Revisions - Security Automations for AWS WAF

Revisions

Date Change
September 2016 Initial release
January 2017 Clarification on IP address limits in this solution
March 2017 Additional guidance on creating a cache behavior; updated URLs for AWS Security Blog posts
June 2017 Added ALB support and updated product limits
November 2017 Added rate-based rule support for HTTP flood protection; additional links for storing resource access logs
January 2018 Updated content on regional availability of AWS WAF for Application Load Balancers
December 2018 Added IPv6 Support, expanded CIDR ranges, and added a monitoring dashboard
April 2019 AWS WAF logs integration, Amazon Athena integration, and added a configurable log parser
December 2019 Added information on support for Node.js update
February 2020 Bug fixes and update to the RequestThreshold parameter
June 2020 Added Athena cost optimization using partitioning; updated README instruction; fixed a potential DoS issue within Bad Bots X-Forward-For header
July 2020 Upgrade from AWS WAF Classic to AWS WAFV2 service API
November 2020 Release version 3.1.0: clarification on HTTP Flood Protection and Scanner & Probe Protection rules for specific Regions; replaced S3 path-type with virtual-hosted style; added partition variable to all ARNs; for more information, refer to the CHANGELOG.md file in the GitHub repository
September 2021 Release version 3.2.0: Added IP retention support on Allowed and Denied IP Sets; bug fixes. For more information, refer to the CHANGELOG.md file in the GitHub repository
August 2022 Release version 3.2.1: Added support on WAF oversize handling for request components; added support on WAF sensitivity levels for SQL injection rule statements. For more information, refer to the CHANGELOG.md file in the GitHub repository
September 2022 Updated documentation for customization outside of the solution’s CloudFormation stack
December 2022 Release version 3.2.2: Added integration with Service Catalog AppRegistry and AWS Systems Manager Application Manager. For more information, refer to the CHANGELOG.md file in the GitHub repository
December 2022 Release version 3.2.3: Add region as prefix to application attribute group name to avoid conflict with name starting with AWS. For more information, refer to the CHANGELOG.md file in the GitHub repository
February 2023 Release version 3.2.4: Upgraded pytest and requests to mitigate CVE. For more information, refer to the CHANGELOG.md file in the GitHub repository
March 2023 Updated documentation for upgrading solution from version 3.0 or 3.1 to 3.2 or newer that has allowed or denied IP addresses
April 2023 Release version 3.2.5: Mitigated impact caused by new default settings for Amazon S3 Object Ownership (ACLs disabled) for all new Amazon S3 buckets. For more information, refer to the CHANGELOG.md file in the GitHub repository
May 2023 Release version 4.0.0: Added support for new AWS Managed Rules rule groups and updated custom rules. For more information, refer to the CHANGELOG.md file in the GitHub repository
May 2023 Release version 4.0.1: Updated .gitignore file to resolve issue of missing files. For more information, refer to the CHANGELOG.md file in the GitHub repository
September 2023 Release version 4.0.2: Refactored code to improve quality. Patched request package vulnerability. For more information, refer to the CHANGELOG.md file in the GitHub repository
October 2023 Release version 4.0.3: Updated package versions to resolve security vulnerabilities. For more information, refer to the CHANGELOG.md file in the GitHub repository
November 2023 Documentation update: Added AWS Developer Support and merged Contact AWS Support into the Troubleshooting section.
November 2023 Documentation update: Added Confirm cost tags associated with the solution to the Monitoring the solution with AWS Service Catalog AppRegistry section.