How to deploy Web Application Firewall in AWS Cloud?
We will help you to protect a workload from network-based attacks using AWS Web Application Firewall (WAF) integrated with Amazon CloudFront. Protecting the network and host-level boundaries
Objectives:
- System security configuration and maintenance
- Enforcing service-level protection
Steps:
- Configure AWS WAF
- Configure Amazon CloudFront
CONFIGURE AWS WAF
Using AWS CloudFormation, we will deploy a basic example AWS WAF configuration for use with CloudFront.
- Sign in to the AWS Management Console, select your preferred region, and open the CloudFormation console at https://console.aws.amazon.com/cloudformation/. Note if your CloudFormation console does not look the same, you can enable the redesigned console by clicking New Console in the CloudFormation menu.
- Click Create stack.
- Enter the following Amazon S3 URL:
https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Security/Code/waf-global.yamland click Next.
- Enter the following details:
- Stack name: The name of this stack. For this lab, use
waf. - WAFName: Enter the base name to be used for resource and export names for this stack. For this lab, you can use
Lab1. - WAFCloudWatchPrefix: Enter the name of the CloudWatch prefix to use for each rule using alphanumeric characters only. For this lab, you can use
Lab1. The remainder of the parameters can be left as defaults.
- At the bottom of the page click Next.
- In this lab, we won’t add any tags or other options. Click Next. Tags, which are key-value pairs, can help you identify your stacks. For more information, see Adding Tags to Your AWS CloudFormation Stack.
- Review the information for the stack. When you’re satisfied with the configuration, click Create stack.
- After a few minutes, the stack status should change from CREATE_IN_PROGRESS to CREATE_COMPLETE.
- You have now set up a basic AWS WAF configuration ready for CloudFront to use!
CONFIGURE AMAZON CLOUDFRONT
Using the AWS Management Console, we will create a CloudFront distribution, and link it to the AWS WAF ACL we previously created.
- Open the Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/home.
- From the console dashboard, choose to Create Distribution.
- Click Get Started in the Web section.
- Specify the following settings for the distribution:
- In Origin Domain Name enter the DNS or domain name from your elastic load balancer or EC2 instance.
- In the distribution Settings section, click AWS WAF Web ACL, and select the one you created previously.
- Click Create Distribution.
- For more information on the other configuration options, see Values That You Specify When You Create or Update a Web Distribution in the CloudFront documentation.
- After CloudFront creates your distribution, the value of the Status column for your distribution will change from In Progress to Deployed.
- When your distribution is deployed, confirm that you can access your content using your new CloudFront URL or CNAME. Copy the Domain Name into a web browser to test.
For more information, see Testing a Web Distribution in the CloudFront documentation.
- You have now configured Amazon CloudFront with basic settings and AWS WAF.
For more information on configuring CloudFront, see Viewing and Updating CloudFront Distributions in the CloudFront documentation.
👋 Join us today !!
️Follow us on LinkedIn, Twitter, Facebook, and Instagram
If this post was helpful, please click the clap 👏 button below a few times to show your support! ⬇
