目前正在尝试创建一个触发AWS Lambda函数的slack slash命令。这部分很简单并且是集成的。然后,lambda函数应该访问特定的WAF,获取IP Set List,并在该列表中插入IP地址。实质上,将远程IP地址添加到白名单,以便远程开发人员可以从防火墙外部开始网站的Web开发。
我遇到的问题是我似乎无法使AWS-SDK正常运行(显然是我的错)哈哈)。我尝试使用SDK在Java和NodeJS中实现我的解决方案,但遇到了两个不同的问题。
JAVA实施 此代码的主要问题是执行代码后,我的WAF内部的ACL白名单中没有添加任何内容。 代码在Eclipse中运行。应在环境中设置所有依赖项。代码正在从Eclipse环境本身运行,而不是从aws lambda控制台触发。像这样运行: eclipse console screen shot。代码执行并与aws sdk交互。起初,我认为我的代码lambda代码无法与我的AWS账户进行交互,除非部署并触发了lambda代码。但是,我使用创建S3存储桶的java aws-sdk(在同一个函数中)创建了一些代码。
public class LambdaFunctionHandler implements RequestHandler<S3Event, Object> {
@Override
public String handleRequest(S3Event input, Context context) {
String return_object = "Hello, " + input + "!";
System.out.println("hello again");
try {
createWAF();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// TODO: implement your handler
return return_object;
}
public void createWAF() throws IOException {
AWSCredentials credentials = null; // real credentials are passed in non-example code
/*
* AWSWAF is an interface. To construct an waf object with access to waf service methods you must
* invoke the constructor of AWSWAF--Client
* pass the credentails as an argument in order to have access to specified AWS account
*/
AWSWAF waf = new AWSWAFClient(credentials);
/*
* When you want to create, update, or delete AWS WAF objects, get a change token and include the change
* token in the create, update, or delete request.
* Change tokens ensure that your application doesn't submit conflicting requests to AWS WAF.
*
*/
GetChangeTokenResult changeToken = null;
try {
System.out.println("change token is converted to PENDING status");
changeToken = waf.getChangeToken(new GetChangeTokenRequest());
System.out.println(changeToken.toString());
} catch (WAFInternalErrorException exception){
System.out.println("error when initializing ChangeToken param");
System.out.println(exception.getErrorMessage());
}
GetIPSetRequest request = new GetIPSetRequest();
request.setIPSetId(IPSetId);
System.out.println("before updating ip set");
System.out.println(waf.getIPSet(request));
try{
/*
* AWS updateIPSetResult() method states that to create and configure an IPSet, perform the following steps:
* 1. Submit a CreateIPSet request.
* 2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateIPSet
* request.
* 3. Submit an UpdateIPSet request to specify the IP addresses that you want AWS WAF to watch for.
*/
/*
* if IP list is already created inside of an ACL - WAF, do you really need to create a new IP set?
* CreateIPSetRequest createipsetrequest = new CreateIPSetRequest();
* createipsetrequest.setName("NewIPSet");
* createipsetrequest.setChangeToken(changeToken.toString());
* CreateIPSetResult createipset = waf.createIPSet(createipsetrequest);
*/
/*
* Must pass a list of parameters to our updateIPSet() call, which includes:
* 1. a changeToken with empty parameters
* 2. the id of the ip set that we want to update
* 3. a collection of IPSetUpdates, which includes
* A) set action -- INSERT IN THIS CASE
* B) set type -- IPV4
* C) value -- ip address we want to update (arbitrary in this case)
*/
UpdateIPSetRequest updateParams = new UpdateIPSetRequest();
updateParams.setChangeToken(changeToken.toString());
updateParams.setIPSetId(IPSetId); // param exists - redacted in here
Collection<IPSetUpdate> ipToAdd = new ArrayList<IPSetUpdate>();
IPSetUpdate howToUpdateIPList = new IPSetUpdate();
howToUpdateIPList.setAction(ChangeAction.INSERT);
IPSetDescriptor ipsetdescriptor = new IPSetDescriptor();
ipsetdescriptor.setType(IPSetDescriptorType.IPV4);
ipsetdescriptor.setValue("192.0.2.44/32");
howToUpdateIPList.setIPSetDescriptor(ipsetdescriptor);
ipToAdd.add(howToUpdateIPList);
updateParams.setUpdates(ipToAdd);
System.out.println("Result: ");
UpdateIPSetResult result = waf.updateIPSet(updateParams);
System.out.println(result);
} catch (WAFStaleDataException | WAFInternalErrorException e) {
//exception handling done here
}
System.out.println("after updating ip set");
request.setIPSetId(IPSetId);
System.out.println(waf.getIPSet(request));
}
我将NodeJS问题添加到单独的线程中。感谢您阅读此内容。感谢您的时间和任何帮助。