Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate Shield count rules to block #7975

Closed
3 tasks done
dms1981 opened this issue Sep 19, 2024 · 4 comments
Closed
3 tasks done

Migrate Shield count rules to block #7975

dms1981 opened this issue Sep 19, 2024 · 4 comments
Assignees
@Khatraf
Labels
security support

Comments

@dms1981
Copy link
Contributor

dms1981 commented Sep 19, 2024
edited by Khatraf
Loading

User Story

As a Modernisation Platform Engineer
I want to help customers implement AWS Shield in production environments
So that they are actively protected against DDOS attacks

Value / Purpose

AWS Shield Advanced is enabled by default across the Modernisation Platform.
As part of #7185 we helped customers to move any click-ops code across to infrastructure-as-code. Some customers have production accounts with count rules which will need to be changed to block for AWS Shield Advanced to actively protect in situations where traffic exceeds a predefined threshold.

A significant number of customers will be managing their AWS Shield WAFv2 ACL rules themselves and so will not fall directly into this ticket, but if time allows we can check *-production accounts to see if any customers are currently using count instead of block after a suitable evaluation period

Useful Contacts

No response

Additional Information

The following accounts still appear to have count set for their AWS WAFv2 ACL rules as part of AWS Shield:

  • cdpt-chaps
  • cdpt-ifs
  • equip
  • ppud

Definition of Done

  • Owners informed of count being present
  • Rules changed to block after discussion with owners
  • If time allows, other production accounts checked for presence of count.
@dms1981 dms1981 mentioned this issue Sep 19, 2024
Closed
3 tasks
@dms1981 dms1981 changed the title Migrate Shield count rules to `block Migrate Shield count rules to block Sep 30, 2024
@Khatraf Khatraf self-assigned this Sep 30, 2024
@Khatraf Khatraf moved this from To Do to In Progress in Modernisation Platform Oct 1, 2024
@Khatraf
Copy link
Contributor

Khatraf commented Oct 3, 2024

Modified WAF rule action from count to block for 2 accounts:
PR for cdpt-chaps
PR for cdpt-ifs

For equip and ppud, I have increased the threshold and kept the action as count for continued monitoring.

@Khatraf
Copy link
Contributor

Khatraf commented Oct 9, 2024

Accounts that have a count action for their AWS WAFv2 ACL rules are:
Pra-register, tipstaff, wardship, ncas and dacp production accounts. Emailed DTS team to inform them and suggested changing it to block if they are satisfied that the current thresholds have been appropriately configured and have not been breached.

@Khatraf
Copy link
Contributor

Khatraf commented Oct 14, 2024

Changed the WAF rule actions to block for equip and ppud production accounts:
PR for equip
PR for ppud

@markgov
Copy link
Contributor

markgov commented Oct 14, 2024

I have checked everything and it all looks good closing issue

@markgov markgov closed this as completed Oct 14, 2024
@github-project-automation github-project-automation bot moved this from For Review to Done in Modernisation Platform Oct 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Khatraf Khatraf

Labels
security support
Projects
Modernisation Platform
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dms1981 @markgov @Khatraf