How to manage WAF with cloudfront signed cookie

Hi there. There is my architecture:

WAF [Check for some cookies exists, else, redirect to login] -->

Cloudfront with behaviors with signed cookie for trust key groups and cache static resources -->

API GW -->

LB -->

EKS

Everything worked find until we integrated the signed cookie with key group trust and then, it's seems that the signed cookie key validation happens before the WAF staff, so we get 403 at any case, before the login itself.

Any idea how to manage that the WAF will occurs before the CF signed cookie validation?

Thanks.

Topics

Security, Identity, & Compliance Networking & Content Delivery

Relevant content

Files for Signed cookie-based authentication with Amazon CloudFront and AWS Lambda@Edge + Email Logging
Nathaniel N
asked 2 years ago
Strange Behavior with CloudFront CORS requests using signed cookies and with credentials, not sending back Access-Control-Allow-Credentials unless I include some extra header
AWS-User-1951540
asked 2 years ago
Set Cloudfront signed cookie depending on the source IP adress
Mark Wiesenthal
asked 5 months ago
Signed Cookies for Cloudfront not working
FloRag
asked a year ago
How do I troubleshoot 403 errors from CloudFront?
AWS OFFICIALUpdated a year ago
How do I troubleshoot issues related to a signed URL or signed cookies in CloudFront?
AWS OFFICIALUpdated 4 months ago
How do I set the secure flag for Application Load Balancer cookies?
AWS OFFICIALUpdated a month ago
How do I get CloudFront to comply with my organization’s requirement to use DNSSEC?
AWS OFFICIALUpdated 9 months ago
How to use JWT tokens for authorization with AWS KMS in NodeJs Lambdas
EXPERT
Antonio_Lagrotteria
published a month ago
How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtime
EXPERT
Matt-B
published a year ago