Securing Your CloudFront Distributions with AWS WAF

In this comprehensive guide, we will walk through the process of deploying AWS Web Application Firewall (WAF) to a CloudFront distribution to enhance the security of your static website. Follow each step to inspect potential threats and establish robust protection against unwanted traffic.

Introduction

Securing your website is paramount in today’s digital landscape. AWS WAF, when integrated with CloudFront, offers a powerful solution to inspect and block potential threats. This guide will take you through the deployment process, allowing you to follow along seamlessly.

Prerequisites

Before we start, ensure you have the following:

• An AWS account with access to AWS WAF and CloudFront services.
• A static or dynamic website deployed on CloudFront.

Step 1: Deploying AWS WAF to Your Website

1. Access the AWS WAF console.

Create Web ACL

1. Create a new Web Access Control List (WACL) to define rules for your web traffic.

Create Name for WebACL

Associate your Web ACL with your CloudFront Distributions

1. Define Access Control Rules within the WACL, specifying conditions and actions for traffic.

Decide what rules you’d like for your WACL

Step 2: Configuring Managed Rules

1. Review and choose the OWASP Top Ten Core Set rule set of Managed Rules provided by AWS.

Under rules, click “Add rules”, then select “Add managed rule groups”.

Under “Free rule Groups”, select button for Core rule set to add to web ACL

1. Save the selected rules to be applied to your WACL.

Step 3: Monitoring Global Threats

During the project I was curious of how global threats occur, and how to potential block those IP addresses, web-surfing is likely how things happen most of the time.

1. Visit your website to analyze AWS WAF metrics and identify potential threats globally.

1. Review sample requests to understand the nature of suspected unwanted traffic.

Red, is where the unwanted traffic is, and the green is the IP address that I know and want to be allowed in.

Step 4: Restricting Access

1. Create an IP Set to allow only your own IP address.

AWS WAF, IP Sets

Create a IP set, include the set of Approved Ip Addresses.

1. Define a rule to permit traffic from the IP Set. Use Ip set, Not Rule Builder!

1. Adjust the rule priority, placing your custom rule above the OWASP Managed Rules.

Step 5: Testing and Verification

1. Visit your website from various locations to ensure your IP-specific rule works as intended.

The good IP should be recognized and the unwanted Ip Addresses should be blocked for good!

1. Monitor AWS WAF logs to verify the effectiveness of your rules.

Conclusion

Congratulations! You’ve successfully deployed AWS WAF to your CloudFront distribution, fortifying your website against potential threats. This guide has equipped you with the knowledge to inspect, filter, and control web traffic, ensuring a secure online environment.

Feel free to customize your rules based on ongoing monitoring and analysis of traffic patterns. Share your experiences or insights in the comments. Happy securing!