How to Deploy Cloudbric Managed Rules for AWS WAF in 4 Steps
Protect your AWS applications in minutes. Cloudbric’s managed rules for AWS WAF condense enterprise-grade threat intelligence into a simple, one-click deployment. This guide shows you how to add battle-tested security logic to your applications without writing code or scheduling downtime.
Why Add Cloudbric to AWS WAF?
While AWS WAF provides a powerful framework, its effectiveness depends on the quality of the rules you apply. Cloudbric delivers curated, pre-tuned rule groups that allow you to:
- Deploy Faster:Launch comprehensive security policies in under five minutes.
- Stay Ahead of Threats:Benefit from daily rule updates that track emerging CVEs and attack patterns.
- Reduce False Positives:Utilize machine learning-aided signatures that minimize noise and disruptions.
- Pay as You Go:Subscribe per rule group for each web ACL with no long-term lock-in.
Setup at a Glance
Before you begin, ensure you have:
- An AWS Account:With AWS WAF enabled and the necessary IAM permissions (e.g.,
wafv2:**). - A Target Resource:A CloudFront distribution, Application Load Balancer (ALB), API Gateway, or other supported AWS service you wish to protect.
- A Cloudbric Subscription:If you're a new user, AWS will prompt you to subscribe via the AWS Marketplace directly within the setup process—no need to leave the console.
Deploying Cloudbric Rules: A Step-by-Step Guide
This walk-through uses the modern AWS WAF console workflow.
Step 1: Navigate to AWS WAF & Create a Web ACL
From the AWS Management Console, go to WAF & Shield. In the left navigation pane, click Web ACLs, then click Create web ACL. A Web Access Control List (Web ACL) is a set of rules that provides fine-grained control over the web traffic that reaches your application. WAF & Shield。在左側導覽窗格中,點擊 Web ACLs,然後點擊 Create web ACL。Web 存取控制清單(Web ACL)是一組規則,能對到達您應用程式的網路流量進行精細控制。
Step 2: Describe the Web ACL and Associate Resources
Name your Web ACL and provide an optional description.
Select the AWS resource(s) you want to protect (e.g., your CloudFront distribution or ALB). Click Next.
Step 3: Add Cloudbric's Managed Rules
This is where you integrate Cloudbric’s security intelligence.
- On the "Add rules and rule groups" screen, click the Add rules dropdown and select Add managed rule groups.
- Scroll down to the AWS Marketplace managed rule groups section.
- Expand the Cloudbric Corp. provider listing to see all available rule groups.
- Locate the rule group you need (e.g.,OWASP Top 10 Rule Set) and toggle the Add to web ACL switch.
First-Time Subscription: If you haven't subscribed before, a prompt will appear. Click "Subscribe in AWS Marketplace," accept the terms, and return to the WAF console. The toggle will now be active.
Once added, the rule group will appear in your list with its associated WCU (Web ACL Capacity Unit) cost. Repeat this for any other Cloudbric rule groups you wish to add. Click Next.
Step 4: Set Rule Priority, Review, and Create
Set rule priority if you have added multiple rules. By default, your new rule group will be evaluated last.
Review your configuration to ensure all settings are correct.
Click Create web ACL. The deployment typically takes about 60-90 seconds.
A success banner will confirm that your AWS resources are now protected by your new Web ACL featuring Cloudbric's managed rules.
Your Security Toolkit: The Cloudbric Rule Arsenal
Choose the right protection for your specific needs. Here’s a breakdown of the available rule groups, their purpose, and their capacity cost.
| Rule Group | What It Does for You | When to Use It |
|---|---|---|
| API Protection | Guards against the OWASP API Security Top 10 (injection, broken authentication, data exposure) with schema and rate-based checks. | Any public or partner-facing REST/GraphQL API, especially for fintech, SaaS, or mobile back-ends. |
| Anonymous IP Protection | Detects and blocks traffic from VPNs, proxies, Tor exits, and other anonymizing services to prevent fraud. | Stop fraud rings, price scrapers, and location-based abuse without blocking legitimate users. |
| Bot Protection | Uses behavioral and signature-based filters to block credential stuffing, carding, inventory hoarding, and SEO spam. | E-commerce checkouts, ticketing sites, and login portals where bot traffic harms business. |
| Malicious IP Reputation | Blocks traffic from a real-time feed of 700k+ IPs linked to malware, spam, DDoS, and C2 servers. | A quick, low-cost win for any business to instantly reduce its attack surface. |
| OWASP Top 10 | Provides broad protection against the most critical web application security risks like SQLi, XSS, and path traversal. | The essential security blanket for every new website and application before it goes live. |
| Tor IP Detection | Specifically flags and blocks traffic from Tor exit nodes to cut off high-risk, anonymous vectors. | Banking, gaming, or any service where user identity and accountability are critical. |
Pricing and WCU (Web ACL Capacity Units)
AWS WAF usage is calculated with WCUs. You can combine multiple rule groups in a single Web ACL, but note that the default WCU limit is 1,500 before additional charges apply.
| Cloudbric Rule Group | Typical WCU | Monthly List Price* |
|---|---|---|
| API Protection | 1,200 | Pay-as-you-go via AWS Marketplace |
| Anonymous IP Protection | 90 | “ |
| Bot Protection | 150 | “ |
| Malicious IP Reputation | 6 | “ |
| OWASP Top 10 | 1,400 | “ |
| Tor IP Detection | 6 | “ |
*Pricing is managed directly through your AWS bill.
Ready to Lock Down Your Edge?
Cloudbric brings enterprise-grade protection to your AWS WAF environment without the enterprise-level complexity. With a setup time of less than five minutes and threat intelligence that’s updated daily, you can secure your applications and get back to building.
About Penta Security
Penta Security takes a holistic approach to cover all the bases for information security. The company has worked and is constantly working to ensure the safety of its customers behind the scenes through the wide range of IT-security offerings. As a result, with its headquarters in Korea, the company has expanded globally as a market share leader in the Asia-Pacific region.
As one of the first to make headway into information security in Korea, Penta Security has developed a wide range of fundamental technologies. Linking science, engineering, and management together to expand our technological capacity, we then make our critical decisions from a technological standpoint.
About Version 2
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
