AWS API Gateway with AWS WAF
Question
I want to use AWS Web Application Firewall service with AWS API Gateway. AWS WAF works only with AWS CloudFront distributions.
According to this post https://forums.aws.amazon.com/message.jspa?messageID=677382 API Gateway creates a CloudFront distribution behind the scenes. Although I don't see this distribution neither in the CloudFront console nor in the WAF console.
Is there any way to make use of the CloudFront distribution created by API Gateway for WAF?
3 answers
solution1
3 ACCPTED 2016-04-05 15:22:55
Unfortunately no, API Gateway does not provide access to the backing CloudFront distribution. To use WAF you would have to create a second distribution, which is inefficient but should functionally work.
solution2
2 2019-02-23 02:53:49
AWS API Gateway最近(2018年11月左右)添加了此功能https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html
solution3
1 2018-03-21 00:07:19
Alright guys, i had a similar issue, what is best you can do at this stage is ,
have api gateway terminate the SSL - make a call from api gateway to your alb , elb or nlb (is the best , if it fits your architecture) - have alb protected by the WAF with two ruleset 1. white list all the api gateways ip 2. have the http header accepted by api gateway only
this way you are securing your infra to its best.
if you have nlb, then you can have the private link to NLB straight, keep in mind NLB doesnt support path based routing, and cross zone application failover
I have asked AWS to raise a feature request for the same
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.