This repository contains Terraform configurations to implement AWS WAF (Web Application Firewall) for securing applications running on EC2 instances behind an Application Load Balancer (ALB).
Internet → WAF → ALB → EC2 Instances
- AWS WAF implementation with custom rule sets
- ALB integration with WAF
- EC2 instance configuration
- Security group configurations
- Automated deployment using Terraform
- Terraform >= 5.82.0
- AWS CLI configured with appropriate credentials
- IAM permissions for:
- WAF
- EC2
- ALB
- Security Groups
- VPC
-
WAF Configuration
- Custom rule groups
- Rate limiting rules
- IP blacklisting/whitelisting
- SQL injection protection
- XSS protection
-
ALB Setup
- HTTPS listener
- Target group configuration
- Health checks
-
EC2 Configuration
- Auto Scaling Group
- Security groups
- Instance profile
-
Clone the Repository
git clone https://github.com/Leapfrog-DevOps/tf-demo.git
-
Configure Variables
- Update
terraform.tfvarswith your specific values - Modify region and environment settings as needed
- Update
-
Initialize Terraform
terraform init
-
Validate Configuration
terraform validate
-
Review the Plan
terraform plan
-
Apply Configuration
terraform apply
- Rate-based rules for DDoS protection
- AWS Managed Rules
- Common Rule Set (CRS)
- SQL injection prevention
- Cross-site scripting (XSS) prevention
- Bad bots protection
- Bad input rule set
- Admin Protection Rule Set
- Geographic-based rules
- Regular updates of WAF rules
- Monitoring and logging configuration
- Performance optimization
- Security patch management
- Always use HTTPS
- Implement proper logging
- Regular security audits
- Keep WAF rules updated
- Monitor WAF metrics
- Fork the repository
- Create a feature branch
- Commit changes
- Push to the branch
- Create a Pull Request
For support, please contact the DevOps team or raise an issue in the repository.