Integration

Connect your AWS account to the Praetorian Guard platform for automated WAF resource discovery, scanner bypass configuration, and continuous security auditing across both Regional and CloudFront WAFv2 deployments.<h3>Highlights</h3><ul><li>Scanner IP Whitelisting — Automatically creates a <code>chariot-scanner-bypass</code> IP set and wires bypass rules into every WebACL so Guard scanners are not blocked by AWS WAF</li><li>Full Resource Discovery — Enumerates Web ACLs, IP Sets, Rule Groups, and Regex Pattern Sets across both REGIONAL and CLOUDFRONT scopes, with optional Firewall Manager policy discovery</li><li>5-Point Security Audit — Flags missing WebACLs, default-allow actions, empty rule sets, absent rate limiting, and overly permissive COUNT-only configurations</li><li>Cross-Account Role Support — Connects via IAM role assumption with External ID for secure, confused-deputy-protected access</li></ul><h3>Get Started</h3>Documentation can be found at<a target="_blank" rel="noopener noreferrer nofollow" href="https://docs.praetorian.com/en/articles/4068564-aws-waf">https://docs.praetorian.com/en/articles/4068564-aws-waf</a>To integrate go to Integrations &gt; Firewall &gt; AWS WAF, then connect with your IAM Role ARN and External ID.

AWS WAF Integration

Help Center

Improved

Fixed

Capability

Feature

praetorian

In Review

Planned

In Progress

Completed

Rejected

Testing

Urgent Priority

High Priority

Medium Priority

Low Priority

Backlog

Next up

Done

Main Roadmap

Hey {name|there}! 👋