I want to use AWS Web Application Firewall service with AWS API Gateway. AWS WAF works only with AWS CloudFront distributions.
According to this post https://forums.aws.amazon.com/message.jspa?messageID=677382 API Gateway creates a CloudFront distribution behind the scenes. Although I don't see this distribution neither in the CloudFront console nor in the WAF console.
Is there any way to make use of the CloudFront distribution created by API Gateway for WAF?
You can use AWS WAF to protect your API Gateway API from common web exploits, such as SQL injection and cross-site scripting (XSS) attacks. These could affect API availability and performance, compromise security, or consume excessive resources.
AWS WAF is tightly integrated with Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync – services that AWS customers commonly use to deliver content for their websites and applications.
WAFs protect web assets — including APIs — from malicious traffic originating from outside of the local network.
Unfortunately no, API Gateway does not provide access to the backing CloudFront distribution. To use WAF you would have to create a second distribution, which is inefficient but should functionally work.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With