This guide will walk you through the steps to protect a workload from network-based attacks using AWS Web Application Firewall (WAF) integrated with Amazon CloudFront. We will use AWS CloudFormation to create an automated stack along Amazon Cloudfront to apply defense methods as it can assist with defending DDoS attacks.
* Aws account required — we will tear all the infrastructure down after this guide.
Step 1: Navigate to the AWS Cloudformation resources and click on “create stack.”
Step 2: enter: https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Security/Code/waf-global.yaml into the URL section which will reference an s3 bucket for the source file of resource to be provisioned by CloudFormation
Step 3: Stack name: Waf, then click next
Step 4: We will not be adding any tags on this guide however it is best practice to always add tags to your resources in AWS. Click next and “create stack” on the following screen to start the creation of the stack. Congrats you have just created a stack with a WAF primed for CloudFront to use.
Configuring CloudFront
Navigate to Cloudfront in the management console
Then click on Create Distribution
Click Get Started under the “Web” section
In Origin Domain Name enter the DNS or domain name from your elastic load balancer or EC2 instance.
Cloudfront Settings
In the distribution Settings section, click AWS WAF Web ACL, and select the one you created previously.
At the bottom click “create distribution.”
The value of the Status column for your distribution will change from In Progress to Deployed.
When your distribution is deployed, confirm that you can access your content using your new CloudFront URL or CNAME. Copy the Domain Name into a web browser to test. You must have previously created a web app and a VPC to point the origin to the ec2 instance (which will have to contain the web app data) provisioned by a previous CloudFormation stack example.
Tear Down
CloudFront — click on the distribution and disable. Once disabled you can then click on it once again and delete the distribution.
CloudFormation — click on the stack previously created and click delete stack at the top near the search bar. This may take a little longer but ensure it has deleted so that you will not be charged. Different stack names below (I forgot to take a screenshot before I deleted my stack) but here is an example of where the buttons are located.