Skip to content

Safeguarding Your ALB with AWS WAF: Creating an IP Set and Associating it

Introduction

In the dynamic landscape of web applications, security is a top priority. AWS provides an effective solution through the Web Application Firewall (WAF), allowing users to control and mitigate potential threats. This blog post guides you through the process of creating an AWS WAF IP set and associating it with an Application Load Balancer (ALB), enhancing the security posture of your applications.

Problem Statement

Web applications are susceptible to various cyber threats, including malicious IP addresses attempting to exploit vulnerabilities. AWS WAF empowers developers and administrators to implement fine-grained access controls, safeguarding web applications from potential attacks. The challenge lies in configuring AWS WAF to effectively filter and manage incoming traffic, specifically targeting an ALB.

Technical Details

Step 1: Create an IP Set

  1. Sign in to the AWS Management Console:

  2. Begin by logging in to your AWS account through the AWS Management Console.

  3. Open the AWS WAF console:

  4. Navigate to the AWS WAF console to access the necessary tools.

Step 1

Step 2: Create IP Set with Allowed or Disallowed IPs

  1. In the navigation pane, select "IP sets":

  2. Identify and choose the "IP sets" option in the navigation pane of the AWS WAF console.

  3. Choose "Create IP set":

  4. Initiate the creation of a new IP set to define the list of IP addresses that are either allowed or disallowed.

  5. Provide a name and configure IP addresses:

  6. Assign a name to the IP set and specify the list of IP addresses based on your security requirements.

  7. Create IP set:

  8. Confirm and save the configuration by choosing the "Create IP set" option.

Step 2

Step 3: Associate Web ACL with an AWS Resource (ALB)

  1. Navigate to "Web ACLs" in the AWS WAF console:

  2. Access the "Web ACLs" section to manage and configure web access control lists.

  3. Select the desired Web ACL:

  4. Choose the Web ACL that you intend to associate with an AWS resource, in this case, an ALB.

  5. Add AWS resources:

  6. On the "Associated AWS resources" tab, select "Add AWS resources" to link your Web ACL with an ALB.

Step 3

Step 4: Select ALB as the Resource Type

  1. Choose the resource type (ALB):

  2. Specify ALB as the resource type and select the ALB you want to associate with the Web ACL.

  3. Confirm the association:

  4. Click "Add" to finalize the association between the Web ACL and the chosen ALB.

Step 4

Step 5: Configure Rules for the Web ACL

  1. Move to rule configuration:

  2. After associating the ALB, proceed to the next page to configure rules for the Web ACL.

  3. Choose rule criteria:

  4. Utilize AWS managed rules or create custom rules based on your security policies.

  5. Select the IP set:

  6. Specifically, select the previously created IP set to allow or disallow traffic from specific IP addresses.

  7. Define rules and priorities:

  8. Add rules and set their priority to align with your security requirements.

Step 5a Step 5b Step 5c

Step 6: Review and Create the Web ACL

  1. Review the configured settings:

  2. Verify the settings for the Web ACL, ensuring that rules and associations are as desired.

  3. Create Web ACL:

  4. Choose "Create Web ACL" to complete the process and apply the specified rules to the associated ALB.

Step 6

Now, your ALB is protected by the configured Web ACL, leveraging the IP set to control access based on specified rules. This comprehensive setup enhances the security of your web applications, allowing you to manage and filter incoming traffic effectively. Keep in mind that there may be a brief delay before changes take effect.

By following these steps, you fortify your AWS infrastructure against potential threats, demonstrating a proactive approach to securing your web applications with AWS WAF.