Posted On: May 10, 2023

You can now secure your web applications and APIs with AWS WAF with a single click in the Amazon CloudFront console. CloudFront can create and configure out-of-the-box AWS WAF protection for your application as a first line of defense against common web threats. Optionally, you can later configure additional security protections against bots and fraud or other threats specific to your application in the AWS WAF console.

Previously, you could secure your CloudFront distributions with AWS WAF by preconfiguring an AWS WAF web access control list (web ACL) containing the security rules you wanted to enable. While this approach offers flexibility, you had to decide which initial security rules to enable, and you needed to interact with both the CloudFront and AWS WAF management consoles. Now, CloudFront handles creating and configuring AWS WAF for you with out-of-the-box protections recommended by AWS for all applications. This simple and convenient way to protect your web applications and APIs is available in the CloudFront console at the time you create or edit your distribution. Customers who prefer to use an existing web ACL may continue to select a preconfigured web ACL instead.

One click security protection with AWS WAF is now available in the new Web Application Firewall (WAF) section of the CloudFront console and can be used to configure new or existing CloudFront distributions. Standard pricing for AWS WAF applies. You can estimate the price of AWS WAF security protections using the built-in pricing calculator when making your selection in the CloudFront console. To learn more, refer to the CloudFront Developer Guide.