CloudFront distributions should be protected by WAFs

Description

WAF should be deployed on CloudFront distributions to protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

Console Remediation Steps

  • Navigate to WAF.

  • In the navigation pane, choose Web ACLs.

  • Choose the web ACL that you want to associate with an API Gateway API, CloudFront distribution or Application Load Balancer.

  • On the Rules tab, under AWS resources using this web ACL, choose Add association.

  • When prompted, use the Resource list to choose the API Gateway API, CloudFront distribution or Application Load Balancer that you want to associate this web ACL with. If you choose an Application Load Balancer, you also must specify a region.

  • Choose Add.

  • To associate this web ACL with an additional API Gateway API, CloudFront distribution or another Application Load Balancer, repeat steps 4 through 6.

CLI Remediation Steps