Loading...
Back

Getting started with WafCharm (AWS WAF v2)

AWS WAF v2New PlanOld PlanUsage

Overview

This article explains how to get started with WafCharm.

If you already have a WafCharm account or any resources, please start from the next step.

  1. Create a WafCharm account
  2. Register credential information
  3. Register WAF Config

1. Create a WafCharm account

If you do not have a WafCharm account, please sign up first. If you already have a WafCharm account, please sign in.

  1. Open the sign-up page.
  2. Enter your email address and password.
  3. Click [Sign up].
  4. Check the confirmation email sent to your email address.
  5. Click on the [Confirm] link in the confirmation email.

    Registration is complete if the page with the message "Email address has been successfully verified" shows up.

    Your account registration will not be complete unless you confirm your email address. Please complete this step and proceed.

  6. Click [Sign in] to sign in to the WafCharm Console.
  7. Enter your account's information
  8. Please read the terms of service and check the [Please check if you have read and agree to the Terms of service and the other policies] checkbox.
  9. Click [Save].

2. Register credential information

This step will grant WafCharm permission to access your AWS resources.

  1. Click [Credential] on the left menu
  2. Select one of the credential registration methods from the [Add] section (listed below)
    • Create an IAM Role and register it (Create a new IAM role with CloudFormation)
    • Use an existing IAM Role (Create an IAM role on the AWS management console first and then register the information)
    • Use an existing IAM User (Create an IAM user on the AWS management console first and register the keys)
  3. Register credential information using the manual below

    How to configure Credential Store for AWS WAF v2 (new plan/MP ver.)

    How to configure Credential Store for AWS WAF Classic/AWS WAF v2 (old plan)

3. Register WAF Config

WafCharm will apply rules to your web ACL by registering your web ACL information.

  1. Click [WAF] on the left menu
  2. Click [Add] in the upper right corner.
  3. Register WAF Config with the credential information you created by following the manual below

    How to configure WAF Config for AWS WAF v2

  4. Check your settings and operations after registering a WAF Config.

    How to change rule actions for AWS WAF v2

    Operation check after setting up for AWS WAF v2

Limitations and Notes

  • Legacy rule policy can only be used with ALB, CloudFront, or API Gateway and is not available for other resources.
  • You can attach Amazon Cognito to a web ACL using the Advanced rule policy with the limitations below.
    • It is not recommended to use the dynamic denylist feature. If you use Amazon Cognito, please refrain from enabling the WAF log retrieval option.
    • In accordance with the above, using the same web ACL with ALB and other resources is also not recommended. If you use WafCharm with a web ACL attached to Amazon Cognito, we recommend preparing a web ACL per resource.