AWS Web Application Firewall (WAF)

WAF resource replication with Arpio

WAFv2

Arpio replicates the following WAFv2 resource types into your recovery environment.

Web ACL

Arpio replicates AWS WAFv2 web access control lists (web ACLs) to your recovery account. AWS WAF can be used to protect the following resource types:

• Amazon API Gateway REST API
• Application Load Balancer (ALB)
• Amazon Cognito User Pool

Please contact us if you would like to replicate AWS WAF with AWS AppSync, GraphQL API, Amazon CloudFront, or WAFv1.

Rule Group

Rule groups will automatically be included in a recovery point, if a web ACL using that rule group is in the recovery point.

IP Set

IP sets will automatically be included in a recovery point, if a rule group, or web ACL using that IP set is in the recovery point.

Arpio replicates IP sets as-is, no attributes are translated in the recovery environment.

Regex Pattern Set

Regex pattern sets will automatically be included in a recovery point, if a rule group, or web ACL using that IP set is in the recovery point.

Arpio replicates regex pattern sets as-is, no attributes are translated in the recovery environment.

Managed Rule Groups

AWS Managed Rule Groups

If your web ACL uses an AWS managed rule group, your configuration will be replicated to the recovery environment. There is an extra cost for managed rule groups, but you will only be charged when your application is in the failover or test failover states.

Marketplace Managed Rule Groups

If your web ACL uses managed rule groups from the AWS Marketplace, and your recovery environment uses a separate AWS account from your primary environment, then you will need to purchase a subscription in the recovery account. Once you have purchased that subscription, Arpio will automatically replicate your configuration to the recovery environment.