Unable to add web ACL to CloudFront distribution



I'm trying to add a web ACL in front of my CloudFront distribution but it keeps failing. I'm able to create new web ACLs. When I do I try to associate the distribution with the ACL from the beginning. Creation is successful but when I check the associated resources the list is always empty. See screenshots:

Adding distribution during creation creation is successful No associated resources after creation

If I try to add the distribution after the ACL has already been created I get the following error: acl error

I have created web ACLs for other resources already and I am the one that created the CloudFront distribution so I don't think permissions are an issue.

Any help is appreciated. Thank you!

asked 15 days ago74 views
1 Answer

Hi suvan,

"You can use an AWS WAF web ACL to protect global or regional resource types. You do this by associating the web ACL with the resources that you want to protect. The web ACL and any AWS WAF resources that it uses must be located in the Region where the associated resource is located. For Amazon CloudFront distributions, this is set to US East (N. Virginia)." https://docs.aws.amazon.com/waf/latest/developerguide/how-aws-waf-works-resources.html

Did you check the region?

profile picture
answered 15 days ago
  • Hey Vitor, thanks for your response! I saw that documentation but I also don't have the option to select my cloudfront distribution unless I select the global region. That is if I try to associate it during or after web ACL creation

  • Hi suvan,

    For CloudFront, the associated Web ACL should indeed be global.

    Did you create your ACL in the "Global (CloudFront)" scope when setting it up in AWS WAF?

    Remember, even though CloudFront is global, you'll still choose a region within the Web ACLs section.

  • Yup, I only have the option to select the CloudFront distribution if I'm on the global region in the ACL menu

  • Did you created ACL Globally? You can select it inside ACL creation page.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions