CloudFront distributions should be protected by WAFs¶
WAF should be deployed on CloudFront distributions to protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
Console Remediation Steps¶
Navigate to WAF.
In the navigation pane, choose Web ACLs.
Choose the web ACL that you want to associate with an API Gateway API, CloudFront distribution, or Application Load Balancer.
On the Rules tab, under AWS resources using this web ACL, choose Add association.
When prompted, use the Resource list to choose the API Gateway API, CloudFront distribution, or Application Load Balancer that you want to associate this web ACL with. If you choose an Application Load Balancer, you also must specify a region.
To associate this web ACL with an additional API Gateway API, CloudFront distribution, or another Application Load Balancer, repeat the last three steps.