Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Should I attach WAF to ALB or to API Gateway

0

I'm looking to implement the architecture described here : https://aws.amazon.com/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/.

Diagram showing an architecture that consists of Global Accelerator to Application Load Balancer to VPC Endpoint Interfaces to API Gateway

I'm wondering where the best place to attach a WAF - to the ALB or to the the API Gateway?

Topics
ServerlessFront-End Web & MobileSecurity, Identity, & ComplianceNetworking & Content Delivery
Tags
Amazon API GatewayApplication Load BalancerAWS Global AcceleratorAWS WAFNetworking & Content Delivery
Language
English
asked 3 years ago996 views
1 Answer
2
Accepted Answer

Hi,

The AWS WAF should be your first line of defense to protect web applications and APIs from attacks that could affect their availability and performance, compromise security, or consume excessive resources.

Therefore, I will attach it to the ALB.

EXPERT
answered 3 years ago
AWS
EXPERT
reviewed 3 years ago
AWS
EXPERT
reviewed 3 years ago
EXPERT
reviewed 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content