{"id":20697436,"url":"https://github.com/epomatti/aws-apprunner-waf","last_synced_at":"2026-04-24T13:03:45.669Z","repository":{"id":55638328,"uuid":"522347866","full_name":"epomatti/aws-apprunner-waf","owner":"epomatti","description":"AWS App Runner with WAF Web ACLs","archived":false,"fork":false,"pushed_at":"2024-01-23T12:26:46.000Z","size":128,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-11T02:51:11.552Z","etag":null,"topics":["aws","aws-apprunner","aws-ecr","aws-security","aws-waf","iam","sqli","sqlinjection","terraform","waf"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/epomatti.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-07T23:26:16.000Z","updated_at":"2024-09-25T03:26:37.000Z","dependencies_parsed_at":"2024-11-17T00:20:42.823Z","dependency_job_id":"afafa18e-2e1f-4a13-9e52-b4b05b58083f","html_url":"https://github.com/epomatti/aws-apprunner-waf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/epomatti/aws-apprunner-waf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-apprunner-waf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-apprunner-waf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-apprunner-waf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-apprunner-waf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/epomatti","download_url":"https://codeload.github.com/epomatti/aws-apprunner-waf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/epomatti%2Faws-apprunner-waf/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32224413,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T10:26:35.452Z","status":"ssl_error","status_checked_at":"2026-04-24T10:25:27.643Z","response_time":64,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-apprunner","aws-ecr","aws-security","aws-waf","iam","sqli","sqlinjection","terraform","waf"],"created_at":"2024-11-17T00:18:04.684Z","updated_at":"2026-04-24T13:03:45.648Z","avatar_url":"https://github.com/epomatti.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS App Runner + WAF \u0026 X-Ray\n\nAWS App Runner using WAF rules.\n\nCreate the infrastructure:\n\n```sh\nterraform init\nterraform apply -auto-approve\n```\n\nThe default image will be NGINX.\n\n## WAF\n\nCustomize WAF rules behavior:\n\n```terraform\nwaf_allowed_country_codes = [\"BR\", \"US\"]\n```\n\nTo test the rate-limiting rule, run a loop and verify in another terminal when it starts blocking. Example:\n\n```sh\nbash loop.sh https://\u003capp_id\u003e.us-east-2.awsapprunner.com\n```\n\nBlocked requests should have a custom message:\n\n\u003cimg src=\".assets/wafed.png\" width=400 /\u003e\n\n## Body size\n\nFollowing this [guideline][1], WAF is configured with `AWS Managed Rules Core` rule set to limit requests in the `/post` endpoint to 8,192 bytes. Requests with more than that will be blocked.\n\nAn exception is added to the `/put` route, which will allow requests to go through.\n\nIt is important to notice the limits of inspection as well:\n\n\u003e AWS WAF inspects the first 8 KB (8,192 bytes) of the request body. This is a hard service limit and can't be changed.\n\nTo teste different options, use the Insomnia project export.\n\n## Optional (ECR)\n\nTo use ECR, configure the `.auto.tfvars` file before creating the resources:\n\n```sh\nbash ecrPushHttpbin.sh\n```\n\nAlso, uncomment the ECR authentication:\n\n```terraform\nauthentication_configuration {\n  access_role_arn = var.access_role_arn\n}\n```\n\nCreate the repository:\n\n```sh\naws ecr create-repository --repository-name dotnet-app\n```\n\nBuild and publish the image:\n\n```\ndocker build . -t \u003cACCOUNT_ID\u003e.dkr.ecr.\u003cREGION\u003e.amazonaws.com/dotnet-app:latest\naws ecr get-login-password --region \u003cREGION\u003e | docker login --username AWS --password-stdin \u003cACCOUNT_ID\u003e.dkr.ecr.\u003cREGION\u003e.amazonaws.com\ndocker push \u003cACCOUNT_ID\u003e.dkr.ecr.\u003cREGION\u003e.amazonaws.com/dotnet-app:latest\n```\n\n### Local Testing\n\nRunning the .NET app:\n\n```sh\ndotnet restore\ndotnet run\n```\n\nFor local building the docker image:\n\n```sh\ndocker build -t dotnet-app-image .\ndocker run --rm -p 80:80 --name dotnet-app dotnet-app-image\n```\n\n[1]: https://repost.aws/knowledge-center/waf-http-request-body-inspection\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Faws-apprunner-waf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fepomatti%2Faws-apprunner-waf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fepomatti%2Faws-apprunner-waf/lists"}