AWS API Gateway with AWS WAF

+4 votes

I wish to use AWS Web Application Firewall service with AWS API Gateway. However AWS WAF works only with AWS CloudFront distributions.

If you refer this post: https://forums.aws.amazon.com/message.jspa?messageID=677382.

You will realise API Gateway creates a CloudFront distribution behind the scenes. But I don't see this distribution neither in the CloudFront console nor in the WAF console.

Is there any way to make use of the CloudFront distribution created by API Gateway for WAF?

Mar 27, 2018 in Cloud Computing by brat_1
• 7,080 points
397 views

3 answers to this question.

+3 votes
Well that is not possible,

Reason:

API Gateway would not provide access to back CloudFront distribution. To use WAF you would have to create a second distribution, which is inefficient but should functionally work.
answered Mar 27, 2018 by code_ninja
• 6,220 points
+2 votes

Why don't you associate the WAF with CloudFront.
Look when you create a WAF in step 4 you have to choose resources of Cloudfront distribution in that select the default distribution created by API gateway.
May be this would help.

answered Aug 16, 2018 by Priyaj
• 56,900 points
+1 vote
I had a similar issue, what is best you can do at this stage is ,

have api gateway terminate the SSL - make a call from api gateway to your alb , elb or nlb (is the best , if it fits your architecture) - have alb protected by the WAF with two ruleset 1. white list all the api gateways ip 2. have the http header accepted by api gateway only

this way you are securing your infra to its best.

if you have nlb, then you can have the private link to NLB straight, keep in mind NLB doesnt support path based routing, and cross zone application failover

I have asked AWS to raise a feature request for the same
answered Oct 11, 2018 by findingbugs
• 4,750 points

Related Questions In Cloud Computing

0 votes
1 answer

Can we Use Api keys with AWS API Gateway?

There is no getting away here. When ...READ MORE

answered Apr 18, 2018 in Cloud Computing by hemant
• 5,750 points
32 views
+2 votes
2 answers

Authenticated users with STS and API Gateway

RoleSessionName being an identifier for a defined ...READ MORE

answered Mar 27, 2018 in Cloud Computing by brat_1
• 7,080 points
116 views
+3 votes
3 answers

Is it possible to delete a API in AWS API Gateway?

Yes, it is possible to delete an ...READ MORE

answered Mar 27, 2018 in Cloud Computing by brat_1
• 7,080 points
668 views
+1 vote
2 answers

AWS: API Gateway Encoding for multipart/form-data

API Gateway now supports binary payloads. Simply ...READ MORE

answered Aug 22, 2018 in Cloud Computing by Priyaj
• 56,900 points
1,487 views
0 votes
1 answer

AWS: What is an API Gateway in AWS?

Amazon API Gateway is a fully managed ...READ MORE

answered Jul 26, 2018 in Cloud Computing by Meci Matt
• 9,420 points
48 views
0 votes
1 answer

AWS API Gateway should prevent use of TLS v1

API ( application programming interface )- It ...READ MORE

answered Aug 1, 2018 in Cloud Computing by ArchanaNagur
• 2,270 points
592 views
0 votes
1 answer

What approach do I need to take to upload files to Lambda function and API Gateway services?

If you want to upload bigger than ...READ MORE

answered Apr 17, 2018 in Cloud Computing by brat_1
• 7,080 points
46 views
0 votes
1 answer

Is there a way to test codes that are written against AWS API?

Please note that you should not integrate ...READ MORE

answered Apr 17, 2018 in Cloud Computing by brat_1
• 7,080 points
23 views
+4 votes
3 answers

Deploy RESTful API with .net framework 4.5 in AWS Lambda

This is an old question (somewhat), but ...READ MORE

answered Jan 16 in Cloud Computing by Kirk Davis
571 views
0 votes
1 answer

AWS: User Keys API Gateway

For identification you can generate one API ...READ MORE

answered May 22, 2018 in Cloud Computing by code_ninja
• 6,220 points
35 views