AWS API Gateway with AWS WAF

+4 votes

I wish to use AWS Web Application Firewall service with AWS API Gateway. However AWS WAF works only with AWS CloudFront distributions.

If you refer this post: https://forums.aws.amazon.com/message.jspa?messageID=677382.

You will realise API Gateway creates a CloudFront distribution behind the scenes. But I don't see this distribution neither in the CloudFront console nor in the WAF console.

Is there any way to make use of the CloudFront distribution created by API Gateway for WAF?

Mar 27, 2018 in Cloud Computing by brat_1
• 7,200 points
1,917 views

3 answers to this question.

+3 votes
Well that is not possible,

Reason:

API Gateway would not provide access to back CloudFront distribution. To use WAF you would have to create a second distribution, which is inefficient but should functionally work.
answered Mar 27, 2018 by code_ninja
• 6,300 points
+2 votes

Why don't you associate the WAF with CloudFront.
Look when you create a WAF in step 4 you have to choose resources of Cloudfront distribution in that select the default distribution created by API gateway.
May be this would help.

answered Aug 16, 2018 by Priyaj
• 58,020 points
+1 vote
I had a similar issue, what is best you can do at this stage is ,

have api gateway terminate the SSL - make a call from api gateway to your alb , elb or nlb (is the best , if it fits your architecture) - have alb protected by the WAF with two ruleset 1. white list all the api gateways ip 2. have the http header accepted by api gateway only

this way you are securing your infra to its best.

if you have nlb, then you can have the private link to NLB straight, keep in mind NLB doesnt support path based routing, and cross zone application failover

I have asked AWS to raise a feature request for the same
answered Oct 11, 2018 by findingbugs
• 4,780 points

Related Questions In Cloud Computing

0 votes
1 answer

Can we Use Api keys with AWS API Gateway?

There is no getting away here. When ...READ MORE

answered Apr 18, 2018 in Cloud Computing by hemant
• 5,790 points
561 views
+2 votes
2 answers

Authenticated users with STS and API Gateway

RoleSessionName being an identifier for a defined ...READ MORE

answered Mar 27, 2018 in Cloud Computing by brat_1
• 7,200 points
1,662 views
+3 votes
3 answers

Is it possible to delete a API in AWS API Gateway?

Yes, it is possible to delete an ...READ MORE

answered Mar 27, 2018 in Cloud Computing by brat_1
• 7,200 points
4,825 views
+1 vote
2 answers

AWS: API Gateway Encoding for multipart/form-data

API Gateway now supports binary payloads. Simply ...READ MORE

answered Aug 22, 2018 in Cloud Computing by Priyaj
• 58,020 points
6,568 views
0 votes
1 answer

AWS: What is an API Gateway in AWS?

Amazon API Gateway is a fully managed ...READ MORE

answered Jul 26, 2018 in Cloud Computing by Meci Matt
• 9,460 points
1,367 views
0 votes
1 answer

AWS API Gateway should prevent use of TLS v1

API ( application programming interface )- It ...READ MORE

answered Aug 1, 2018 in Cloud Computing by ArchanaNagur
• 2,360 points
2,283 views
0 votes
0 answers
0 votes
1 answer

What approach do I need to take to upload files to Lambda function and API Gateway services?

If you want to upload bigger than ...READ MORE

answered Apr 17, 2018 in Cloud Computing by brat_1
• 7,200 points
857 views
+4 votes
3 answers

Deploy RESTful API with .net framework 4.5 in AWS Lambda

This is an old question (somewhat), but ...READ MORE

answered Jan 17, 2019 in Cloud Computing by Kirk Davis
3,264 views
0 votes
1 answer

AWS: User Keys API Gateway

For identification you can generate one API ...READ MORE

answered May 22, 2018 in Cloud Computing by code_ninja
• 6,300 points
697 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP