AWS Application Load Balancer announces CloudFront integration with built-in WAF
We are announcing a new one-click integration on Application Load Balancer (ALB) to attach an Amazon CloudFront distribution from the ALB console. This enables the easy use of CF as a distributed single point of entry for your application that ingests, absorbs, and filters all inbound traffic before it reaches your ALB. The features also enables an AWS WAF preconfigured WebACL with basic security protections as a first line of defense against common web threats. Overall, you can easily enable seamless protections from ALB, CloudFront, and AWS WAF with minimal configurations to secure your application.
Previously to accelerate and secure your applications, you had to configure a CloudFront distribution with proper caching, request forwarding, and security protections that connected to your ALB on the right port and protocol. This required navigation between multiple services and manual configuration. With this new integration, the ALB console handles the creation and configuration of ALB, CloudFront and AWS WAF. CloudFront enables your application’s Cache-Control headers to cache content like HTML, CSS/JavaScript, and images close to viewers, improving performance and reducing load on your application. With an additional checkbox, you can attach a security group configured to allow traffic from CloudFront IP addresses; if maintained as the only inbound rule, it ensures all requests are processed and inspected by CloudFront and WAF.
This new integration is available for both new and existing Application Load Balancers. Standard ALB, CloudFront, and AWS WAF pricing apply. The feature is available in all commercial AWS Regions. To learn more about this feature, visit the ALB and CloudFront sections in the AWS User Guide.