TypeScript icon, indicating that this package has built-in type declarations

    0.1.3 • Public • Published

    Aligent AWS WAF


    This repository defines a CDK construct for provisioning an AWS Web Application Firewall (WAF) stack. It can be imported and used within CDK application. ##Example The following CDK snippet can be used to provision the an AWS WAF stack.

    import 'source-map-support/register';
    const cdk = require('@aws-cdk/core');
    import { WebApplicationFirewall } from '@aligent/cdk-waf';
    import { Stack } from '@aws-cdk/core';
    import { Environment } from '@aws-cdk/core'
    import { env } from 'node:process';
    const preprodEnv: Environment = {account: '<TargetAccountId-Preprod>', region: '<TargetAccountRegion-Preprod>'};
    const target = '<TargetAccountIdentifier>';
    const appName = 'WAF';
    const defaultAllowedIPs = [
         'a.a.a.a/32', 'b.b.b.b/32',     // Offices
         'c.c.c.c/32', 'd.d.d.d/32',     // Payment Gateways
    export const preProductionWafStackProps = {
    env: preprodEnv,
         activate: true,  // Update this line with either true or false, defining Block mode or Count-only mode, respectively.  
         allowedIPs: defaultAllowedIPs.concat([
                   'y.y.y.y/32' // AWS NAT GW of preprod vpc
                   // environment-specific comma-separated allow-list comes here
         allowedUserAgents: [],  // Allowed User-Agent list that would have been blocked by AWS BadBot rule. Case-sensitive. Optional.
         excludedAwsRules: [],   // The rule to exclude (override) from AWS-managed RuleSet. Optional.
         associatedLoadBalancerArn: '<ArnOfPreproductionFrontendALB>',
         wafName: <NAME>
    class WAFStack extends Stack {
      constructor(scope: Construct, id: string, props: preprodEnv) {
        super(scope, id, props);
        new WebApplicationFirewall(scope, 'waf-stack', prod);
    new WAFStack(scope, envName, preProductionWafStackProps);

    Monitor and activate

    By default, WebACL this stack creates will work in COUNT mode to begin with.After a certain period of monitoring under real traffic and load, apply necessary changes, e.g. IP allow_list or rate limit, to avoid service interruptions before switching to BLOCK mode.

    Local development

    NPM link can be used to develop the module locally.

    1. Pull this repository locally
    2. cd into this repository
    3. run npm link
    4. cd into the downstream repo (target project, etc) and run npm link 'aws-waf-stack' The downstream repository should now include a symlink to this module. Allowing local changes to be tested before pushing.




    npm i @aligent/cdk-waf

    DownloadsWeekly Downloads






    Unpacked Size

    118 kB

    Total Files


    Last publish


    • aligent-bot
    • aligent-danielvanderploeg
    • luke-denton-aligent
    • jarrod.swift
    • john.smith.aligent