From 850eb29b41f4087c52f05333ae3e5c11c9a7d08a Mon Sep 17 00:00:00 2001 From: Shu Jackson Date: Fri, 2 Dec 2022 22:01:04 -0500 Subject: [PATCH] Add AppRegistry integration --- CHANGELOG.md | 3 + .../aws-waf-security-automations.template | 65 +++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 077ceb9..4a0618c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.2.2] - 2022-12-05 +### Added +- Added AppRegistry integration ## [3.2.1] - 2022-08-30 ### Added - Added support for configuring oversize handling for requests components diff --git a/deployment/aws-waf-security-automations.template b/deployment/aws-waf-security-automations.template index dd943fd..fda9f35 100644 --- a/deployment/aws-waf-security-automations.template +++ b/deployment/aws-waf-security-automations.template @@ -364,6 +364,9 @@ Mappings: QueryScheduledRunTime: 5 # by default athena query runs every 5 minutes, update it if needed UserAgent: UserAgentExtra: 'AwsSolution/SO0006/%VERSION%' + AppRegistry: + AppRegistryApplicationName: 'waf-security-automations' + SolutionName: 'WAF Security Automations' Resources: @@ -2222,6 +2225,68 @@ Resources: FunctionName: !GetAtt RemoveExpiredIP.Arn StartingPosition: LATEST + # AppRegistry Application + Application: + Type: AWS::ServiceCatalogAppRegistry::Application + Properties: + Description: Service Catalog application to track and manage all your resources for the solution WAF Security Automations. The SolutionID is SO0006 and SolutionVersion is %VERSION%. + Name: + !Join + - "-" + - - !FindInMap [Solution, AppRegistry, "AppRegistryApplicationName"] + - !Ref AWS::Region + - !Ref AWS::AccountId + - !Ref AWS::StackName + Tags: { + 'Solutions:SolutionID': !FindInMap [Solution, Data, "SolutionID"], + 'Solutions:SolutionVersion': "%VERSION%", + 'Solutions:SolutionName': !FindInMap [Solution, AppRegistry, "SolutionName"], + 'Solutions:ApplicationType': 'AWS-Solutions', + } + + AppRegistryApplicationStackAssociation: + Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation + Properties: + Application: !GetAtt Application.Id + Resource: + !Ref AWS::StackId + ResourceType: CFN_STACK + + AppRegistryApplicationStackAssociationNestedStackWebACL: + Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation + Properties: + Application: !GetAtt Application.Id + Resource: + !Ref WebACLStack + ResourceType: CFN_STACK + + AppRegistryApplicationStackAssociationNestedStackFirehoseAthena: + Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation + Condition: CreateFirehoseAthenaStack + Properties: + Application: !GetAtt Application.Id + Resource: + !Ref FirehoseAthenaStack + ResourceType: CFN_STACK + + DefaultApplicationAttributes: + Type: AWS::ServiceCatalogAppRegistry::AttributeGroup + Properties: + Name: !Ref AWS::StackName + Description: Attribute group for solution information. + Attributes: + { "ApplicationType" : 'AWS-Solutions', + "Version": "%VERSION%", + "SolutionID": !FindInMap [Solution, Data, "SolutionID"], + "SolutionName": !FindInMap [Solution, AppRegistry, "SolutionName"] + } + + AppRegistryApplicationAttributeAssociation: + Type: AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation + Properties: + Application: !GetAtt Application.Id + AttributeGroup: !GetAtt DefaultApplicationAttributes.Id + Outputs: BadBotHoneypotEndpoint: Description: Bad Bot Honeypot Endpoint