AWS Resource Reference
      Back to home
      1. Arpio Documentation
      2. Reference Guides
      3. AWS Resource Reference

      Web Application Firewall (WAF)

      WAF resource replication with Arpio

      WAFv2

      Arpio replicates the following WAFv2 resource types into your recovery environment.

      Web ACL

      Arpio replicates AWS WAFv2 web access control lists (web ACLs) to your recovery account. AWS WAF can be used to protect the following resource types:

      • Amazon API Gateway REST API
      • Application Load Balancer (ALB)
      • Amazon Cognito User Pool

      Please contact us if you would like to replicate AWS WAF with AWS AppSync, GraphQL API, Amazon CloudFront, or WAFv1.


      Attribute

      Translation

      Rules

      ARNs in rules that refer to rule groups, IP sets, and regex pattern sets are translated for the recovery environment.
      CaptchaConfig
      ChallengeConfig
      CustomResponseBodies
      DefaultAction
      Description
      Name
      Scope
      VisibilityConfig

      These attributes are replicated to your recovery environment without translation. 

      Rule Group

      Rule groups will automatically be included in a recovery point, if a web ACL using that rule group is in the recovery point.


      Attribute

      Translation

      Rules

      ARNs in rules that refer to IP sets, and regex pattern sets are translated for the recovery environment.
      Capacity
      CustomResponseBodies
      Description
      Name
      Scope
      VisibilityConfig

      These attributes are replicated to your recovery environment without translation. 

      IP Set

      IP sets will automatically be included in a recovery point, if a rule group, or web ACL using that IP set is in the recovery point.


      Arpio replicates IP sets as-is, no attributes are translated in the recovery environment.

      Regex Pattern Set

      Regex pattern sets will automatically be included in a recovery point, if a rule group, or web ACL using that IP set is in the recovery point.


      Arpio replicates regex pattern sets as-is, no attributes are translated in the recovery environment.

      Managed Rule Groups

      AWS Managed Rule Groups

      If your web ACL uses an AWS managed rule group, your configuration will be replicated to the recovery environment. There is an extra cost for managed rule groups, but you will only be charged when your application is in the failover or test failover states.

      Marketplace Managed Rule Groups

      If your web ACL uses managed rule groups from the AWS Marketplace, and your recovery environment uses a separate AWS account from your primary environment, then you will need to purchase a subscription in the recovery account. Once you have purchased that subscription, Arpio will automatically replicate your configuration to the recovery environment.