An IT firm is using AWS WAF in front of Amazon API Gateway.
Recently the operations team has observed malicious traffic hitting API Gateway and has created an updated AWS WAF ACL to prevent this traffic from impacting API Gateway.
As a Sysops administrator, you are assigned to test the Web ACL before applying to API Gateway in the production environment. Which is the correct action to test the web ACL rules without any impact on production traffic?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
For testing new Web ACLs in AWS WAF to avoid an impact on the production network, the following configurations can be done.
Configure all the rules in a web ACL to count web requests.
Set the default action for the web ACL to allow requests.
Option A is incorrect as rules should be part of web ACL and not part of the rules group.
Option C is incorrect as default action should be kept as allow and not block; it will deny all legitimate traffic within the production environment.
Option D is incorrect as rules should be part of web ACL and not part of the rules group.
For more information on testing web ACLs with AWS WAF, refer to the following URL,
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.htmlAs a SysOps Administrator, you want to test the updated AWS WAF ACL before applying it to the API Gateway in the production environment. The objective of this test is to ensure that the web ACL rules are working as expected and won't impact the production traffic in any way.
To accomplish this objective, the recommended approach is to configure all rules in the web ACL to count the request and set the default action to allow. This approach will allow you to test the rules without blocking any traffic. The correct answer, in this case, is option A.
Option A: Configure all rules in a rules group to count the request and set the default action as allow. This option is correct because it allows you to test the rules without blocking any traffic. When you set the default action to allow, the WAF rules will only count the requests that match the rules, but won't block them. This way, you can test the rules to ensure that they are working as expected and adjust them if necessary before applying the changes to the production environment.
Option B: Configure all rules in a web ACL to count the request and set the default action as allow. This option is similar to option A, but instead of configuring the rules in a rules group, you configure them in a web ACL. However, the principle is the same, and this option is also valid.
Option C: Configure all rules in a web ACL to count the request and set the default action as a block. This option is not recommended because it will block all traffic that matches the rules, including legitimate traffic. Applying this option to the production environment without testing it first can lead to unintended consequences, such as blocking legitimate traffic and impacting the business operations.
Option D: Configure all rules in a rules group to count the request and set the default action as a block. This option is similar to option C, but it configures the rules in a rules group instead of a web ACL. As in option C, this option is not recommended because it can block legitimate traffic and impact the business operations.