AWS CloudFront Not Integrated With WAF

Description:

AWS CloudFront is a content delivery network (CDN) service that distributes content globally with low latency. AWS Web Application Firewall (WAF) is a security service that helps protect your web applications and APIs against common web threats. By not integrating CloudFront with WAF, you miss out on the opportunity to detect and block malicious traffic targeting your application. This leaves your application more vulnerable to threats such as SQL injection, cross-site scripting (XSS), and other web application vulnerabilities.

Remediation:

1. Integrate CloudFront with AWS WAF:

AWS Management Console:
  • Navigate to the WAF & Shield service in the AWS Console.
  • Choose WebACLs from the sidebar.
  • Click Create web ACL.
  • Follow the setup process, defining your rules and rule groups.
  • After creating the WebACL, return to the list of WebACLs.
  • Click on the name of the WebACL you created.
  • Under the AWS resources using this web ACL, click Add association.
  • Choose your CloudFront distribution from the list and associate it with the WebACL.
Terraform:

To integrate CloudFront with AWS WAF using Terraform, you can use the following snippet:

resource "aws_wafv2_web_acl" "example" {
  # ... WAF configurations ...

  scope = "CLOUDFRONT"
}

resource "aws_cloudfront_distribution" "s3_distribution" {
  # ... other CloudFront configurations ...

  web_acl_id = aws_wafv2_web_acl.example.id
}

Make sure you've defined the necessary rules and configurations under the aws_wafv2_web_acl resource.

Recommendation:

Always consider integrating CloudFront distributions with AWS WAF, especially if they serve web applications or APIs. AWS WAF can help mitigate many common web application vulnerabilities by providing a protective layer that screens incoming traffic. Regularly review and update WAF rules to ensure they're effective against emerging threats. Integration with WAF not only strengthens security but also provides enhanced metrics and insights into potentially malicious traffic patterns.

Updated 5 months ago