On August 9, 2021 AWS WAF released a managed rule group versioning feature. This feature is enabling you to select a specific version of a managed rule group within your web ACL, giving you the ability to test new rule updates safely and roll back to previously tested versions.
In addition, AWS WAF now provides early notifications of upcoming rule updates to your managed rule groups through Amazon Simple Notification Service (Amazon SNS). This automation will send slack notifications of managed rule updates for a specific managed rule group.
To retrieve the Amazon SNS topic ARN for a managed rule group you need to do the following:
Console
(Option) When you add the managed rule group to your web ACL, choose Edit to see the rule group's information, which includes the rule group's Amazon SNS topic ARN.
(Option) After you've added the managed rule group into your web ACL, edit the web ACL, then select and edit the rule group rule to see the rule group's Amazon SNS topic ARN.
API – DescribeManagedRuleGroup
CLI – aws wafv2 describe-managed-rule-group --scope REGIONAL --vendor-name --name
Architecture:
Deployment
Follow the documentation to get a Webhook for your Slack channel
Upload 'MANAGEDRULE.png' as a custom emoji called 'managedrule' to Slack.
Add your Webhook to WebhookUrl Parameters file in values/values.json
Deploy the solution via taskfile
task deploy
After deployment you can trigger the Lambda with the following test event to see and example notification
{
"Type": "Notification",
"MessageId": "4286b830-a463-5e61-bd15-e1ae72303868",
"TopicArn": "arn:aws:sns:us-west-2:123456789012:MyTopic",
"Subject": "New version available for rule group AWSManagedRulesCommonRuleSet",
"Message": "Welcome to AWSManagedRulesCommonRuleSet version 1.5! We've updated the regex specification in this version to improve protection coverage, adding protections against insecure deserialization. For details about this change, see http://updatedPublicDocs.html. Look for more exciting updates in the future! ",
"Timestamp": "2021-08-24T11:12:19.810Z",
"SignatureVersion": "1",
"Signature": "EXAMPLEHXgJm...",
"SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem",
"SubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37...",
"MessageAttributes": {
"major_version": {
"Type": "String",
"Value": "v1"
},
"managed_rule_group": {
"Type": "String",
"Value": "AWSManagedRulesCommonRuleSet"
}
}
}
Example Event:
We hope you will find this solution helpful to get notifications for managed rules updates! If you have any feedback, please feel free to reach out to us or open a github issue.
Top comments (0)