December 2017
Intermediate to advanced
364 pages
7h 30m
English
Content preview from Security Automation with Ansible 2
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
AWS services used in setup
As soon as an attack is detected, the alerter sends the IP to the blacklist lambda endpoint via an HTTPS request. The IP is blocked using the network ACL and the record of it is maintained in DynamoDB. If the IP is currently blocked already, then the expiry time for the rule will be extended in the DynamoDB.
An expiry handler function is periodically triggered, which removes expired rules from DynamoDB and ACL accordingly.