in infra/resources/api.ts [253:369]
private createWAF(name: string) {
this.webAcl = new waf.CfnWebACL(this, `ProviderWafWebACL-${name}`, {
name,
description: `WebACL for ${name}`,
defaultAction: {
allow: {},
},
scope: "REGIONAL",
tags: [
{
key: "Name",
value: name,
},
{
key: "environment",
value: "prototype",
},
],
visibilityConfig: {
cloudWatchMetricsEnabled: true,
metricName: `waf-metric-${name}`,
sampledRequestsEnabled: true,
},
rules: [
{
name: "AWS-AWSManagedRulesCommonRuleSet",
priority: 0,
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesCommonRuleSet",
},
},
overrideAction: {
none: {},
},
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesCommonRuleSet",
},
},
{
name: "AWS-AWSManagedRulesAmazonIpReputationList",
priority: 1,
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesAmazonIpReputationList",
},
},
overrideAction: {
none: {},
},
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesAmazonIpReputationList",
},
},
{
name: "AWS-AWSManagedRulesKnownBadInputsRuleSet",
priority: 2,
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesKnownBadInputsRuleSet",
},
},
overrideAction: {
none: {},
},
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesKnownBadInputsRuleSet",
},
},
{
name: "AWS-AWSManagedRulesLinuxRuleSet",
priority: 3,
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesLinuxRuleSet",
},
},
overrideAction: {
none: {},
},
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesLinuxRuleSet",
},
},
{
name: "AWS-AWSManagedRulesSQLiRuleSet",
priority: 4,
statement: {
managedRuleGroupStatement: {
vendorName: "AWS",
name: "AWSManagedRulesSQLiRuleSet",
},
},
overrideAction: {
none: {},
},
visibilityConfig: {
sampledRequestsEnabled: true,
cloudWatchMetricsEnabled: true,
metricName: "AWS-AWSManagedRulesSQLiRuleSet",
},
},
],
});
}