Case study


Enhancing Security with AWS WAF in CloudFront

In this article, you will learn:

Amazon Web Services (AWS) continues to develop its Amazon CloudFront service by introducing an innovative security feature. Now, you can simply secure your CloudFront distributions even further with AWS Web Application Firewall (WAF) security recommendations. This enhancement allows customers to improve their security on the 7th layer of OSI/ISO (application layer) with just a simple selection in the AWS console.

How is AWS WAF integrated into CloudFront?

Recently, AWS CloudFront implemented a "one-click" security protection mechanism in the AWS console.

waf integrates cloudfront

This feature helps with the creation and configuration of AWS WAF to secure your web applications. Now, by adding recommendations based on your CloudFront configuration and a new security dashboard, you can take your security to the next level.

New interactive CloudFront security dashboard

This new feature can be found in the CloudFront console under the “Security” tab. The interactive security dashboard brings AWS WAF visibility and controls directly to your CloudFront distribution, providing insights into your application’s top security trends as well as allowed and blocked traffic.

cloudfront security dashboard

You can also monitor bot activity. Investigative tools like a visual log analyzer and built-in blocking controls make it easy to isolate traffic patterns and block traffic without querying logs or writing security rules.

cloudfront bot control dashboard

New recommendations based on your CloudFront configuration

Customers may encounter an array of security scenarios, but let’s consider one simple example in which you've set up a cache behavior with a WordPress path pattern. In this case, CloudFront can suggest protections that block malicious request patterns typically associated with WordPress, PHP, and SQL databases. These added layers of security are designed to prevent attempts at exploiting vulnerabilities unique to these platforms.

waf cloudfront wordpress recommendation

But that's not all – to fend off potential HTTP floods, CloudFront has incorporated a guided workflow to rate-limit incoming requests. This feature is designed to ensure that requests don't overwhelm your infrastructure. The workflow initiates in monitor mode, capturing valuable metrics. It notifies you if your rate limits are exceeded, providing insights into the frequency and extent of such breaches. You can then adjust the rate limits or enable blocking right from the CloudFront console without any hassle.

waf cloudfront wordpress rate limiting

AWS WAF pricing

While standard AWS WAF pricing applies, AWS offers a built-in pricing calculator to help you estimate the cost of these security protections as you make your selections in the CloudFront console.

For comprehensive guidance on implementing these security enhancements, consult our AWS Solution Architect.

Book a meeting now

Similar blog posts

See all posts
CategoryCase Studies

Windy - The Extraordinary Tool for Weather Forecast Visualization

StormIT helps Windy optimize their Amazon CloudFront CDN costs to accommodate for the rapid growth.

Find out more
CategoryCase Studies

AWS Well-Architected Review Series: Healthcare Industry Client

Transforming healthcare AWS operations with StormIT using our expertise and the AWS Well-Architected Framework. Learn more.

Find out more
CategoryCase Studies - Breaking the Legacy Monolith into Serverless Microservices in AWS Cloud

The StormIT team helps with the creation of the AWS Cloud infrastructure with serverless services.

Find out more
CategoryCase Studies

AWS Well-Architected Review Series: Renewable Energy Industry Client

See how StormIT optimized a renewable energy client's AWS infrastructure through the Well-Architected Framework. Explore now...

Find out more
CategoryCase Studies

Microsoft Windows in AWS - Enhancing Kemper Technology Client Solutions with StormIT

StormIT helped Kemper Technology Consulting enhance its technical capabilities in AWS.

Find out more

Introducing FlashEdge: CDN from StormIT

Let’s look into some features of this new CDN created and recently launched by the StormIT team.

Find out more