Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Enabling AWS WAF for an Amplify application in the AWS Management Console

PDF
RSS
Focus mode
Enabling AWS WAF for an Amplify application in the AWS Management Console - AWS Amplify Hosting

You can enable AWS WAF protections for an Amplify app either in the Amplify console or in the AWS WAF console.

  • Amplify console — You can enable the Firewall capabilities for an existing Amplify app by associating an AWS WAF web ACL to your app in the Amplify console. Use one-click protection to create a web ACL with pre-configured rules that we consider as best practice for most apps. You have the option to customize access by IP address and country. The instructions in this section describe setting up one-click protections.

  • AWS WAF console— Use a preconfigured web ACL that you create in the AWS WAF console or by using the AWS WAF APIs. For getting started instructions, see Setting up AWS WAF and its components in the AWS WAF Developer Guide.

Use the following procedure to enable AWS WAF for an existing app in the Amplify console.

Enable AWS WAF for an existing Amplify app

  1. Sign in to the AWS Management Console and open the Amplify console at https://console.aws.amazon.com/amplify/.

  2. On the All apps page, choose the name of the deployed app to enable the Firewall feature on.

  3. In the navigation pane, choose Hosting, and then choose Firewall.

    The following screenshot shows how to navigate to the Add firewall page in the Amplify console.

    The Amplify console Add firewall page.

  4. On the Add firewall page, your actions will depend on whether you want to create a new AWS WAF configuration or use an existing one.

    • Create a new AWS WAF configuration.

      1. Choose Create new.

      2. Optionally, enable any of the following configurations:

        1. Turn on Enable Amplify-recommended Firewall protection.

        2. Turn on Restrict access to amplifyapp.com to prevent access to your app on the default Amplify domain.

        3. For IP addresses, turn on Enable IP address protections.

          1. For Action, choose Allow if you want to specify the IP addresses that will have access and all others will be blocked. Choose Block if you want to specify the IP addresses that will be blocked and all others will have access.

          2. For IP version, select either IPV4 or IPV6.

          3. In the IP addresses text box, enter either your allowed or blocked IP addresses, one per line, in CIDR format.

        4. For Countries, turn on Enable country protection.

          1. For Action, choose Allow if you want to specify the countries that will have access and all others will be blocked. Choose Block if you want to specify the countries that will be blocked and all others will have access.

          2. For Countries, select either your allowed or blocked countries from the list.

      The following screenshot demonstrates how to enable a new AWS WAF configuration for an app.

      The Amplify console Add firewall with all of the firewall settings enabled.

    • Use an existing AWS WAF configuration.

      1. Choose Use existing AWS WAF configuration.

      2. Select a saved configuration from the list of web ACLs in AWS WAF in your AWS account.

  5. Choose Add firewall.

  6. On the Firewall page, the Associating status is displayed to indicate that the AWS WAF settings are being propagated. When the process is complete, the status changes to Enabled.

    The following screenshots show the firewall progress status in the Amplify console, indicating when the AWS WAF configuration is Associating and Enabled.

    The Amplify console Firewall status progress in the Associating state.
    The Amplify console Firewall status progress in the Enabled state.
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.