How to deploy Web Application Firewall in AWS Cloud?
We will help you to protect a workload from network-based attacks using AWS Web Application Firewall (WAF) integrated with Amazon CloudFront. Protecting the network and host-level boundaries
Objectives:
- System security configuration and maintenance
- Enforcing service-level protection
Steps:
- Configure AWS WAF
- Configure Amazon CloudFront
CONFIGURE AWS WAF
Using AWS CloudFormation, we will deploy a basic example AWS WAF configuration for use with CloudFront.
- Sign in to the AWS Management Console, select your preferred region, and open the CloudFormation console at https://console.aws.amazon.com/cloudformation/. Note if your CloudFormation console does not look the same, you can enable the redesigned console by clicking New Console in the CloudFormation menu.
- Click Create stack.
- Enter the following Amazon S3 URL:
https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Security/Code/waf-global.yaml
and click Next.
- Enter the following details:
- Stack name: The name of this stack. For this lab, use
waf
. - WAFName: Enter the base name to be used for resource and export names for this stack. For this lab, you can use
Lab1
. - WAFCloudWatchPrefix: Enter the name of the CloudWatch prefix to use for each rule using alphanumeric characters only. For this lab, you can use
Lab1
. The remainder of the parameters can be left as defaults.
- At the bottom of the page click Next.
- In this lab, we won’t add any tags or other options. Click Next. Tags, which are key-value pairs, can help you identify your stacks. For more information, see Adding Tags to Your AWS CloudFormation Stack.
- Review the information for the stack. When you’re satisfied with the configuration, click Create stack.
- After a few minutes, the stack status should change from CREATE_IN_PROGRESS to CREATE_COMPLETE.
- You have now set up a basic AWS WAF configuration ready for CloudFront to use!
CONFIGURE AMAZON CLOUDFRONT
Using the AWS Management Console, we will create a CloudFront distribution, and link it to the AWS WAF ACL we previously created.
- Open the Amazon CloudFront console at https://console.aws.amazon.com/cloudfront/home.
- From the console dashboard, choose to Create Distribution.
- Click Get Started in the Web section.
- Specify the following settings for the distribution:
- In Origin Domain Name enter the DNS or domain name from your elastic load balancer or EC2 instance.
- In the distribution Settings section, click AWS WAF Web ACL, and select the one you created previously.
- Click Create Distribution.
- For more information on the other configuration options, see Values That You Specify When You Create or Update a Web Distribution in the CloudFront documentation.
- After CloudFront creates your distribution, the value of the Status column for your distribution will change from In Progress to Deployed.
- When your distribution is deployed, confirm that you can access your content using your new CloudFront URL or CNAME. Copy the Domain Name into a web browser to test.
For more information, see Testing a Web Distribution in the CloudFront documentation.
- You have now configured Amazon CloudFront with basic settings and AWS WAF.
For more information on configuring CloudFront, see Viewing and Updating CloudFront Distributions in the CloudFront documentation.
👋 Join us today !!
️Follow us on LinkedIn, Twitter, Facebook, and Instagram
If this post was helpful, please click the clap 👏 button below a few times to show your support! ⬇