Skip to content

Mitigating Common Web Application Attack Vectors Using AWS WAF - Build Phase

Environment setup

To setup the workshop environment, launch the CloudFormation stack below in the preferred AWS region using the "Deploy to AWS" links below. This will automatically take you to the console to run the template.

Note About Workshop and AWS Account

We stronly recommend that you use a non-production AWS account for this workshop such as a training, sandbox or personal account. If multiple participants are sharing a single account you should use unique names for the stack set and resources created in the console.


US West 2 (Oregon)         Deploy in us-west-2


US East 2 (Ohio)         Deploy in us-east-2


US East 1 (N. Virginia)         Deploy in us-east-1


EU West 1 (Ireland)         Deploy in us-east-1


  1. Click Next on the Specify Template section.

  2. On the Specify stack details step, update the following parameters depending on how you are doing this workshop:

AWS-sponsored event
  • If you are sharing an AWS account with someone else in the same region, change the name of the stack to pww-yourinitials
  • Automated Scanner: Set to true.
  • Scanner Username: Enter the username provided by the workshop team.
  • Scanner Password: Enter the password provided by the workshop team.
  • Trusted Network CIDR: Enter a trusted IP or CIDR range you will access the site from using a web browser. You can optain your current IP at Ifconfig.co The entry should follow CIDR notation. i.e. 10.10.10.10/32 for a single host.
  • Keep the defaults for the rest of the parameters.
Individual or an event not sponsored by AWS
  • If you are sharing an AWS account with someone else in the same region, change the name of the stack to pww-yourinitials
  • Automated Scanner: Set to false.
  • Scanner Username: Enter null
  • Scanner Password: Enter null
  • Trusted Network CIDR: Enter a trusted IP or CIDR range you will access the site from using a web browser. You can optain your current IP at Ifconfig.co The entry should follow CIDR notation. i.e. 10.10.10.10/32 for a single host.
  • Keep the defaults for the rest of the parameters.
  1. Click Next

  2. Click Next on the Configure stack options section.

  3. Finally, acknowledge that the template will create IAM roles under Capabilities and click Create.

This will bring you back to the CloudFormation console. You can refresh the page to see the stack starting to create. Before moving on, make sure the stack is in a CREATE_COMPLETE status. This should take ~8 minutes.


You can now proceed to the Assess Phase.