Steven Yong
Reputation: 5436
Turning on AWS WAF geolocation restriction
I have a nodejs API running on an EC2 provisioned by Elastic Beanstalk, in Sydney region.
I setup a Cloudfront distribution to this Elastic Beanstalk.
I would like to protect my API by using AWS WAF by turning AWS WAF geolocation restriction, say to allow Australia only to be able to access the API.
What I am not sure is if I have a few Lambdas (in Sydney as well) that call to this API, will the calls be blocked when I turn WAF on?
Upvotes: 0
Views: 309
Answers (1)
James Dean
Reputation: 4421
- CloudFront has its own feature of Geo restriction, you don't need WAF(except you need to Whitelist IP addresses on CloudFront).
- If the lambda in SYD region is making a request to the API, it will be allowed if you whitelisted Australia in CloudFront. Basically Lambda falls in Ec2 IP range category.
Additionally, you can launch your Lambda function in VPC and whitelisted the NAT gateway IP in the WAF whitelist on top of Geo rule.
Upvotes: 1
Related Questions
- How to add the lambda on WAF accept origin
- Geo Restriction for API Gateway and Lambda
- Avoid Cloudfront Geographic restriction from restricting robots
- How to allow certain IP set resource with my WAF v2 via cloudformation?
- How to add EC2 IP address to CloudFront WAF automatically after start
- AWS WAF Create an ACL and rule to allow access to only one country to access the API gateway
- aws cloudformation WAF geo location condition
- Ability to whitelist AWS Lambda function with WAF or run Lambda in a VPC
- Cloudformation not launching WAF stack in required region
- AWS WAF update ip sets and rules specific to a region from lambda