Step 0, 3

Author: matteofigus

README.md

@@ -6,65 +6,14 @@ A workshop about [AWS WAF](https://aws.amazon.com/waf/) and the [WAF Security Au
 
 > Warning: This project is currently being developed and the code shouldn't be used in production.
 
-### usage 
+# Prerequisites
 
-- create a VPC, add two public subnets in two separate AZs
-- point an ALB at an AutoScaling Group
-- allow http:80 access
-- instantiate EC2s with a running webserver
+To deploy the application you will require an AWS account. If you don’t already have an AWS account, create one at <https://aws.amazon.com> by following the on-screen instructions. Your access to the AWS account must have IAM permissions to launch AWS CloudFormation templates that create IAM roles.
 
+### [Step 0 - Deploy the Cloudformation Stacks](docs/step-0.md)
+### [Step 1 - Getting Started with AWS WAF Security Automations Solution](docs/step-1.md)
+### [Step 2 - Customising and extending AWS WAF Security Automations Solution](docs/step-2.md)
 
-#### deploy
-
-`aws s3 mb s3://$BUCKETNAME`
-> bucket must be created in same region as deployment
-
-`aws cloudformation  package  --template-file main.template   --s3-bucket $BUCKETNAME   --s3-prefix stacks   --output-template-file rootstack  --force-upload`
-
-`aws cloudformation deploy --template-file rootstack --stack-name WAFDEMO  --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND && aws cloudformation list-exports --query 'Exports[].{Name: Name, Value: Value}'`
-
-`aws cloudformation delete-stack --stack-name WAFDEMO && rm rootstack.json`
-
-
-#### TODO  
-- convert config to inst and add cfn-sig?
-- cloudwatch dashboards
-- use fargate?
-
-
-#### userdata to spin up sample web servers on **port 80**
-
-*httpserver on python2.7:* no special installs  nor updates required, so quick to spin up
-
-```
-#!/bin/bash
-echo "<h1>Hello AWS WAF Security Automations</h1>" > index.html
-python -m SimpleHTTPServer 80 .
-```
-
-*default example:* provided by US builders for waf demo
-```
-#!/bin/bash
-sudo yum update -y
-sudo yum install -y httpd
-sudo systemctl enable httpd
-sudo touch /var/www/html/index.html
-sudo chmod 666 /var/www/html/index.html
-echo "<h1>Hello AWS WAF Security Automations</h1>" > /var/www/html/index.html
-sudo systemctl restart httpd
-```
-
-*juiceshop:* full fledged vulnerable site
-
-```
-#!/bin/bash
-yum update -y
-yum install -y httpd-tools
-yum install -y docker
-service docker start
-docker pull bkimminich/juice-shop\ndocker run -d -p 80:3000 bkimminich/juice-shop
-```
-
-## License
+# License
 
 This library is licensed under the MIT-0 License. See the LICENSE file.

docs/deploy-to-aws.png

@@ -0,0 +1,43 @@
+# Step 0 - Deploy the Cloudformation Stacks
+
+To run the lab, you will need to deploy the [WAF Security Automations Solution](https://aws.amazon.com/solutions/aws-waf-security-automations/) and a sample Web App that we'll use for testing.
+
+## Deploy the WAF Security Automations Solution
+
+|Region|Launch Template|
+|------|---------------|
+|**US East (N. Virginia)** (us-east-1) | [![Deploy AWS WAF Security Automations Solution](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=AWSWAFSecurityAutomations&templateURL=https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/v2.3.0/aws-waf-security-automations.template)|
+|**US East (Ohio)** (us-east-2) | [![Deploy AWS WAF Security Automations Solution](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/new?stackName=AWSWAFSecurityAutomations&templateURL=https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/v2.3.0/aws-waf-security-automations.template)|
+|**US West (Oregon)** (us-west-2) | [![Deploy AWS WAF Security Automations Solution](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=AWSWAFSecurityAutomations&templateURL=https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/v2.3.0/aws-waf-security-automations.template)|
+|**EU (Ireland)** (eu-west-1) | [![Deploy AWS WAF Security Automations Solution](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=AWSWAFSecurityAutomations&templateURL=https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/v2.3.0/aws-waf-security-automations.template)|
+|**EU (London)** (eu-west-2) | [![Deploy AWS WAF Security Automations Solution](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/new?stackName=AWSWAFSecurityAutomations&templateURL=https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/v2.3.0/aws-waf-security-automations.template)|
+
+Step by step instructions:
+* Provide your stack with a unique name. *Note: Be careful not to exceed the 64-character stack name limit*
+* Provide the following template parameters:
+  * **Activate HTTP Flood Protection** = "yes - AWS Lambda log parser"
+  * **Activate Scanner & Probe Protection** = "yes - Amazon Athena log parser"
+  * **Endpoint Type** = "ALB"
+  * **Application Access Log Bucket Name** (must be all lower case to match regex) = `<enter a random bucket name here>`
+  * Leave all other parameters set to their default values.
+* Continue through the remaining pages using the default values.
+* On the final page, check the box at the bottom allowing AWS CloudFormation to create IAM resources with custom names.
+* Click the orange "Create stack" button at the bottom-right of the page to deploy the stack into your account.
+ 
+## Deploy the sample Web App
+
+|Region|Launch Template|
+|------|---------------|
+|**US East (N. Virginia)** (us-east-1) | [![Deploy WAF Workshop Sample Web App](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=WAFWorkshopSampleWebApp&templateURL=https://solution-builders-us-east-1.s3.us-east-1.amazonaws.com/aws-waf-workshop/latest/main.template)|
+|**US East (Ohio)** (us-east-2) | [![Deploy WAF Workshop Sample Web App](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/new?stackName=WAFWorkshopSampleWebApp&templateURL=https://solution-builders-us-east-2.s3.us-east-2.amazonaws.com/aws-waf-workshop/latest/main.template)|
+|**US West (Oregon)** (us-west-2) | [![Deploy WAF Workshop Sample Web App](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=WAFWorkshopSampleWebApp&templateURL=https://solution-builders-us-west-2.s3.us-west-2.amazonaws.com/aws-waf-workshop/latest/main.template)|
+|**EU (Ireland)** (eu-west-1) | [![Deploy WAF Workshop Sample Web App](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=WAFWorkshopSampleWebApp&templateURL=https://solution-builders-eu-west-1.s3.eu-west-1.amazonaws.com/aws-waf-workshop/latest/main.template)|
+|**EU (London)** (eu-west-2) | [![Deploy WAF Workshop Sample Web App](docs/deploy-to-aws.png)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-2#/stacks/new?stackName=WAFWorkshopSampleWebApp&templateURL=https://solution-builders-eu-west-2.s3.eu-west-2.amazonaws.com/aws-waf-workshop/latest/main.template)|
+
+Step by step instructions:
+* Provide your stack with a unique name. *Note: Be careful not to exceed the 64-character stack name limit*
+* Continue through the remaining pages using the default values.
+* On the final page, check the box at the bottom allowing AWS CloudFormation to create IAM resources with custom names.
+* Click the orange "Create stack" button at the bottom-right of the page to deploy the stack into your account.
+
+# [Next step](step-2.md)

docs/step-0.md

@@ -0,0 +1,3 @@
+# Step 1 - Getting Started with AWS WAF Security Automations Solution
+
+# [Next step](step-2.md)

docs/step-1.md

@@ -0,0 +1,3 @@
+# Step 2 - Customising and extending AWS WAF Security Automations Solution
+
+# [Next step](step-3.md)

docs/step-2.md

@@ -0,0 +1,4 @@
+# Step 3 - Optional Challenge - Integrate AWS WAF datapoints to AWS Security Hub
+
+* [Enable AWS Security hub](https://console.aws.amazon.com/securityhub/home?region=us-east-1#/onboard)
+* Create an automation ([like this one](https://www.imperva.com/blog/imperva-integration-with-aws-security-hub-expanding-customer-security-visibility/)) to ingest AWS WAF Alert to AWS Security Hub. More info about AWS Security Hub custom providers [here](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-providers.html)

docs/step-3.md

@@ -1,7 +1,7 @@
 AWSTemplateFormatVersion: '2010-09-09'
 Description: Workshop about AWS WAF and WAF Security Automations Solution (uksb-1q1gt3g5d)
 Metadata:
-  Version: '0.1'
+  Version: '0.2'
   AWS::CloudFormation::Interface:
     ParameterGroups:
       - Label: