Automated Deployment of Web Application Firewall (WAF)

Bmwitcher
3 min readJun 27, 2020

--

This guide will walk you through the steps to protect a workload from network-based attacks using AWS Web Application Firewall (WAF) integrated with Amazon CloudFront. We will use AWS CloudFormation to create an automated stack along Amazon Cloudfront to apply defense methods as it can assist with defending DDoS attacks.

* Aws account required — we will tear all the infrastructure down after this guide.

Step 1: Navigate to the AWS Cloudformation resources and click on “create stack.”

Step 2: enter: https://s3-us-west-2.amazonaws.com/aws-well-architected-labs/Security/Code/waf-global.yaml into the URL section which will reference an s3 bucket for the source file of resource to be provisioned by CloudFormation

Step 3: Stack name: Waf, then click next

Step 4: We will not be adding any tags on this guide however it is best practice to always add tags to your resources in AWS. Click next and “create stack” on the following screen to start the creation of the stack. Congrats you have just created a stack with a WAF primed for CloudFront to use.

Configuring CloudFront

Navigate to Cloudfront in the management console

Then click on Create Distribution

Click Get Started under the “Web” section

In Origin Domain Name enter the DNS or domain name from your elastic load balancer or EC2 instance.

Cloudfront Settings

In the distribution Settings section, click AWS WAF Web ACL, and select the one you created previously.

At the bottom click “create distribution.”

The value of the Status column for your distribution will change from In Progress to Deployed.

When your distribution is deployed, confirm that you can access your content using your new CloudFront URL or CNAME. Copy the Domain Name into a web browser to test. You must have previously created a web app and a VPC to point the origin to the ec2 instance (which will have to contain the web app data) provisioned by a previous CloudFormation stack example.

Tear Down

CloudFront — click on the distribution and disable. Once disabled you can then click on it once again and delete the distribution.

CloudFormation — click on the stack previously created and click delete stack at the top near the search bar. This may take a little longer but ensure it has deleted so that you will not be charged. Different stack names below (I forgot to take a screenshot before I deleted my stack) but here is an example of where the buttons are located.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Bmwitcher
Bmwitcher

Written by Bmwitcher

DevSecOps Professional — AWS Certified DevOps Professional/Security Specialty/SA Pro, Gitlab Certified, Terraform Associate GCP-ACE Certfied and more…

No responses yet

Write a response