Added

• A custom resource to retrieve the latest version of the ManagedRuleGroup and check if the specified version is valid.
• Typescript configuration files for WAF configurations - now it is easier to write custom rules because of the types for rule statements.
• A function to convert CdkRule to SdkRule - with the introduction of Typescript configuration and CDK interfaces, we now need to convert every CDK rule to an SDK rule to be able to use the CheckCapacity API call.
• ManagedRuleGroupVersions for CloudFormation Output
• Example Configurations
  1. Example WAF configuration against: OWASP Top Ten
  2. Example configuration for prerequisite stack
• Added TOOL_KIT_STACKNAME to the TaskFile - to specify the name of the bootstrap stack (see Bootstrapping your AWS environment).
• Migrate script to migrate from json to ts config (./values/migrate.ts)
  • ts node ./values/migrate.ts YOURJSON.json
• You now need to set the priority for your custom rules. If you want to learn more about processing order of rules and rule groups in a web ACL, check out this link.

Fixed

• Allow sub-statements of IPSetReferenceStatements -> Allow IPSetReferenceStatement.ARN entries that reference an aws-firewall-factory controlled ipset (i.e. the name of the ipset) within AND, OR and NOT statements (as sub-statements).
• Adjusted WAF Config skeleton generation function for Typescript configuration.
• Updated dependencies to the latest version