Skip to content

[Refactor] 비용 최적화를 위한 기존 WAF 규칙 삭제 #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lvalentine6 merged 1 commit into from
Oct 28, 2025
Merged

[Refactor] 비용 최적화를 위한 기존 WAF 규칙 삭제 #210

lvalentine6 merged 1 commit into from
Oct 28, 2025

Conversation

@lvalentine6
Copy link
Member

@lvalentine6 lvalentine6 commented Oct 25, 2025
edited
Loading

✨ 개요

  • AWS WAF의 비용이 예상보다 많이 나오고 있어, 필수 규칙을 제외한 우선순위가 낮은 규칙을 삭제처리했습니다.
  • 적용 후 WAF 비용은 월 8달러로 유지될것으로 보입니다.
  • 대부분의 악성 요청이 커스텀 규칙인 Allow-Verified-Server-Requests에서 방어될것으로 보입니다.
  • 적용 후 WAF 로그를 지속적으로 모니터링 할 예정입니다.

🧾 관련 이슈

Close #211

🔍 참고 사항 (선택)

Summary by CodeRabbit

릴리스 노트

  • Chores
    • 웹 애플리케이션 방화벽 규칙 제거: 속도 제한 규칙, 알려진 나쁜 입력 감지, IP 신판 목록, 익명 IP 목록, SQL 주입 탐지 규칙이 비활성화되었습니다.
    • 기존 보안 규칙 구성이 업데이트되었습니다.

@coderabbitai
Copy link

coderabbitai bot commented Oct 25, 2025
edited
Loading

Walkthrough

AWS WAF 웹 ACL에서 5개의 WAF 규칙 블록(Rate-Limit-Rule, AWS-Managed-Known-Bad-Inputs-Rule-Set, AWS-Managed-Amazon-IP-Reputation-List, AWS-Managed-Anonymous-IP-List, AWS-Managed-SQLi-Rule-Set)을 제거했습니다. 남은 규칙의 메타데이터는 변경되지 않았습니다.

Changes

Cohort / File(s) 변경 요약
WAF 규칙 제거
terraform/common/waf/main.tf		 Rate-Limit-Rule, AWS-Managed-Known-Bad-Inputs-Rule-Set, AWS-Managed-Amazon-IP-Reputation-List, AWS-Managed-Anonymous-IP-List, AWS-Managed-SQLi-Rule-Set 5개 규칙 블록 삭제

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3분

  • 규칙 블록의 단순 삭제만 포함
  • 로직 변경이나 구조적 수정 없음
  • 제거된 각 규칙이 다른 구성에 영향을 미치지 않는지 확인 필요

Poem

🐰 다섯 개의 규칙이 사라지고,
방화벽이 한층 가벼워졌네.
필요 없는 것은 치워내고,
남은 것으로 충분하다 하니,
와프의 춤은 더욱 우아해지리! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed 제목 "[Refactor] 비용 최적화를 위한 기존 WAF 규칙 삭제"는 변경 사항을 명확하게 반영하고 있습니다. 실제 변경 사항이 terraform/common/waf/main.tf에서 5개의 WAF 규칙 블록(Rate-Limit-Rule, AWS-Managed-Known-Bad-Inputs-Rule-Set 등)을 삭제하는 것이고, 제목은 이러한 주요 변경사항의 목적(비용 최적화)과 내용(기존 WAF 규칙 삭제)을 정확하게 전달합니다. 제목은 간결하고 구체적이며 PR 목표와도 완벽하게 일치합니다.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch refactor/PRODUCT-285

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot requested a review from leegwichan October 25, 2025 11:46
@github-actions
Copy link

github-actions bot commented Oct 25, 2025

📄 Terraform Plan Summary

🛡️ Common Infrastructure

  ~ update in-place
  ~ resource aws_wafv2_web_acl this {
Plan: 0 to add, 1 to change, 0 to destroy.

Status: 🔄 Changes Detected

🛠️ Development Environment


No plan summary

Status: ✅ No Changes

📋 Full Results: View in Actions

@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 25, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@lvalentine6 lvalentine6 merged commit 26b0da1 into develop Oct 28, 2025
10 checks passed
@lvalentine6 lvalentine6 deleted the refactor/PRODUCT-285 branch October 28, 2025 08:42
@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🎉 This PR is included in version 1.8.0-develop.18 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@github-actions
Copy link

github-actions bot commented Oct 28, 2025

🎉 This PR is included in version 1.9.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leegwichan leegwichan Awaiting requested review from leegwichan

Assignees

@lvalentine6 lvalentine6

Labels

refactor released on @beta released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[PRODUCT-286] [Refactor] WAF 비용 최적화

2 participants

@lvalentine6