I want to use AWS WAF to protect my Amazon Elastic Compute Cloud (Amazon EC2) instance from common web vulnerabilities that can compromise security. I also want to protect my instance from bots that use excessive resources.
Resolution
You can't directly associate AWS WAF with an Amazon EC2 instance. Instead, register your instance as a target for your Application Load Balancer. Then, associate your web access control list (web ACL) in AWS WAF with the Application Load Balancer.
Create a target group and add the Amazon EC2 instance as its target
Complete the following steps:
- Open the Amazon EC2 console.
- In the navigation pane, under Load Balancing, choose Target Groups.
- Choose Create target group.
- Under Basic Configuration, set the following parameters:
For Choose a target type, select Instance to specify targets by instance ID.
For Target group name, enter a name for the target group.
Modify the Port and Protocol as needed.
For VPC, select the virtual private cloud (VPC) where your instance is located.
For Protocol version, select HTTP1, HTTP2, or gRPC based on your request protocol.
For health checks, see Health check settings.
- Choose Next.
- For Register targets, select your instances, and then enter your ports.
- Choose Include as pending below.
- Choose Create target group.
Configure an Application Load Balancer and listener
For instructions, see Step 3: Configure a load balancer and a listener.
Associate your web ACL with the Application Load Balancer
Complete the following steps:
- Open the AWS WAF console.
- In the navigation pane, choose Web ACLs.
- For Region, select the AWS Region where you created your web ACL.
Note: If your web ACL is set up for Amazon CloudFront, then select Global.
- Select your web ACL.
- Under Associated AWS resources, choose Add AWS resources.
- Select your Application Load Balancer.
- Choose Add.