Declarative Advanced WAF policy lifecycle in a CI/CD pipeline

The purpose of this article is to show the configuration used to deploy a declarative Advanced WAF policy to a BIG-IP and automatically configure it to protect an API workload by consuming an OpenAPI...

Published Sep 22, 2020

Version 1.0

ASM Advanced WAF

Declarative WAF

series-api-security

Icon for Employee rank

Employee

Joined September 02, 2019

Icon for MVP rank

MVP

Feb 04, 2023

Great article! I have made an article https://community.f5.com/t5/codeshare/comparison-between-deploying-as3-or-fast-iapp-declarations-with/ta-p/309613 , where for AS3 deployments I use the new F5 ansible module "bigip_as3_deploy" that does some better checks than the Ansbile build in URI module.

For not referencing a policy from Github but including it in the as3 file directly or as a a variable, using Ansible facts I just need to replace "url": "http://xxxx/root/awaf_openapi/-/raw/master/WAF/ansible/bigip/policy-api.json" and directly place the file content seems not possible as of now so probably the only other way is to push a file with the policy as mentioned in https://community.f5.com/t5/technical-articles/advanced-waf-v16-0-declarative-api/tac-p/309802#M13890 , make a policy from it and then reference the existing policy.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)