Last active
December 4, 2017 10:26
-
-
Save rluisr/1b182e07661b21030b4cbe8e74938eb5 to your computer and use it in GitHub Desktop.
Add AWS WAF IP List using Lambda. from Cloudfront log in S3.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict'; | |
const aws = require('aws-sdk'); | |
const zlib = require('zlib'); | |
const Promise = require('bluebird'); | |
const waf = new aws.WAF({apiVersion: '2015-08-24'}); | |
const s3 = new aws.S3({apiVersion: '2006-03-01'}); | |
let banIPList = []; | |
// config here | |
const IP_SET_ID = ''; | |
// =========== // | |
const updateWaf = params => new Promise((resolve, reject) => { | |
waf.updateIPSet(params, (err, data) => { | |
if (err) reject(err); | |
else resolve(); | |
}); | |
}); | |
const getChangeToken = () => new Promise((resolve, reject) => { | |
const params = {}; | |
waf.getChangeToken(params, (err, data) => { | |
if (err) console.log(err, err.stack); | |
else resolve(data.ChangeToken); | |
}); | |
}); | |
const updateIPSet = token => new Promise((resolve, reject) => { | |
for (let i = 0; i < banIPList.length; i += 1) { | |
const params = { | |
ChangeToken: token, | |
IPSetId: IP_SET_ID, | |
Updates: [{ | |
Action: 'INSERT', | |
IPSetDescriptor: { | |
Type: 'IPV4', | |
Value: banIPList[i] + '/32' | |
} | |
}] | |
}; | |
updateWaf(params); | |
} | |
resolve(); | |
}); | |
exports.handler = (event, context, callback) => { | |
const bucket = event.Records[0].s3.bucket.name; | |
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, | |
' ')); | |
const params = { | |
Bucket: bucket, | |
Key: key, | |
}; | |
s3.getObject(params, (err, data) => { | |
if (err) { | |
console.log(err); | |
const message = | |
`Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`; | |
console.log(message); | |
callback(message); | |
} else { | |
const bodyBuf = zlib.gunzipSync(data.Body); | |
const body = bodyBuf.toString('UTF-8'); | |
const bodyArr = body.split(/\r\n|\r|\n/); | |
for (let i = 0; i < bodyArr.length; i += 1) { | |
const accessLogArr = bodyArr[i].split(/\s/); | |
const httpStatusCode = accessLogArr[8]; | |
if (typeof httpStatusCode !== 'undefined') { | |
if (httpStatusCode.indexOf(0) != -1 && httpStatusCode !== 200) | |
banIPList.push(accessLogArr[4]); | |
} | |
} | |
banIPList = banIPList.filter((x, i, self) => { | |
return self.indexOf(x) === i; | |
}); | |
if (banIPList.length > 0) { | |
getChangeToken() | |
.then(token => token) | |
.then(Promise.coroutine(function* (token) { | |
console.log('token is: ', token); | |
yield updateIPSet(token); | |
})) | |
.then(() => callback(null, null)) | |
.catch(err => console.log(err)); | |
} | |
callback(null, null); | |
} | |
}); | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "add-waf-iplist-lambda", | |
"version": "1.0.0", | |
"description": "", | |
"main": "index.js", | |
"scripts": { | |
"test": "echo \"Error: no test specified\" && exit 1" | |
}, | |
"author": "rrr_rluisr"", | |
"license": "ISC", | |
"dependencies": { | |
"bluebird": "^3.5.1" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment