This collection of Amazon Network Firewall templates, demonstrates automated approaches involving an AWS Network Firewall Rule Group, paired with an AWS Lambda function to perform steps like, parsing an external source, and keeping the Rule Group automatically up to date.
This project consists of CloudFormation Templates and snippets of source code that demonstrate the functional aspects of the approach.
- Examples of using URLs hosting IP addresses, hostnames, or Suricata rules from https://abuse.ch
- Example of using URLs hosting IP addresses, hostnames, or Suricata rules from https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
- Examples of using URLs hosting IP addresses, hostnames, or Suricata rules from https://www.spamhaus.org
- An example that uses an Amazon Network Firewall Domain List, partnered with a stateful Suricata rule group to fetch and enforce the TLS Fingerprint of the domain
- Examples of using URLs hosting IP addresses, hostnames, or Suricata rules from https://check.torproject.org/exit-addresses
- Clone the repository:
- Using AWS CloudFormation, create a Stack from the templates available in the deploment folders from where you cloned the deployment assets.
This sample code is made available under the MIT-0 license. See the LICENSE file.