0Pricing
AWS Security Academy · Lesson

Attaching WAF to CloudFront and ALB

Place WAF in front of the right edge or load balancer service.

WAF Needs a Host

WAF is not a standalone appliance; it must be associated with a resource that forwards requests to it. The supported integrations are CloudFront, Application Load Balancer (ALB), API Gateway, AppSync, Cognito user pools, and App Runner. Where you attach WAF determines where inspection happens.

CloudFront at the Edge

Attaching WAF to a CloudFront distribution inspects requests at AWS edge locations before they travel to your origin. This blocks attacks closest to the user, reduces backend load, and works globally. It is ideal for public websites and content delivery where edge filtering adds the most value.

All lessons in this course

  1. How AWS WAF Inspects Requests
  2. Rules, Rule Groups, and Web ACLs
  3. Managed Rules and Rate Limiting
  4. Attaching WAF to CloudFront and ALB
← Back to AWS Security Academy