AWS WAF Web ACL (with Marketplace Rule Groups)

Serverless Framework
, ,
1

Hi! :wave:

A client recently subscribed to two AWS WAF marketplace rule groups.

I’ve been tasked with applying one of these rule groups to a CloudFront distribution, and the other to an API Gateway Rest API, via the client’s existing Serverless configuration (i.e. serverless.yml).

I’ve looked through the AWS documentation and the marketplace vendor’s setup guides and can’t find any information on how to create Web ACLs configured with WAF marketplace rule groups programmatically.

Obviously I can create the relevant Web ACLs manually, but the task I’ve been given is to create and configure them via Serverless configuration (i.e. CloudFormation template).

Does anyone have any examples or suggestions on how to create Web ACLs configured with marketplace rule groups via serverless.yml?

Pulling out what little hair I have left trying to solve this.

Appreciate whatever help I can get!

Cheers,

James

:nerd_face:

2

Hi again, :wave:

For anyone who stumbles across this post, according to AWS Support as of November 2019:

Unfortunately, at the moment of writing, the API call to subscribe managed WAF rule group is not yet supported in CloudFormation and is only available with AWS CLI/SDK and console.

TL;DR: It’s not possible to create Web ACLs configured with marketplace rule groups via CloudFormation/Serverless templates.

Forlornly,

James

:pensive:

3

Hey James, check this out:
WAFv2
This was apparently released very recently - just a few weeks after your post.

4

@ndormont I looked at the link shared. Where does it say how can the marketplace rules be configured through serverless framework or cloudformation