AWS WAF log analysis report generator
Project description
Introduction
Accomapnist - It's an accompanist on AWS WAF log analysis.
You can analysis AWS WAF log and generate analysis report with only 2 CLI commands.
- The feature & Report Item
- Histgram of requests
- Top 5 of below items
- Blocked or counted rule group
- URI path
- IP address
- Country code
- The number of requests on specific URI
- Comment (written by you if you have any comments))
Note
-
Target WAF
- AWS WAFv2
- Logging: CloudWatch Logs
- Action: BLOCK or COUNT
- Third Party WAF
- Logging: CloudWatch Logs
- Action: BLOCK or COUNT
- AWS WAFv2
-
Requirement of Client Environment
- IAM Role/User: including permissions to execute as follows
- (1)
start_query
of Logs Insights - (2)
get_query_result
of Logs Insights - The example role is noted the last
- (1)
- IAM Role/User: including permissions to execute as follows
Install
pip install accompanist
Usage
- Create configuration file (JSON format) including 3 elements below
(e.g.) config.json
{
"log_group": "aws-waf-logs-foo-bar",
"target_uri": [
"/foo",
"/bar"
],
"comment": [
"- note 1",
"- note 2",
"-",
"-",
"-"
]
}
- Get query result
(e.g.) To get BLOCK log for 3 days
accompanist listen --action BLOCK --days 3
- Generate report (PDF format)
accompanist play
Uninstall
pip uninstall accompanist
Index
IAM Role with minimum permissions
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CWLI",
"Effect": "Allow",
"Action": [
"logs:StartQuery",
"logs:GetQueryResults"
],
"Resource": "*"
}
]
}
In the "Resource", you should consider to squeeze only needed ARNs as well.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Close
Hashes for accompanist-1.0.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9c27bf0a69503bf6687e0ecf82c007fad3a7cf6481f4fd001cc5376e51154f45 |
|
MD5 | 618e9f0a7f9ee8257d6d5382bc1a2a41 |
|
BLAKE2b-256 | 0593e2fd9f22a11247f4e2384ae6fbb9dc7c19789f44179a25ad767c80868344 |