Updates for Cloud9 IDE UI, Postman UI and WAF

docs/00-initial-setup/README.md

@@ -92,6 +92,7 @@ If you are working in your own AWS account, follow the steps below to launch a C
 
 	Region| Code | Launch
 	------|------|-------
+	AP Southeast (Sydney) | <span style="font-family:'Courier';">ap-southeast-2</span> | [![Launch setup resource in ap-southeast-2](images/cfn-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/new?stackName=Secure-Serverless&templateURL=https://s3.amazonaws.com/wildrydes-us-east-1/Security/init-template.yml)
 	EU (Ireland) | <span style="font-family:'Courier';">eu-west-1</span> | [![Launch setup resource in eu-west-1](images/cfn-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stacks/new?stackName=Secure-Serverless&templateURL=https://s3.amazonaws.com/wildrydes-us-east-1/Security/init-template.yml)
 	US West (Oregon) | <span style="font-family:'Courier';">us-west-2</span> | [![Launch setup resource in us-west-2](images/cfn-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=Secure-Serverless&templateURL=https://s3.amazonaws.com/wildrydes-us-east-1/Security/init-template.yml)
 	US East (N. Virginia) | <span style="font-family:'Courier';">us-east-1</span> | [![Launch setup resource in us-east-1](images/cfn-launch-stack.png)](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=Secure-Serverless&templateURL=https://s3.amazonaws.com/wildrydes-us-east-1/Security/init-template.yml)
@@ -381,11 +382,18 @@ In addition to the lambda code, the configurations for Lambda function and the R
 
    After doing this, it's time to test your API locally using SAM Local. 
 
-1. On the **right panel**, click on **AWS Resources**. 
+1. On the **top right**, click on the cog.
+	<img src="images/0D-aws-preferences.png" width="80%" />
+1. In the **Preferences Menu**, open **AWS settings**
+
+	<img src="images/0D-aws-settings.png" width="80%" />
+1. Untoggle the AWS Toolkit
+	<img src="images/0D-aws-toolkit.png" width="80%" />
 
+1. On the **right panel**, click on **AWS Resources**. 
 	<img src="images/0D-aws-resource-bar.png" width="80%" />
 
-1. You should see a folder tree with the name *Local Functions (1)*. 
+1. You should now see a folder tree with the name *Local Functions (1)*. 
 1. Select **UnicornPartsFunction** under the `src` folder
 1. Once you have selected the function, click on the dropdown on the panel on the top, and select **Run APIGateway Local**  
 

docs/01-add-authentication/README.md

@@ -347,10 +347,9 @@ Now we have configured our API so only authenticated requests can get through to
 
 To make authenticated requests using the admin client credentials we just created in Module 1C, we can use PostMan:
 
-1. In Postman, right click on the **Manage Partner** folder and click **edit**
-1. In the Edit Folder window that pops up, go to **Authorization** tab, and change the Auth **Type** to `OAuth 2.0`, then click **Get New Access Token** 
-
-	![postman add auth](images/1E-postman-add-auth.png)
+1. In Postman, left click on the **Manage Partner** folder
+1. In the **Authorization** tab, and change the Auth **Type** to `OAuth 2.0`, then click **Get New Access Token** 
+	![postman add auth](images/1E-postman-gettoken.png)
 
 1. Configure the token request:
 
@@ -365,8 +364,6 @@ To make authenticated requests using the admin client credentials we just create
 	* **Client Secret**:  this the client secret of the admin we created in Module 1D
 	* **Scope**: it's optional (the token will be scoped anyways) we can leave it blank
 
-	![postman add auth](images/1E-postman-gettoken.png)
-
 	And click **Request Token**
 
 1. Now you should see the new token returned from Cognito. scroll down and click **Use Token**

docs/06-waf/README.md

@@ -68,142 +68,83 @@ If you have completed **Module 3: Input validation on API Gateway**, your API no
 
 </details>
 
-### Module 6A: Create a WAF ACL 
+### Module 6A: Describe a Web ACL
 
 Now let's start creating an AWS WAF to give us additional protection: 
 
 1. Go to the [AWS WAF Console](https://console.aws.amazon.com/wafv2/home#/wafhome)
 
-1. The AWS WAF console has recently released a new version: see [Introducing AWS Managed Rules for AWS WAF
-](https://aws.amazon.com/about-aws/whats-new/2019/11/introducing-aws-managed-rules-for-aws-waf/). However, this workshop has not been yet adapted to the new version. Therefore, we will be using the classic version of the WAF console. You can use the **Switch to AWS WAF Classic** button to switch to classic:
 
-	![](images/switch-waf-classic.png)
-
-1. Click on **Create web ACL** on the WAF Classic console
+1. Click on **Create web ACL** 
 
+	![](images/6A-create-web-acl.png)
 	![](images/classifc-waf-opening.png)
 
 1. In Step 1 of the ACL creation wizard, fill in:
 
 	* **Web ACL Name**: `ProtectUnicorn`
 	* **CloudWatch metric name**: this should be automatically populated for you
 	* **Region**: select the AWS region you chose for previous steps of the workshop
-	* **Resource type to associate with web ACL**: Pick `API Gateway`
-	* **Amazon API Gateway API**: Pick the API Gateway we deployed previously, `CustomizeUnicorns`
-	* **Stage**: select `dev`
-
-	![screenshot](images/web-acl-name.png)
-
-	and click **Next**
 
-### Module 6B: Create WAF conditions
+1. To associate the WAF with your API Gateway resources, click **add AWS resources** and select the API Gateway we deployed previously, `CustomizeUnicorns`
+	![screenshot](images/6A-associate-resources.png)
+	click **Add**
+	![screenshot](images/6A-web-acl-step-1.png)
+	and then **Next**
 
-1. Next you will create 2 different conditions. Let's start with a condition to restrict the maximum size of request body: 
 
-	* Go to **Size constraint conditions** section, click **Create condition**
-	* Give the condition a name, like `LargeBodyMatch`
-	* In Filter settings, add a filer on 
-		*  	**Part of the request to filter on**: body
-		*  **Comparison operator**: Greater than
-		*  **Size (Bytes)**: 3000
-	* Click **Add filter**  
-	* After the filter is added to the condition, click **Create**
+### Module 6B: Add web ACL rules
 
-	![screenshot](images/large-body-condition.png)
-
+1. Next you will create 3 different rules. Let's start with a rule to restrict the maximum size of request body: 
 
-1. Next, let's add a SQL injection condition. 
-
-	* Go to **SQL injection match conditions** section, click **Create condition**
-	* Give the condition a name, like `SQLinjectionMatch`
-	* Here, we want to add multiple rules to inspect multiple aspects of the request: request body, request URI and query strings 
-	* In the **Filter settings**, add 4 filters:
-
-		<table>
-		  <tr>
-		    <th></th>
-		    <th>Part of the request to filter on</th>
-		    <th>Transformation</th>
-		  </tr>
-		  <tr>
-		    <td>1</td>
-		    <td>Body</td>
-		    <td>None</td>
-		  </tr>
-		  <tr>
-		    <td>2</td>
-		    <td>Body</td>
-		    <td>URL decode</td>
-		  </tr>
-		  <tr>
-		    <td>3</td>
-		    <td>URI</td>
-		    <td>URL decode</td>
-		  </tr>
-		  <tr>
-		    <td>4</td>
-		    <td>Query string</td>
-		    <td>URL decode</td>
-		  </tr>
-		</table>
-	* Click **Create**
+	![screenshot](images/6B-own-rule.png)
+	* **Rule Type** select **Rule Builder**
+	* **Rule Name** Give the rulle a name, like `LargeBodyMatch`
+	* **Type** Regular rule
+	* **If a request** matches the statement
+	* **Inspect** Body
+	* **Content Type** Plain text
+	* **Match type** Size greater than
+	* **Size** `3000`
+	* **Action** Block
+	![screenshot](images/6B-large-body-rule.png)
+	* Then click **Add Rule**
 
-	![screenshot](images/sql-condition.png)
-
-1. Click **Next** to advance to the **Create rules** page 
-
-
-### Module 6C: Create WAF rules
 
+1. Next, let's add a SQL injection rule. 
 
-1.  Next, we create **Rules** that are composed of one or more **Conditions**. Let's start by creating a rule based on the request body size condition:
-
-	* Click **Create Rule** 
-	* Give it a name, like `LargeBodyMatchRule`
-	* For 	**Rule type**, keep `Regular rule`
-	* In Add conditions section, select 
-		* 	`does`
-		*  `match at least one of the filters in the size constraint condition `
-		*  `LargeBodyMatch`  -- the name of the condition we created for large request body in 6B 
-
-	* Then click **Create** 
+	![screenshot](images/6B-managed-rule.png)
+	* Expand the **AWS managed rule groups** section
+	* toggle the **SQL database** option
+	![screenshot](images/6B-sql-managed-rule.png)
+	* Then click **Add Rule**
 
-	![screenshot](images/large-body-rule.png)
-
-1. Next, we create the rule for SQL injection. 
-
-	* Click **Create Rule** 
-	* Give it a name, like `SQLinjectionRule`
-	* For **Rule type**, keep `Regular rule`
-	* In Add conditions section, select 
-		* 	`does`
-		*  `match at least one of the filters in the SQL injection match condition `
-		*  `SQlInjectionMatch`  -- the name of the condition we created for SQL injection in 6B 
-	*  Then click **Create**
-
-	![screenshot](images/sql-rule.png)
 
 1. Lastly, we can create a rate-based rule that prevents an overwhelming number of requests (either valid or invalid) from flooding our API:
 
-	* Click **Create Rule** 
-	* Give it a name, like `RequestFloodRule`
+	![screenshot](images/6B-own-rule.png)
+	* Give it a **Name**, like `RequestFloodRule`
 	* For **Rule type**, select `Rate-based rule`
 	* For **Rate limit**, use `2000` 
+	* **IP address to use for rate limiting** Source IP address
+	* **Criteria to count request towards rate limit** Consider all requests
+	* **Action** Block
 	*  Then click **Create**
 
-	![screenshot](images/request-flood-rule.png)
+	![screenshot](images/6B-request-flood-rule.png)
 
 1. You should now see 3 rules in like below. Ensure you select `Block` if the request matches any of the rules. 
 
 	For **Default action**, select `Allow all requests that don't match any rules`
 
-	![screenshot](images/list-rules.png)
-
-1. Click **Review and create** 
+	![screenshot](images/6B-three-rules.png)
+ ### Modules 6C: Rule priorities, metrics and review
+1. Frome here you can use the default selected options, 
+
+	![screenshot](images/6B-rule-priorities.png)
 
-1. In the next page, review the configuration and click **Confirm and Create** 	
-
-	![screenshot](images/review-acl.png)
+	![screenshot](images/6B-metrics.png)
+1. and now you can **Create Web ACL**
 
 You have now added a WAF to our API gateway stage!