AWS solutions documentation change
Summary
Fixed formatting issues in markdown, including backtick usage for code blocks and image references. Moved image captions and alt text for better markdown syntax. Minor punctuation fixes and whitespace adjustments.
Security assessment
The changes are purely formatting and syntax improvements in markdown. There is no indication of addressing a security vulnerability or adding new security-related content.
Diff
diff --git a/solutions/latest/security-automations-for-aws-waf/use-lambda-log-parser-json-file.md index 64fdd781b..7b87d2f47 100644 --- a/solutions/latest/security-automations-for-aws-waf/use-lambda-log-parser-json-file.md +++ b/solutions/latest/security-automations-for-aws-waf/use-lambda-log-parser-json-file.md @@ -11 +11 @@ Use Lambda log parser JSON file for HTTP Flood protectionUse Lambda log parser J -If you chose `Yes - AWS Lambda log parser` for the **Activate HTTP Flood Protection** template parameter, this solution creates a configuration file named ``<stack_name>`-waf_log_conf.json` and uploads it to the Amazon S3 bucket used to store the AWS WAF log files. To find the bucket name, refer to the **WafLogBucket** variable in the CloudFormation output. The following figure shows an example. +If you chose `Yes - AWS Lambda log parser` for the **Activate HTTP Flood Protection** template parameter, this solution creates a configuration file named ` <stack_name>-waf_log_conf.json` and uploads it to the Amazon S3 bucket used to store the AWS WAF log files. To find the bucket name, refer to the **WafLogBucket** variable in the CloudFormation output. The following figure shows an example. @@ -13 +13 @@ If you chose `Yes - AWS Lambda log parser` for the **Activate HTTP Flood Protect - +**Screenshot depicting a screen labeled AWSWAFSecurityAutomations and listing four outputs** @@ -15 +15 @@ If you chose `Yes - AWS Lambda log parser` for the **Activate HTTP Flood Protect -_**Stack outputs**_ + @@ -17 +17 @@ _**Stack outputs**_ -If you edit and overwrite the ``<stack_name>`-waf_log_conf.json` file on Amazon S3, the `Log Parser` Lambda function considers the new values when processing new AWS WAF log files. The following is a sample configuration file: +If you edit and overwrite the ` <stack_name>-waf_log_conf.json` file on Amazon S3, the `Log Parser` Lambda function considers the new values when processing new AWS WAF log files. The following is a sample configuration file: @@ -19 +19 @@ If you edit and overwrite the ``<stack_name>`-waf_log_conf.json` file on Amazon - +**Screenshot of a sample configuration file** @@ -21 +21 @@ If you edit and overwrite the ``<stack_name>`-waf_log_conf.json` file on Amazon -_**HTTP flood configuration file**_ + @@ -27 +27 @@ Parameters include the following: - * **Request threshold (required)** – The maximum acceptable requests per five minutes, per IP address. This solution uses the value you define when provisioning or updating the CloudFormation stack. + * **Request threshold (required)** \- The maximum acceptable requests per five minutes, per IP address. This solution uses the value you define when provisioning or updating the CloudFormation stack. @@ -29 +29 @@ Parameters include the following: - * **Block period (required)** – The period (in minutes) to block applicable IP addresses. This solution uses the value you define when provisioning or updating the CloudFormation stack. + * **Block period (required)** \- The period (in minutes) to block applicable IP addresses. This solution uses the value you define when provisioning or updating the CloudFormation stack. @@ -31 +31 @@ Parameters include the following: - * **Ignored suffixes** – Requests accessing this type of resource don’t count to request threshold. By default, this list is empty. + * **Ignored suffixes** \- Requests accessing this type of resource don’t count to request threshold. By default, this list is empty. @@ -33 +33 @@ Parameters include the following: - * **URI list** – Uuse this to define a custom request threshold and block period for specifics URLs. By default, this list is empty. + * **URI list** \- Uuse this to define a custom request threshold and block period for specifics URLs. By default, this list is empty. @@ -38 +38 @@ Parameters include the following: -When WAF logs arrive in the **WafLogBucket** , they will be processed by Lambda log parser function using the configurations in your configuration file. The solution writes the result to an output file named ``<stack_name>`-waf_log_out.json` in the same bucket. If the output file contains a list of the IP addresses identified as attackers, the solution adds them to the WAF IP set for **HTTP Flood** , and they’re blocked from accessing your application. If the output files have no IP addresses, check if your configuration file is valid or if the rate limit has exceeded according to the configuration file. +When WAF logs arrive in the **WafLogBucket** , they will be processed by Lambda log parser function using the configurations in your configuration file. The solution writes the result to an output file named ` <stack_name>-waf_log_out.json` in the same bucket. If the output file contains a list of the IP addresses identified as attackers, the solution adds them to the WAF IP set for **HTTP Flood** , and they’re blocked from accessing your application. If the output files have no IP addresses, check if your configuration file is valid or if the rate limit has exceeded according to the configuration file. @@ -42 +42 @@ When WAF logs arrive in the **WafLogBucket** , they will be processed by Lambda -If you chose `Yes - AWS Lambda log parser` for the **Activate Scanner & Probe Protection** template parameter, this solution creates a configuration file named ``<stack_name>`-app_log_conf.json` and uploads it to the defined Amazon S3 bucket used to store CloudFront or Application Load Balancer log files. +If you chose `Yes - AWS Lambda log parser` for the **Activate Scanner & Probe Protection** template parameter, this solution creates a configuration file named ` <stack_name>-app_log_conf.json` and uploads it to the defined Amazon S3 bucket used to store CloudFront or Application Load Balancer log files. @@ -44 +44 @@ If you chose `Yes - AWS Lambda log parser` for the **Activate Scanner & Probe Pr -If you edit and overwrite on the ``<stack_name>`-app_log_conf.json` on Amazon S3, the `Log Parser` Lambda function considers the new values when processing new AWS WAF log files. The following is a sample configuration file: +If you edit and overwrite on the ` <stack_name>-app_log_conf.json` on Amazon S3, the `Log Parser` Lambda function considers the new values when processing new AWS WAF log files. The following is a sample configuration file: @@ -46 +46 @@ If you edit and overwrite on the ``<stack_name>`-app_log_conf.json` on Amazon S3 - +**Screenshot of configuration file** @@ -48 +48 @@ If you edit and overwrite on the ``<stack_name>`-app_log_conf.json` on Amazon S3 -_**Scanners and Probes configuration file**_ + @@ -54 +54 @@ Parameters include the following: - * **Error threshold (required)** – The maximum acceptable bad requests per minute, per IP address. This solution uses the value you defined when provisioning or updating the CloudFormation stack. + * **Error threshold (required)** \- The maximum acceptable bad requests per minute, per IP address. This solution uses the value you defined when provisioning or updating the CloudFormation stack. @@ -56 +56 @@ Parameters include the following: - * **Block period (required)** – The period (in minutes) to block applicable IP addresses. This solution uses the value you defined when provisioning or updating the CloudFormation stack. + * **Block period (required)** \- The period (in minutes) to block applicable IP addresses. This solution uses the value you defined when provisioning or updating the CloudFormation stack. @@ -58 +58 @@ Parameters include the following: - * **Error codes** – Teturn status code considered errors. By default, the list considers the following HTTP status codes as errors: `400 (Bad Request)`, `401 (Unauthorized)`, `403 (Forbidden)`, `404 (Not Found)`, and `405 (Method Not Allowed)`. + * **Error codes** \- Return status code considered errors. By default, the list considers the following HTTP status codes as errors: `400 (Bad Request)`, `401 (Unauthorized)`, `403 (Forbidden)`, `404 (Not Found)`, and `405 (Method Not Allowed)`. @@ -59,0 +60 @@ Parameters include the following: + * **URI list** \- Use this to define a custom request threshold and block period for specifics URLs. By default, this list is empty. @@ -63 +63,0 @@ Parameters include the following: - * **URI list** – Use this to define a custom request threshold and block period for specifics URLs. By default, this list is empty. @@ -65,4 +65 @@ Parameters include the following: - - - -When application access logs arrive in the **AppAccessLogBucket** , the `Log Parser` Lambda function processes them using the configurations in your configuration file. The solution writes the result to an output file named ``<stack_name>`-app_log_out.json` in the same bucket. If the output file contains a list of the IP addresses identified as attackers, the solution adds them to the WAF IP set for **Scanner & Probe** and blocks them from accessing your application. If the output files have no IP addresses, check if your configuration file is valid or if the rate limit has been exceeded according to the configuration file. +When application access logs arrive in the **AppAccessLogBucket** , the `Log Parser` Lambda function processes them using the configurations in your configuration file. The solution writes the result to an output file named ` <stack_name>``-app_log_out.json` in the same bucket. If the output file contains a list of the IP addresses identified as attackers, the solution adds them to the WAF IP set for **Scanner & Probe** and blocks them from accessing your application. If the output files have no IP addresses, check if your configuration file is valid or if the rate limit has been exceeded according to the configuration file.