Skip to content

epomatti/aws-cloudfront-waf

BranchesTags

Repository files navigation

AWS CloudFront WAF

CloudFront with WAF serving S3 and ELB origins.

Create the infrastructure

Create the .auto.tfvars:

cp config/template.auto.tfvars .auto.tfvars

Apply the infrastructure:

terraform init
terraform apply -auto-approve

Origins will be available for testing:

Standard logs (access logs) will be enabled by default:

CloudFront managed prefix

Additional security can be implemented by restricting the ELB into accepting only CloudFront origins. Enable that by setting the security group to use the AWS managed prefix com.amazonaws.global.cloudfront.origin-facing.

Note

The managed prefix ID will vary depending on the regions

enable_cloudfront_managed_prefix      = true
elb_cloudfront_managed_prefix_list_id = "pl-b6a144df"

More can be found in the location for edge servers and restricting access to load balancer.

Clean-up

terraform destroy -auto-approve

About

CloudFront with ELB and S3 origins + WAF

Topics

aws terraform waf aws-elb cloudfront elb aws-cloudfront aws-security aws-waf

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages