From bcdf3ae123926c66764f85dedf0a6642f7eca16f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ole=20Volds=C3=A6ter?= <ole.voldsater@uib.no>
Date: Mon, 14 Sep 2020 09:08:58 +0200
Subject: [PATCH] refs meta#147 slipp api-kall gjennom brannmuren

---
 aws/beta.ordbok.uib.no_stack.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/aws/beta.ordbok.uib.no_stack.yaml b/aws/beta.ordbok.uib.no_stack.yaml
index 4284a2f..ad0bfe0 100644
--- a/aws/beta.ordbok.uib.no_stack.yaml
+++ b/aws/beta.ordbok.uib.no_stack.yaml
@@ -83,6 +83,16 @@ Resources:
         Value: "82.134.66.114/32"
       Name: "allowed IPs"
 
+  APImatch:
+    Type: "AWS::WAF::ByteMatchSet"
+    Properties:
+      ByteMatchTuples:
+      - FieldToMatch:
+          Type: "URI"
+        TargetString: "/api/"
+        TextTransformation: "NONE"
+        PositionalConstraint: "STARTS_WITH"
+
   ITARule:
     Type: "AWS::WAF::Rule"
     Properties:
@@ -93,6 +103,16 @@ Resources:
         Negated: false
         DataId: !Ref ITAIpSet
 
+  APIRule:
+    Type: "AWS::WAF::Rule"
+    Properties:
+      MetricName: "APIRule"
+      Name: "APIRule"
+      Predicates:
+      - Type: "ByteMatch"
+        Negated: false
+        DataId: !Ref APImatch
+
   ACL:
     Type: "AWS::WAF::WebACL"
     Properties:
@@ -105,6 +125,10 @@ Resources:
             Type: "ALLOW"
           Priority: 1
           RuleId: !Ref ITARule
+        - Action:
+            Type: "ALLOW"
+          Priority: 5
+          RuleId: !Ref APIRule
 
   Distribution:
     Type: "AWS::CloudFront::Distribution"
-- 
GitLab