e-moshaya / terraform-aws-waf-webacl-supporting-resources

A module to create several resources needed by AWS WAF WebACL.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

terraform-aws-waf-webacl-supporting-resources

This repository contains a module to create several resources needed by AWS WAF WebACL to:

  • Enable logging of traffic information[1].
  • Store logs in Parquet format[2] for more optimized query using Athena[3].
  • Provision query-ready Athena Database and Table which based on AWS Glue Data Catalog [4].

Based on the diagram above, the resources going to be created are:

  • S3 Bucket to store all traffic logs.
  • Kinesis Data Firehose[5] to deliver traffic logs from WAF WebACL to the S3.
  • Cloudwatch Log Group and Stream to store the Firehose delivery error information.
  • AWS Glue Catalog Database and Table which store metadata/schema of the log data.
    • One function of those resources is to make it possible the conversion from JSON to Parquet.
    • The other function is to provision Amazon Athena Database and Table which is ready to use to perform queries.
  • IAM Role and Permissions for the Firehose to do all those actions above.

Please Note: This module WILL NOT CREATE AWS WAF Rules and WebACL.

If you are wondering what kind of rules that you should create to protect your App, you might want to take a look at Related Modules section below.

Also, to get a full picture on how to make use of this module together with AWS WAF WebACL and Rules, check Examples section.

References

Examples

AWS WAF is divided into two, Global and Regional resources. Read this to understand better. These examples provided will tell you more on how they are implemented:

Related Modules

Author

Rafi Kurnia Putra

License

Apache 2 Licensed. See LICENSE for full details.

About

A module to create several resources needed by AWS WAF WebACL.

License:Apache License 2.0


Languages

Language:HCL 100.0%