How can I protect my Amazon EC2 instance with AWS WAF?
2 minute read
I want to protect my Amazon Elastic Compute Cloud (Amazon EC2) instance from common web exploits and bots that can compromise security or consume excessive resources.
AWS WAF can’t be directly associated with an Amazon EC2 instance. Instead, register your Amazon EC2 instances as a target for your Application Load Balancer (ALB) and then associate AWS WAF with the ALB. To protect your Amazon EC2 instance with AWS WAF, do the following:
Create a target group and add your Amazon EC2 instance as its target.
In the navigation pane, under Load Balancing, choose Target Groups.
Choose Create target group.
In the Basic Configuration section, set the following parameters:
For Choose a target type, select Instance to specify targets by instance ID.
For Target group name, enter a name for the target group.
Modify the Port and Protocol as needed.
For VPC, select a virtual private cloud (VPC) where your EC2 instance is located.
For Protocol version, select HTTP1 when the request protocol is HTTP/1.1, select HTTP2 when the request protocol is HTTP/2, or select gRPC when the request protocol is gRPC.
For Register targets, select one or more instances, enter one or more ports, and then choose Include as pending below.