Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

How do I associate a WAF with an API Gateway?

0

I set up an API Gateway route, which works. I now want to protect it with a WAF.

I found https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html, which refers to a "Settings" tab inside the stage editor in API Gateway; this doesn't exist for me. All that I see associated with the stage are stage variables and tags.

Likewise, from the WAF, it looks like I should be able to associate an API Gateway resource with the WAF; however, my route/stage isn't findable in any of the dialogs.

What gives? I am on free tier for both, if that is a factor.

Argomenti
Sicurezza, identità e conformitàServerlessFront-end web e dispositivi mobiliNetworking e distribuzione di contenutiAWS Well-Architected Framework
Tag
AWS WAFGateway API di AmazonSicurezza
Lingua
English
rePost-User-7220584
posta un anno fa2451 visualizzazioni
6 Risposte
3

WAF is only available for REST APIs, not HTTP. https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html#waf-intro

profile pictureAWS
ESPERTO
kentrad
con risposta un anno fa
profile picture
ESPERTO
Riku_Kobayashi
verificato un anno fa
2

Hi, WAF is available for Rest api type as mentioned above.

If you have http api type, you can either front your api Gateway with CloudFront and associate WAF with CloudFront, or add an Application Load Balancer (ALB) after the api gateway, and associate WAF with the ALB.

Hope it helps ;)

profile picture
ESPERTO
Antonio_Lagrotteria
con risposta un anno fa
profile picture
ESPERTO
Riku_Kobayashi
verificato un anno fa
1

The following steps in AWS WAF will help you to set up the system.
When linking AWS WAF Web ACLs, create a Web ACL in the same region as the API Gateway.
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-associating-aws-resource.html

profile picture
ESPERTO
Riku_Kobayashi
con risposta un anno fa
0

Ah yes, you are right. Sorry, was confused by the region in the top bar, which is set to global when I click to ACLs. However, I have the same view as you for the actual creation; and, my ACL is created in US-east-1, as is the API gateway. Here's what I see:

Enter image description here

Enter image description here

Enter image description here

Enter image description here

rePost-User-7220584
con risposta un anno fa
  • Riku_Kobayashi ESPERTO
    un anno fa

    Although the protocol is HTTP, WAF can only be configured for Rest API. Are you creating an API Gateway with Rest API?

0

Yeah, that doesn't work either because the API Gateway resource is not listed in the Add AWS Resources tab.

The region might be the issue - I can only create ACLs in "Global" (they others are grayed out), whereas the API Gateway is us-east-1.

rePost-User-7220584
con risposta un anno fa
0

My screen allows me to choose a region on the Web ACL screen.
waf

When creating the Web ACL, did you select "Regional resources"?
waf1

profile picture
ESPERTO
Riku_Kobayashi
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente