Skip to content

v1.537.2
Compare
Choose a tag to compare
@cloudposse-releaser cloudposse-releaser released this 08 Aug 01:42
· 3 commits to main since this release
v1.537.2
c9dba09
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🤖 Automatic Updates

Update README.md and docs @[cloudposse-releaser[bot]](https://github.com/apps/cloudposse-releaser) (#39) ## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

chore(deps): update terraform cloudposse/waf/aws to v1.9.0 @[renovate[bot]](https://github.com/apps/renovate) (#38) This PR contains the following updates:
Package Type Update Change
cloudposse/waf/aws (source) module minor 1.8.1 -> 1.9.0

Release Notes

cloudposse/terraform-aws-waf (cloudposse/waf/aws)

v1.9.0

Compare Source

feat: add the ability to negate `scope_down_statements` in managed rules @​RoseSecurity (#​116)

what

[!WARNING]
The WAF rules are convoluted and complex, so this change just adds a simple toggle to allow negating scope_down_statements to work with AWS' recommendation for bypassing bot control rules. This change has been testing with existing infrastructure to ensure it's backward compatible

  • Add a scope_down_not_statement_enabled to allow not_statements (NOTE: This name is not pretty, so I'm open to better names if you have any)

why

  • AWS recommends bypassing bot control rules via the following method, which adds a not_statement to the scope_down_statement for managed rules. The current implementation does not allow for this, but this addition will allow the following:
{
  "Name": "AWS-AWSBotControl-Example",
  "Priority": 5,
  "Statement": {
    "ManagedRuleGroupStatement": {
      "VendorName": "AWS",
      "Name": "AWSManagedRulesBotControlRuleSet",
      "ManagedRuleGroupConfigs": [
        {
          "AWSManagedRulesBotControlRuleSet": {
            "InspectionLevel": "COMMON"
          }
        }
      ],
      "RuleActionOverrides": [],
      "ExcludedRules": []
    },
    "VisibilityConfig": {
      "SampledRequestsEnabled": true,
      "CloudWatchMetricsEnabled": true,
      "MetricName": "AWS-AWSBotControl-Example"
    },
    "ScopeDownStatement": {
      "NotStatement": {
        "Statement": {
          "ByteMatchStatement": {
            "SearchString": "YSBzZWNyZXQ=",
            "FieldToMatch": {
              "SingleHeader": {
                "Name": "x-bypass-secret"
              }
            },
            "TextTransformations": [
              {
                "Priority": 0,
                "Type": "NONE"
              }
            ],
            "PositionalConstraint": "EXACTLY"
          }
        }
      }
    }
  }
}

testing

  • Successfully ran the following:
atmos validate stacks
atmos terraform apply waf -s <stack>

references

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Assets 2
Loading