How can I protect my Amazon EC2 instance with AWS WAF?

Last updated: 2022-07-21

I want to protect my Amazon Elastic Compute Cloud (Amazon EC2) instance from common web exploits and bots that can compromise security or consume excessive resources.

Short description

AWS WAF can’t be directly associated with an Amazon EC2 instance. Instead, register your Amazon EC2 instances as a target for your Application Load Balancer (ALB) and then associate AWS WAF with the ALB. To protect your Amazon EC2 instance with AWS WAF, do the following:

  1. Create a target group and add your Amazon EC2 instance as its target.
  2. Configure a load balancer and a listener.
  3. Associate your web ACL with the ALB in AWS WAF.

Resolution

Create a target group and add the Amazon EC2 instance as its target

  1. Open the Amazon EC2 console.
  2. In the navigation pane, under Load Balancing, choose Target Groups.
  3. Choose Create target group.
  4. In the Basic Configuration section, set the following parameters:
    For Choose a target type, select Instance to specify targets by instance ID.
    For Target group name, enter a name for the target group.
    Modify the Port and Protocol as needed.
    For VPC, select a virtual private cloud (VPC) where your EC2 instance is located.
    For Protocol version, select HTTP1 when the request protocol is HTTP/1.1, select HTTP2 when the request protocol is HTTP/2, or select gRPC when the request protocol is gRPC.
  5. Choose Next.
  6. For Register targets, select one or more instances, enter one or more ports, and then choose Include as pending below.
  7. Choose Create target group.

Configure a load balancer and listener

Associate your web ACL with the ALB in AWS WAF

  1. Open the AWS WAF console.
  2. In the navigation pane, choose Web ACLs.
  3. For Region, select the Region where you created your web ACL.
    Note: Select Global if your web ACL is set up for Amazon CloudFront.
  4. Select your web ACL.
  5. Choose Add AWS resources.
  6. Choose the ALB you created to associate this web ACL with.
  7. Choose Add.

Did this article help?


Do you need billing or technical support?