AWS API Gateway with AWS WAF

Question

AWS API Gateway with AWS WAF

I want to use the AWS Web Application Firewall service with the AWS API Gateway. AWS WAF only works with AWS CloudFront distributions.

According to this post https://forums.aws.amazon.com/message.jspa?messageID=677382, the Gateway API creates a CloudFront distribution behind the scenes. Although I do not see this distribution either in the CloudFront console or in the WAF console.

Can I use the CloudFront distribution created by the Gateway API for WAF?

+5

amazon-web-services amazon-cloudfront aws-api-gateway

medvedev1088 Apr 05 '16 at 8:45

source share

2 answers

Ok guys, I had a similar problem, what is the best thing you can do at this point,

there is an api gateway that completes SSL - make a call from Api Gateway to your alb, elb or nlb (it is better if it matches your architecture) - have alb protected by WAF with two sets of rules 1. a white list of all api ip gateways 2. have a header http accepted only by api gateway

in this way you keep your infrared to the limit.

if you have nlb, then you can have a direct link to NLB directly, keep in mind that NLB does not support route-based routing and application fault tolerance in the cross-zone

I asked AWS to raise a feature request for the same

+1

raaone7 Mar 21 '18 at 0:07

source share

Jack Kohn - AWS · Accepted Answer · 2016-04-05T15:22:55+0000

Unfortunately no, the Gateway API does not provide access to the CloudFront distribution. To use WAF, you will have to create a second distribution that is inefficient, but must function.

AWS API Gateway with AWS WAF

More articles: