Skip to content

Web Application Firewall (WAF)

Web Application Firewall (WAF) is a service provided by Amazon Web Services (AWS) that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. WAFv2 is the latest version of WAF, and it allows you to specify a single set of rules to protect your web applications, APIs, and mobile applications from common attack patterns, such as SQL injection and cross-site scripting.

LocalStack allows you to use the WAFv2 APIs for offline web application firewall jobs in your local environment. The supported APIs are available on our API Coverage section, which provides information on the extent of WAFv2 integration with LocalStack.

This guide is for users who are familiar with the AWS CLI and awslocal wrapper script.

Start your LocalStack container using your preferred method. We will walk you through creating, listing, tagging, and viewing tags for Web Access Control Lists (WebACLs) using the Web Application Firewall (WAF) service in a LocalStack environment using the AWS CLI.

Start by creating a Web Access Control List (WebACL) using the CreateWebACL API. Run the following command to create a WebACL named TestWebAcl:

Terminal window
awslocal wafv2 create-web-acl \
--name TestWebAcl \
--scope REGIONAL \
--default-action Allow={} \
--visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=TestWebAclMetrics
Output
{
"Summary": {
"Name": "TestWebAcl",
"Id": "f94fd5bc-e4d4-4280-9f53-51e9441ad51d",
"Description": "",
"ARN": "arn:aws:wafv2:us-east-1:000000000000:regional/webacl/TestWebAcl/f94fd5bc-e4d4-4280-9f53-51e9441ad51d"
}
}

Note the Id and ARN from the output, as they will be needed for subsequent commands.

To view all the WebACLs you have created, use the ListWebACLs API. Run the following command to list the WebACLs:

Terminal window
awslocal wafv2 list-web-acls --scope REGIONAL
Output
{
"NextMarker": "Not Implemented",
"WebACLs": [
{
"Name": "TestWebAcl",
"Id": "f94fd5bc-e4d4-4280-9f53-51e9441ad51d",
"Description": "",
"ARN": "arn:aws:wafv2:us-east-1:000000000000:regional/webacl/TestWebAcl/f94fd5bc-e4d4-4280-9f53-51e9441ad51d"
}
]
}

Tagging resources in AWS WAF helps you manage and identify them. Use the TagResource API to add tags to a WebACL. Run the following command to add a tag to the WebACL created in the previous step:

Terminal window
awslocal wafv2 tag-resource \
--resource-arn arn:aws:wafv2:us-east-1:000000000000:regional/webacl/TestWebAcl/f94fd5bc-e4d4-4280-9f53-51e9441ad51d \
--tags Key=Name,Value=AWSWAF

After tagging your resources, you may want to view these tags. Use the ListTagsForResource API to list the tags for a WebACL. Run the following command to list the tags for the WebACL created in the previous step:

Terminal window
awslocal wafv2 list-tags-for-resource \
--resource-arn arn:aws:wafv2:us-east-1:000000000000:regional/webacl/TestWebAcl/f94fd5bc-e4d4-4280-9f53-51e9441ad51d
Output
{
"TagInfoForResource": {
"ResourceARN": "arn:aws:wafv2:us-east-1:000000000000:regional/webacl/TestWebAcl/f94fd5bc-e4d4-4280-9f53-51e9441ad51d",
"TagList": [
{
"Key": "Name",
"Value": "AWSWAF"
}
]
}
}
OperationImplementedImage
Page 1 of 0