Ensure that all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service to protect against application-layer attacks that can compromise the security of your web applications or place unnecessary load on them.
With AWS Cloudfront – WAF integration enabled you will be able to block any malicious requests made to your Cloudfront Content Delivery Network based on the criteria defined in the WAF Web Access Control List (ACL) associated with the CDN distribution.
To determine if your Cloudfront distributions are integrated with AWS WAF, perform the following:
To integrate CloudFront with AWS WAF you must create the required WAF Access Control List and associate it with the appropriate web distribution. To define and assign a new web ACL, perform the following:
(Optional): To associate the ACL created at the previous step with other CloudFront web distributions (other than the one selected during the ACL setup), perform the following: