Lech Migdal
Reputation: 3978
Amazon WAF + Amazon API Gateway
I was wondering - with both AWS WAF and AWS API Gateway, what are the best practices for choosing which resources to shield with them for max security?
Or is it simply:
- For all static content - use WAF over CloudFront
- For all REST api calls - secure it with API Gateway
- For everything else - secure it with WAF
Kind regards,
Upvotes: 2
Views: 5423
Answers (1)
Dave Maple
Reputation: 8402
I've been liking placing Cloudfront in front of API Gateway so that I can take advantage of WAF globally. Unfortunately you do pay for 2 Cloudfront requests with this solution (api gateway uses cloudfront behind the scenes).
AWS Shield Advanced is also pretty fantastic (and new) -- once again -- you can only leverage it via Cloudfront currently so you'd need to proxy API Gateway to utilize it.
Upvotes: 3
Related Questions
- AWS: Attach WAF to api gateway using cloudformation template
- AWS WAF has no effect on apigateway behind cloudfront
- Setup WAF for CloudFront and Load Balancer
- Applying WebACL to API Gateway
- AWS WAF + EC2 Instances
- WAF Standard Rules: Do we really have to configure everything manually?
- AWS API Gateway with AWS WAF
- AWS Cloudfront (with WAF) + API Gateway: how to force access through Cloudfront?
- Amazon WAF setup
- How to use AWS WAF with Application ELB