Complete the code to create a Web ACL with AWS WAF.
aws wafv2 create-web-acl --name MyWebACL --scope REGIONAL --default-action Block={} --visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=[1]The MetricName must be a unique name for CloudWatch metrics. 'WebACLMetric' is a valid example.
Complete the code to add a rule to allow requests from a specific IP set.
aws wafv2 update-web-acl --name MyWebACL --scope REGIONAL --rules '[{"Name": "AllowIPSetRule", "Priority": 1, "Action": {"Allow": {}}, "Statement": {"IPSetReferenceStatement": {"ARN": "[1]"}}, "VisibilityConfig": {"SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "AllowIPSetMetric"}}]'
The IPSetReferenceStatement requires the ARN of an AWS WAF IP set. Only option C is a valid IP set ARN.
Fix the error in the JSON rule statement to block SQL injection attacks.
"Statement": {"[1]": {"FieldToMatch": {"QueryString": {}}, "TextTransformations": [{"Priority": 0, "Type": "URL_DECODE"}]}}
The correct AWS WAF statement key for SQL injection match is 'SqliMatchStatement'. It is case sensitive and must be exact.
Fill both blanks to create a rate-based rule that blocks requests over 1000 per 5 minutes.
"Rules": [{"Name": "RateLimitRule", "Priority": 1, "Action": {"Block": {}}, "Statement": {"[1]": {"Limit": [2], "AggregateKeyType": "IP"}}, "VisibilityConfig": {"SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true, "MetricName": "RateLimitMetric"}}]
The statement key for rate limiting is 'RateBasedStatement'. The limit value is the number of requests allowed, here 1000.
Fill all three blanks to define a managed rule group statement with AWS Managed Rules for common exploits.
"Statement": {"ManagedRuleGroupStatement": {"VendorName": "[1]", "Name": "[2]", "ExcludedRules": [{"Name": "[3]"}]}}
The vendor for AWS managed rules is 'AWS'. The common rule set is 'AWSManagedRulesCommonRuleSet'. 'SizeRestrictions_BODY' is a common rule to exclude.