Skip to content

Quick Start with Provided Example

Prerequisites

Quick Start

  1. Download Terraform code example.

  2. Prepare Terraform environment and variables.

  3. Deploy described stack.

  4. Test WAF node operation.

Step 1: Downloading Terraform Code Example

Terraform code used in this example can be cloned from the GitHub repository using the following command:

git clone https://github.com/wallarm/terraform-example.git

Configuration files are located in the terraform folder of the repository:

  • variables.tf is used to define necessary Terraform variables which describe the managed environment

  • main.tf holds the Terraform code which performed the actual AWS provisioning

Step 2: Preparing Terraform Environment and Variables

  1. Set environment variables with credentials for the Wallarm user with the Deploy role:

    export TF_VAR_deploy_username=DEPLOY_USERNAME
    export TF_VAR_deploy_password=DEPLOY_PASSWORD
    

    • DEPLOY_USERNAME is the username of the user with the Deploy role
    • DEPLOY_PASSWORD is the password of the user with the Deploy role
  2. Set environment variables with your AWS access keys:

    export AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY_ID"
    export AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY"
    

    • YOUR_ACCESS_KEY_ID is your access key ID
    • YOUR_SECRET_ACCESS_KEY is your secret access key
  3. (Optional) Specify your public SSH key in the key_pair variable in the variables.tf file, if you plan to access the employed EC2 instances using SSH.

  4. (Optional) Specify the api.wallarm.com API endpoint in the wallarm_api_domain variable in the variables.tf file, if you use the EU cloud. If you use the US cloud, please leave an existing value.

  5. (Optional) Set AWS region data in the variables listed below in the variables.tf file. The provided example is configured for AWS region us-west-1 (North California).

    • aws_region (you can find the list of AWS regions here)
    • az_a
    • az_b
    • wallarm_node_ami_id with the used AWS EC2 Wallarm WAF node image ID got by the command below. Please replace REGION_CODE by aws-region value:

      aws ec2 describe-images --filters "Name=name,Values=*Wallarm Node-2.12*" --region REGION_CODE | jq -r '.Images[] | "\(.ImageId)"'
      

    • wordpress_ami_id with the used AWS EC2 Wordpress image ID got by the command below. Please replace REGION_CODE by aws-region value:

      aws ec2 describe-images --filters "Name=name,Values=*bitnami-wordpress-5.3.2-3-linux-ubuntu-16.04*" --region REGION_CODE | jq -r '.Images[] | "\(.ImageId)"'
      

Step 3: Deploying Described Stack

  1. Go to the terraform folder of the cloned repository:

    cd terrafrom-example/terraform
    

  2. Deploy the whole stack using the following commands:

    terraform init
    terraform plan
    terraform apply
    

After a successful run, Terraform will print out a DNS name of the deployed NLB instance. For example:

Apply complete! Resources: 4 added, 2 changed, 4 destroyed.

Outputs:

waf_nlb_dns_name = [
  "tf-wallarm-demo-asg-nlb-7b32738728e6ea44.elb.us-east-1.amazonaws.com",
]

The DNS name can be used to access the freshly installed Wordpress service with Wallarm WAF cluster deployed in front of it.

!Installed Wordpress service

Step 4: Testing WAF Node Operation

The WAF cluster is configured with a self-signed SSL certificate so it should be possible to access the same DNS name using HTTPS protocol but the browser will show a security warning.

You can simulate a web attack by adding /?id='or+1=1--a-<script>prompt(1)</script> to the web request - the request should be blocked by the WAF with response code 403:

!403 error code after sending an attack

A few minutes after simulating a web attack it should be possible to see two blocked attacks - SQLI and XSS - in your Wallarm account > Events:

!Sent attacks displayed in the Wallarm account

WAF node deployment settings are performed in the wallarm_launch_config object of the main.tf file. To change settings to your own, please use directive description available by the link.

Info

To remove the demonstration environment, please use the terraform destroy command.