AWS WAFV2
The AWS Web Application Firewall (WAF) monitors HTTP and HTTPS requests and allows you to regulate access to the content while safeguarding against web application threats.
Supported Actions and Example Prompts
The following table lists the supported actions and prompt examples for an action:
Action Name | Description | Prompt Example |
|---|---|---|
Add Element to an IP Set | This action adds elements (IP addresses) to an IP set in AWF WAFV2. For more information, see Action: Add element to an IP Set. | Add 1.1.1.1/32 and 2.4.4.4/32 to the IP set Blocklist with the ID f3b3c53c-cd83-42cc-b84e-bcbf8a1af354. |
List IP Sets | This action lists all the IP sets available in the AWS WAF application. For more information, Action: List IP Sets. | List IP sets in the AWS WAF account. |
Remove elements from an IP Set | This action removes elements (IP addresses) from an IP set. For more information, see Action: Remove elements from an IP Set. | Delete 1.2.1.2/32 from the IP set Blocklist with the ID f3b3c53c-cd83-42cc-b84e-bcbf8a1af354. |
Install and Configure the App
Install and configure the required apps to enable Quarterback AI to perform various security-related tasks and provide relevant responses. After installing an app, you must create an instance that will be used to communicate with the app endpoints. An app can have multiple instances, and you can set a default instance from the configured instance list.
Before you Start
Ensure you have the API token to authenticate with the AWS WAFV2 app.
Steps
To install and configure an app, follow these steps:
Go to the application, in the left pane, select Quarterback AI.
In Apps, select AWS WAFV2 and click Install.
After the app is installed, click Configure and enter the following details to create an instance:
Instance Name: Enter a name for the instance.
Instance Description: Enter a description for the instance.
Expiry: Select an expiry date for the instance.
Set as default instance: Select this option to set this instance as the default instance. By default, this instance will be used to perform actions from this app.
Access Key ID: Enter the access key ID to access the Amazon WAF v2 application.
Secret Access Key: Enter the secret key to access the Amazon WAF v2 resources.
Click Done.
The instance is created, and you can view it in Instances. To create another instance, click Add Instance.
Action: Add element to an IP Set
This action adds elements (IP addresses) to an IPSet in AWS WAFV2.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Set Name | Enter the IPSet name. Example: "Blocklist" | Text | Required | |
IP Set ID | Enter the IPSet ID. Example: "f3b3c53c-cd83-42cc-b84e-bcbf8a1af354" | Text | Required | |
IP List | Enter the IPs to be added to the IP set as a comma separated list. Example: ['1.1.1.1/32', '2.4.4.4/32'] | List | Required | |
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"ip_list": [
"8.8.8.8/32"
],
"ip_set_id": "4123148c-8d3d-46fc-9c31-595fb3c46e02",
"ip_set_name": "Blocklist",
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
| Object | This parameter indicates the ID of the app instance configured in Orchestrate from which the response is retrieved. |
| String | A token used for optimistic locking. AWS WAF returcomma-separatedns this token for update requests. Pattern: ^[0-9a-f]{8}-(?:[0-9a-f]{4}-){3}[0-9a-f]{12}$ |
| Object | Metadata of the HTTP response. |
Action: List IP Sets
This action lists all the IP sets available in the AWS WAF.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Limit | Enter the number of results to be returned by AWS WAF. | Integer | Optional | Default value: 10 |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
NextMarker | String | The marker for the next set of results. Used for pagination. |
IPSets | Array | An array of IP sets containing information about each IP set. |
Name | String | The name of the IP set. |
Id | String | The identifier for the IP set. |
Description | String | A description of the IP set. |
LockToken | String | The lock token of the IP set, used for concurrency control. |
ARN | String | The Amazon Resource Name (ARN) of the IP set. |
Action: Remove elements from an IP Set
This action removes elements (IP addresses) from an IP set.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
IP Set Name | Enter the IP set name. Example: "Blocklist" | Text | Required | |
IP Set ID | Enter the IP set ID. Example: "f3b3c53c-cd83-42cc-b84e-bcbf8a1af354" | Text | Required | |
IP List | Enter the IPs to be removed from the IP set as a comma separated list. Example: ['1.1.1.1/32'] | List | Required | |
Scope | Enter the scope of the IP set. | Text | Optional | Allowed values:
Default value: REGIONAL |
Region Name | Enter the region name of the AWS WAF. Example: "us-east-2" | Text | Optional |
Example Request
[
{
"ip_list": [
"8.8.8.8/32"
],
"ip_set_id": "4123148c-8d3d-46fc-9c31-595fb3c46e02",
"ip_set_name": "Blocklist",
"region_name": "us-east-2"
}
]Action Response Parameters
Parameter | Type | Description |
|---|---|---|
NextLockToken | String | A string representing the next lock token. |