Fix General Policy

globaldatanet · Jan 22, 2022 · d6b4566 · d6b4566
1 parent dc73833
commit d6b4566
Showing 1 changed file with 25 additions and 27 deletions.
diff --git a/lib/plattform-wafv2-cdk-automation-stack.ts b/lib/plattform-wafv2-cdk-automation-stack.ts
@@ -163,35 +163,33 @@ export class PlattformWafv2CdkAutomationStack extends cdk.Stack {
     {
       console.log("Creating DEFAULT Policy.")
       const novalue = null
+      let mangedrule;
+      let ExcludeRules;
+      let OverrideAction;
+      const preProcessRuleGroups = []
+      for(mangedrule of props.config.WebAcl.ManagedRuleGroups){
+        if(mangedrule.ExcludeRules){
+          ExcludeRules = toCamel(mangedrule.ExcludeRules)
+          OverrideAction = mangedrule.OverrideAction
+        }
+        else{
+          ExcludeRules = []
+          OverrideAction = { "type": "NONE" }
+        }
+        if(mangedrule.Version == ""){
+          preProcessRuleGroups.push({"managedRuleGroupIdentifier": {"vendorName": mangedrule.Vendor,
+            "managedRuleGroupName":mangedrule.Name,"version": novalue},"overrideAction": OverrideAction,
+          "ruleGroupArn": novalue,"excludeRules": ExcludeRules,"ruleGroupType": "ManagedRuleGroup"});}
+        else{
+          preProcessRuleGroups.push({"managedRuleGroupIdentifier": {"vendorName": mangedrule.Vendor,
+            "managedRuleGroupName":mangedrule.Name,"version": mangedrule.Version},"overrideAction": OverrideAction,
+          "ruleGroupArn": novalue,"excludeRules": ExcludeRules,"ruleGroupType": "ManagedRuleGroup"});}
+      }
       const securityservicepolicydata = {
         "type":"WAFV2",
         "defaultAction":{ "type":"ALLOW" },
-        "preProcessRuleGroups": [
-          {
-            "managedRuleGroupIdentifier": {
-              "vendorName": "AWS",
-              "managedRuleGroupName": "AWSManagedRulesCommonRuleSet",
-              "version": novalue
-            },
-            "overrideAction": { "type": "NONE" },
-            "ruleGroupArn": novalue,
-            "excludeRules": [],
-            "ruleGroupType": "ManagedRuleGroup"
-          }
-        ],
-        "postProcessRuleGroups": [
-          {
-            "managedRuleGroupIdentifier": {
-              "vendorName": "AWS",
-              "managedRuleGroupName": "AWSManagedRulesAmazonIpReputationList",
-              "version": novalue
-            },
-            "overrideAction": { "type": "NONE" },
-            "ruleGroupArn": novalue,
-            "excludeRules": [],
-            "ruleGroupType": "ManagedRuleGroup"
-          }
-        ],
+        "preProcessRuleGroups": preProcessRuleGroups,
+        "postProcessRuleGroups": [],
         "overrideCustomerWebACLAssociation":true,
         "loggingConfiguration": {
           "logDestinationConfigs":["${S3DeliveryStream.Arn}"]
@@ -419,7 +417,7 @@ export class PlattformWafv2CdkAutomationStack extends cdk.Stack {
                 sampledRequestsEnabled: props.config.WebAcl.Rules[statementindex].VisibilityConfig.SampledRequestsEnabled,
                 cloudWatchMetricsEnabled: props.config.WebAcl.Rules[statementindex].VisibilityConfig.CloudWatchMetricsEnabled,
                 metricName: rulename + "-metric",
-              },
+              }
             }
             CfnRuleProperties.push(CfnRuleProperty)
             rulegroupcounter++