From 412db04a3c9e9e31cac1788cac0f647d4c55ab67 Mon Sep 17 00:00:00 2001
From: Song Song Li <ssli@redhat.com>
Date: Wed, 5 Jun 2024 16:23:01 +0800
Subject: [PATCH] auto commit

Signed-off-by: Song Song Li <ssli@redhat.com>
---
 _posts/aws-waf-tips.md | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 _posts/aws-waf-tips.md

diff --git a/_posts/aws-waf-tips.md b/_posts/aws-waf-tips.md
new file mode 100644
index 0000000..e1ea445
--- /dev/null
+++ b/_posts/aws-waf-tips.md
@@ -0,0 +1,41 @@
+---
+layout: post
+title: aws waf tips
+date: 2024-06-16 00:12:05
+---
+
+### 创建acl
+
+```
+aws wafv2 create-web-acl \
+  --name ${CLUSTER_NAME}-waf \
+  --region ${REGION} \
+  --default-action Allow={} \
+  --scope REGIONAL \
+  --visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=${CLUSTER_NAME}-waf-metrics \
+  --rules file://${SCRATCH}/waf-rules.json \
+  --query 'Summary.ARN' \
+  --output text
+```
+
+### 删除acl
+
+```
+aws wafv2 delete-web-acl --name ${CLUSTER_NAME}-waf --scope REGIONAL --lock-token TOKEN --id ID
+```
+
+### 获取acl
+
+```
+aws wafv2 get-web-acl --name ${CLUSTER_NAME}-waf --scope REGIONAL --id ID
+```
+
+### 获取权限
+
+```
+aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/example-role" --role-session-name AWSCLI-Session
+
+export AWS_ACCESS_KEY_ID=RoleAccessKeyID
+export AWS_SECRET_ACCESS_KEY=RoleSecretKey
+export AWS_SESSION_TOKEN=RoleSessionToken
+```