mirror of https://gitlab.com/curben/blog
fix: move aws scripts to curben/aws-scripts repo
This commit is contained in:
parent
671cafd086
commit
b22baa1999
|
@ -10,7 +10,7 @@ As part of my {% post_link aws-waf 'routine review' %} of my company's [AWS WAF]
|
||||||
|
|
||||||
While individual and total WCU are shown during ACL creation/modification on the management console, a read-only role could only check the total WCU. It may be possible to use `CheckCapacity` [CLI](https://docs.aws.amazon.com/cli/latest/reference/wafv2/check-capacity.html) or [API](https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html) by separating each rule as an ACL, but that'll involve excessive (online) API calls.
|
While individual and total WCU are shown during ACL creation/modification on the management console, a read-only role could only check the total WCU. It may be possible to use `CheckCapacity` [CLI](https://docs.aws.amazon.com/cli/latest/reference/wafv2/check-capacity.html) or [API](https://docs.aws.amazon.com/waf/latest/APIReference/API_CheckCapacity.html) by separating each rule as an ACL, but that'll involve excessive (online) API calls.
|
||||||
|
|
||||||
I further improved my script [waf-acl.py](/files/20210627/waf-acl.py) by implementing _offline_ WCU calculation. While the [AWS docs](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) has a complete list of WCU of each match statement, I find the text transformation part is not clear enough.
|
I further improved my script [waf-acl.py](https://gitlab.com/curben/aws-scripts/-/blob/main/waf-acl.py) by implementing _offline_ WCU calculation. While the [AWS docs](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) has a complete list of WCU of each match statement, I find the text transformation part is not clear enough.
|
||||||
|
|
||||||
> For each Text transformation that you apply, add 10 WCUs.
|
> For each Text transformation that you apply, add 10 WCUs.
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,7 @@ tags:
|
||||||
|
|
||||||
I regularly need to audit my company's access control lists (ACLs) implemented in [AWS WAF](https://aws.amazon.com/waf/), as part of my job. Each ACL can be more than a thousand lines which is practically impossible to read. I wrote a script that downloads and summarises the ACLs into human-readable format; each one-thousand-line behemoth is transformed into a fifty-line summary that I can _actually_ audit.
|
I regularly need to audit my company's access control lists (ACLs) implemented in [AWS WAF](https://aws.amazon.com/waf/), as part of my job. Each ACL can be more than a thousand lines which is practically impossible to read. I wrote a script that downloads and summarises the ACLs into human-readable format; each one-thousand-line behemoth is transformed into a fifty-line summary that I can _actually_ audit.
|
||||||
|
|
||||||
The script is [available here](/files/20210627/waf-acl.py). It currently only supports Cloudfront ACL, feel free to extend it to support regional ACL.
|
The script is [available here](https://gitlab.com/curben/aws-scripts/-/blob/main/waf-acl.py). It currently only supports Cloudfront ACL, feel free to extend it to support regional ACL.
|
||||||
|
|
||||||
```
|
```
|
||||||
./waf-acl.py --profile {profile-name} --directory {output-dir} --original --wcu --total-wcu
|
./waf-acl.py --profile {profile-name} --directory {output-dir} --original --wcu --total-wcu
|
||||||
|
|
Loading…
Reference in New Issue