.WAF Managed Rules updates Slack Notification

On August 9, 2021 AWS WAF released a managed rule group versioning feature. This feature is enabling you to select a specific version of a managed rule group within your web ACL, giving you the ability to test new rule updates safely and roll back to previously tested versions. In addition, AWS WAF now provides early notifications of upcoming rule updates to your managed rule groups through Amazon Simple Notification Service (Amazon SNS). This automation will send slack notifactions of managed rule updates for a specific managed rule group.

To retrieve the Amazon SNS topic ARN for a managed rule group you need to do the following:

Console

• (Option) When you add the managed rule group to your web ACL, choose Edit to see the rule group's information, which includes the rule group's Amazon SNS topic ARN.
• (Option) After you've added the managed rule group into your web ACL, edit the web ACL, then select and edit the rule group rule to see the rule group's Amazon SNS topic ARN.

API – DescribeManagedRuleGroup

CLI – aws wafv2 describe-managed-rule-group --scope REGIONAL --vendor-name --name <managedrule_name>

Deployment

1. Follow the documentation to get a Webhook for your Slack channel
2. Upload 'MANAGEDRULE.png' as a custom emoji called 'managedrule' to Slack.
3. Add your Webhook to WebhookUrl Parameters file in values/values.json
4. Deploy the solution via taskfile
   task deploy

After deployment you can trigger the Lambda with the following test event to see and example notification

{
  "Type": "Notification",
  "MessageId": "4286b830-a463-5e61-bd15-e1ae72303868",
  "TopicArn": "arn:aws:sns:us-west-2:123456789012:MyTopic",
  "Subject": "New version available for rule group AWSManagedRulesCommonRuleSet",
  "Message": "Welcome to AWSManagedRulesCommonRuleSet version 1.5! We've updated the regex specification in this version to improve protection coverage, adding protections against insecure deserialization. For details about this change, see http://updatedPublicDocs.html. Look for more exciting updates in the future! ",
  "Timestamp": "2021-08-24T11:12:19.810Z",
  "SignatureVersion": "1",
  "Signature": "EXAMPLEHXgJm...",
  "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem",
  "SubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37...",
  "MessageAttributes": {
    "major_version": {
      "Type": "String",
      "Value": "v1"
    },
    "managed_rule_group": {
      "Type": "String",
      "Value": "AWSManagedRulesCommonRuleSet"
    }
  }
}

Example Event:

We hope you will find this solution helpful to get notifications for managed rules updates! If you have any feedback, please feel free to reach out to us or open a github issue.