Releases: globaldatanet/aws-firewall-factory
2.5.0
Added
- Added:
- RemediationEnabled?: Indicates if the policy should be automatically applied to new resources.
- IncludeMap: Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
- ExcludeMap?: Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
- ResourceTags?: An array of ResourceTag objects, used to explicitly include resources in the policy scope or explicitly exclude them.
- ResourcesCleanUp?: Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope.
- TaskFile:
validateconfig: Validates the current config
generateconfig: Generate skeleton for a waf configuration file
Removed
- DeployTo will now be managed trough the includeMap
- Example JSON WAF
Changed:
- A Firewall can now deployed using: task deploy config=NAMEOFYOURCONFIGFILE without JSON
Outputs for PostProcess and PreProcess Custom Rule not dynamic
2.1.3
Fixed
- Outputs for PostProcess and PreProcess Custom Rule not dynamic
2.1.2
Bugfix
Major Refactoring for Code Base
2.1.0
Added
- Added Linting with typescript-eslint
- Added .gitignore and .npmignore file
- Added 2 functions for building service data (managed & custom rules) to remove redundant code
Changed
- Refactoring bin file: outsource capacity checks & other functions to helpers.ts
- Transform capacity.json to Typescript Type Rule
- Start refactoring lib file: get rid of redundant code and use JS shortcuts
- Extend types of the Config interface
- Restructuring runtime properties: introduce separate layer for PreProcess and PostProcess
- New types for Firewall Manager API and CDK mapping
2.0.0
2.0.0
Added
-
preProcessRuleGroups and postProcessRuleGroups - you can decide now where the Custom or ManagedRules should be added to.
-
RuleLabels - A label is a string made up of a prefix, optional namespaces, and a name. The components of a label are delimited with a colon. Labels have the following requirements and characteristics:
-
Labels are case-sensitive.
-
Each label namespace or label name can have up to 128 characters.
-
You can specify up to five namespaces in a label.
-
Components of a label are separated by colon (:).
-
Changed
- Values Structure:
- Removed (Rules and ManagedRuleGroups)
- Added PreProcess and PostProcess
ℹ️ See example json.
- Optimized RuleGroup Splitting - RuleGroups will now be splitted into Groups with up to 1000 WCU.
v1.4.1
v1.04
-
Added S3LoggingBucketName to json. You need to specify the S3 Bucket where the Logs should be placed in now. We also added a Prefix for the logs to be aws conform (Prefix: AWSLogs/AWS_ACCOUNTID/FirewallManager/AWS_REGION/).
-
Added Testing your WAF with GoTestWAF. To be able to check your waf we introduced the SecuredDomain Parameter in the json which should be your Domain which will be checked using the WAF tool.
-
Introduced three new Parameters in the taskfile (WAF_TEST,CREATE_DIAGRAM and CDK_DIFF).
| Parameter | Value |
|---|---|
| WAF_TEST | true (testing your waf with GoTestWAF) false (Skipping WAF testing) |
| CREATE_DIAGRAM | true (generating a diagram using draw.io) false (Skipping diagram generation) |
| CDK_DIFF | true (generating a cdk before invoking cdk deploy) false (Skipping cdk diff) |
- Add schema validation
Captcha as Action
Merge pull request #11 from globaldatanet/Captcha-Action-support Captcha action support
Rule Name
You can now name your Rules. If you define a Name in your RulesArray the Name + a Base36 Timestamp will be used for creation of your Rule - otherwise a name will be generated. This will help you to query your logs in Athena. The same Rulename also apply to the metric just with adding "-metric" to the name.