Declarative Advanced WAF policy lifecycle in a CI/CD pipeline

The purpose of this article is to show the configuration used to deploy a declarative Advanced WAF policy to a BIG-IP and automatically configure it to protect an API workload by consuming an OpenAPI...
Published Sep 22, 2020
Version 1.0
AS3
ASM Advanced WAF
BIG-IP
CICD
Declarative WAF
Security
series-api-security
Super-NetOps
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP
Feb 04, 2023

Great article! I have made an article https://community.f5.com/t5/codeshare/comparison-between-deploying-as3-or-fast-iapp-declarations-with/ta-p/309613 , where for AS3 deployments I use the new F5 ansible module "bigip_as3_deploy"  that does some better checks than the Ansbile build in URI module.

 

For not referencing a policy from Github but including it in the as3 file directly or as a a variable, using Ansible facts I just need to replace "url": "http://xxxx/root/awaf_openapi/-/raw/master/WAF/ansible/bigip/policy-api.json" and directly place the file content seems not possible as of now so probably the only other way is to push a file with the policy as mentioned in https://community.f5.com/t5/technical-articles/advanced-waf-v16-0-declarative-api/tac-p/309802#M13890 , make a policy from it and then reference the existing policy.