Ensure that all your AWS CloudFront web distributions are integrated with the Web Application Firewall (AWS WAF) service to protect against application-layer attacks that can compromise the security of your web applications or place unnecessary load on them.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
With AWS Cloudfront – WAF integration enabled you will be able to block any malicious requests made to your Cloudfront Content Delivery Network based on the criteria defined in the WAF Web Access Control List (ACL) associated with the CDN distribution.
To determine if your Cloudfront distributions are integrated with AWS WAF, perform the following:
Remediation / Resolution
To integrate CloudFront with AWS WAF you must create the required WAF Access Control List and associate it with the appropriate web distribution. To define and assign a new web ACL, perform the following:
(Optional): To associate the ACL created at the previous step with other CloudFront web distributions (other than the one selected during the ACL setup), perform the following:
- AWS Documentation
- Amazon CloudFront FAQs
- What is AWS WAF?
- Working with Web ACLs
- Values that You Specify When You Create or Update a Web Distribution
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
CloudFront Integrated With WAF
Risk level: Medium