AWS WAF v2
App Vendor: AWS WAF v2
Connector Category: Network Security
App Version in Orchestrate: 1.1.0
API Version: 2.0.0
About App
The AWS WAF v2 application monitors the HTTP and HTTPS requests forwarded to an Amazon API Gateway, Amazon CloudFront, or an Application Load Balancer. AWS WAF lets you control the access to your content based on the conditions you specify (IP address) and configure CloudFront to return a custom error page when a request is blocked.
The AWS WAF v2 app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Remove elements from an IP Set | This action removes elements (IP addresses) from an IP set. |
Add element to an IP Set | This action adds elements (IP addresses) to an IP set. |
Get IP Set Elements | This action is used to retrieve the elements (IP addresses) of an IP set. |
List IP Sets | This action lists all the IP sets available in the AWS WAF application. |
Configuration Parameters
The following configuration parameters are required for the AWS WAF v2 app to communicate with the AWS WAF v2 enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Access Key ID | Enter the access key ID to access the Amazon WAF v2 application. | Text | Optional |
|
Secret Access Key | Enter the secret key to access the Amazon WAF v2 resources. | Password | Optional |
|
Note
If you have used WAF prior to this release, you cannot use this WAFV2 API to access any WAF resources that you created before. You can access your old rules, web ACLs, and other WAF resources only through the WAF Classic APIs. The WAF Classic APIs have retained the prior names, endpoints, and namespaces.
Action: Remove elements from an IP Set
This action removes elements (IP addresses) from an IP set.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Set Name | Enter the IP set name. Example: "Blocklist" | Text | Required | |
IP Set ID | Enter the IP set ID. Example: "f3b3c53c-cd83-42cc-b84e-bcbf8a1af354" | Text | Required | |
IP List | Enter the IPs to be removed from the IP set as a comma separated list. Example: ['1.1.1.1/32'] | List | Required | |
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"ip_list": [
"8.8.8.8/32"
],
"ip_set_id": "4123148c-8d3d-46fc-9c31-595fb3c46e02",
"ip_set_name": "Blocklist",
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
NextLockToken | String | A string representing the next lock token. |
Action: Add element to an IP Set
This action adds elements (IP addresses) to an IPSet in AWS WAFV2.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Set Name | Enter the IPSet name. Example: "Blocklist" | Text | Required | |
IP Set ID | Enter the IPSet ID. Example: "f3b3c53c-cd83-42cc-b84e-bcbf8a1af354" | Text | Required | |
IP List | Enter the IPs to be added to the IP set as a comma separated list. Example: ['1.1.1.1/32', '2.4.4.4/32'] | List | Required | |
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"ip_list": [
"8.8.8.8/32"
],
"ip_set_id": "4123148c-8d3d-46fc-9c31-595fb3c46e02",
"ip_set_name": "Blocklist",
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| String | A token used for optimistic locking. AWS WAF returcomma-separatedns this token for update requests. Pattern: ^[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$ |
| Object | Metadata of the HTTP response. |
Action: Get IP Set Elements
This action is used to retrieve elements (IP addresses) of an IP set.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Set Name | Enter the IP set name. Example: "Blocklist" | Text | Required | |
IP Set ID | Enter the IP set ID. Example: "f3b3c53c-cd83-42cc-b84e-bcbf8a1af354" | Text | Required | |
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"ip_set_id": "4123148c-8d3d-46fc-9c31-595fb3c46e02",
"ip_set_name": "Blocklist",
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Response |
|---|---|---|
IPSet | Object | An object containing information about an IP set. |
Name | String | The name of the IP set. |
Id | String | The ID of the IP set. |
ARN | String | The Amazon Resource Name (ARN) of the IP set. |
Description | String | The description of the IP set. |
IPAddressVersion | String | The version of IP addresses in the set. Possible values: 'IPv4', 'IPv6'. |
Addresses | Array | An array containing IP addresses. |
LockToken | String | A token used for optimistic locking. |
Action: List IP Sets
This action lists all the IP sets available in the AWS WAF.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Limit | Enter the number of results to be returned by AWS WAF. | Integer | Optional | Default value: 10 |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
NextMarker | String | The marker for the next set of results. Used for pagination. |
IPSets | Array | An array of IP sets containing information about each IP set. |
Name | String | The name of the IP set. |
Id | String | The identifier for the IP set. |
Description | String | A description of the IP set. |
LockToken | String | The lock token of the IP set, used for concurrency control. |
ARN | String | The Amazon Resource Name (ARN) of the IP set. |