WAF
Ingests AWS WAF resources including Web ACLs, Rule Groups, IP Sets, Regex Pattern Sets, and Managed Rule Sets for security monitoring and compliance.
Details
The AWS WAF input collects comprehensive information about your AWS WAF configurations. It provides insights into your web application firewall rules, protections, and security policies across both regional and CloudFront distributions. The input retrieves detailed information about WAF resources, including configuration metadata, rules, and associated policies to help you monitor and analyze your web application security posture.
Requirements
- IAM Role Assumption / Static Credentials
- Example permission to attach to the role/user:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"wafv2:ListWebACLs",
"wafv2:GetWebACL",
"wafv2:ListRuleGroups",
"wafv2:GetRuleGroup",
"wafv2:ListIPSets",
"wafv2:GetIPSet",
"wafv2:ListRegexPatternSets",
"wafv2:GetRegexPatternSet",
"wafv2:ListManagedRuleSets"
],
"Resource": "*"
}
]
}
Configuration
Settings
| Setting | Type | Required | Default | Description |
|---|---|---|---|---|
| Role ARN | string | Yes | - | The ARN of the role to assume to access the WAF resources |
| Cron | string | Yes | - | Cron expression for scheduling the input |
| Region | string | Yes | - | AWS region where WAF resources are located (us-east-1, us-east-2, us-west-1, us-west-2, af-south-1, ap-east-1, ap-south-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, eu-south-1, me-south-1, sa-east-1, us-gov-east-1, us-gov-west-1) |
| WAF Type | string | Yes | - | Type of WAF resources to collect (WEB_ACLS, RULE_GROUPS, IP_SETS, REGEX_PATTERN_SETS, MANAGED_RULE_SETS). |
| Scope | string | Yes | - | The scope of WAF resources (REGIONAL or CLOUDFRONT). |
Secrets (Static Credentials Only)
| Setting | Type | Required | Description |
|---|---|---|---|
| Access Key | string | Conditional | AWS Access Key ID |
| Secret Key | string | Conditional | AWS Secret Access Key |
⚠️ Authentication: Choose either Role ARN (recommended) or static credentials. See AWS Authentication Guide for setup instructions.