Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/epomatti/aws-cloudfront-waf

CloudFront with ELB and S3 origins + WAF
https://github.com/epomatti/aws-cloudfront-waf

aws aws-cloudfront aws-elb aws-security aws-waf cloudfront elb terraform waf

Last synced: about 1 month ago
JSON representation

CloudFront with ELB and S3 origins + WAF

Awesome Lists containing this project

README 

          
# AWS CloudFront WAF



CloudFront with WAF serving S3 and ELB origins.






## Create the infrastructure



Create the `.auto.tfvars`:



```sh

cp config/template.auto.tfvars .auto.tfvars

```



Apply the infrastructure:



```sh

terraform init

terraform apply -auto-approve

```



Origins will be available for testing:






[Standard logs][1] (access logs) will be enabled by default:






## CloudFront managed prefix



Additional security can be implemented by [restricting the ELB][2] into accepting only CloudFront origins. Enable that by setting the security group to use the AWS managed prefix `com.amazonaws.global.cloudfront.origin-facing`.



> [!NOTE]

> The managed prefix ID will vary depending on the regions



```terraform

enable_cloudfront_managed_prefix      = true

elb_cloudfront_managed_prefix_list_id = "pl-b6a144df"

```



More can be found in the [location for edge servers][3] and [restricting access to load balancer][4].



---



### Clean-up



```sh

terraform destroy -auto-approve

```



[1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html

[2]: https://aws.amazon.com/blogs/networking-and-content-delivery/limit-access-to-your-origins-using-the-aws-managed-prefix-list-for-amazon-cloudfront/

[3]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html

[4]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/restrict-access-to-load-balancer.html