|
CloudService | type | Security |
code | waf2 | |
name | AWS WAF (<region.location>) : <region.account_name> |
An example of the BMC Helix Discovery view of the scanned results for CloudService is the following:
An example of the model visualization is represented below:
Pattern InferWAFRegionalwebACL models AWS Web Access Control List Regional (Classic) CloudResource for each AWS Regional (Classic) web Access Control List.
Node Kind | Attribute | Default Value |
---|---|---|
CloudResource | name | Web ACL Regional (Classic) <result.Name> |
type | AWS Web Access Control List Regional (Classic) | |
key | resource_arn using resource_arn function | |
short_name | result.Name | |
id | result.WebACLId | |
cloud_id | resource_arn using resource_arn function |
An example of the BMC Helix Discovery view of the scanned results for CloudResource is the following:
Pattern InferWAFv2RegionalwebACL models AWS Web Access Control List Regional CloudResource for each AWS WAF (v2) Regional web Access Control List.
Node Kind | Attribute | Default Value |
---|---|---|
CloudResource | name | Web ACL Regional <result.Name> |
type | AWS Web Access Control List Regional | |
key | result.ARN | |
short_name | result.Name | |
id | result.Id | |
description | result.Description | |
lock_token | result.LockToken | |
cloud_id | result.ARN | |
tags | [ <tag_key> <value> ] |
An example of the BMC Helix Discovery view of the scanned results for CloudResource is the following:
Pattern InferWAFwebACL models AWS Web Access Control List (Classic) CloudResource for each AWS WAF (Classic) web Access Control List.
Node Kind | Attribute | Default Value |
---|---|---|
CloudResource | name | Web ACL (Classic) <result.Name> |
type | AWS Web Access Control List (Classic) | |
key | resource_arn using resource_arn function | |
short_name | result.Name | |
id | result.WebACLId | |
cloud_id | resource_arn using resource_arn function |
An example of the BMC Helix Discovery view of the scanned results for CloudResource is the following:
Pattern InferWAFv2webACL models AWS Web Access Control List CloudResource for each AWS WAF (v2 CloudFront) web Access Control List.
Node Kind | Attribute | Default Value |
---|---|---|
CloudResource | name | Web ACL <result.Name> |
type | AWS Web Access Control List | |
key | result.ARN | |
short_name | result.Name | |
id | result.Id | |
description | result.Description | |
lock_token | result.LockToken | |
cloud_id | result.ARN | |
tags | [ <tag_key> <value> ] |
An example of the BMC Helix Discovery view of the scanned results for CloudResource is the following:
Information sources
For more information, refer to the official resources:
- https://docs.aws.amazon.com/waf/index.html
- https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html
Comments
Log in or register to comment.