Skip to content

4.0.0

Compare
Choose a tag to compare
@daknhh daknhh released this 01 Sep 12:11
· 231 commits to master since this release
f05bec2

Added

  • A custom resource to retrieve the latest version of the ManagedRuleGroup and check if the specified version is valid.
  • Typescript configuration files for WAF configurations - now it is easier to write custom rules because of the types for rule statements.
  • A function to convert CdkRule to SdkRule - with the introduction of Typescript configuration and CDK interfaces, we now need to convert every CDK rule to an SDK rule to be able to use the CheckCapacity API call.
  • ManagedRuleGroupVersions for CloudFormation Output
  • Example Configurations
    1. Example WAF configuration against: OWASP Top Ten
    2. Example configuration for prerequisite stack
  • Added TOOL_KIT_STACKNAME to the TaskFile - to specify the name of the bootstrap stack (see Bootstrapping your AWS environment).
  • Migrate script to migrate from json to ts config (./values/migrate.ts)
    • ts node ./values/migrate.ts YOURJSON.json
  • You now need to set the priority for your custom rules. If you want to learn more about processing order of rules and rule groups in a web ACL, check out this link.

Fixed

  • Allow sub-statements of IPSetReferenceStatements -> Allow IPSetReferenceStatement.ARN entries that reference an aws-firewall-factory controlled ipset (i.e. the name of the ipset) within AND, OR and NOT statements (as sub-statements).
  • Adjusted WAF Config skeleton generation function for Typescript configuration.
  • Updated dependencies to the latest version

Removed

  • Json config files for WAF configurations
  • DeployHash generation for new configs - legacy functionality - we will now use Prefix, Stage & FirewallName to create unique WAF and CloudFormation StackNames.