Posted On: Feb 24, 2023

AWS App Runner now supports AWS web application firewall (WAF). AWS WAF gives you control over what traffic reaches your web applications or APIs depending upon your security and business needs. App Runner makes it easier for developers to quickly deploy containerized web applications and APIs to the cloud, at scale, and without managing infrastructure. Now, you can strengthen the security posture of your web applications against web exploits and bots while benefiting from the simplicity and scalability offered by App Runner. You can place a security layer in form of WAF web access control lists (web ACLs) in front of your App Runner service endpoint to allow, block, or monitor web requests to your applications on the basis of predefined rules such as IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting.

You can create WAF web ACLs using custom rules or use Managed Rule Groups for AWS WAF, a set of pre-configured rules managed by AWS or AWS Marketplace sellers to address common security risks. You can then attach web ACL to your App Runner service while creating or updating an App Runner service. This feature is supported across all App Runner interfaces such as App Runner console, AWS Copilot CLI, AWS CLI, CloudFormation, and AWS cloud development kit (CDK). To learn more about using this feature in App Runner, see WAF section in the developer guide. To learn more about App Runner, see the AWS App Runner Developer Guide.