Add a web application firewall
AWS WAF is a web application firewall that helps protect web applications and APIs from attacks. You can use it to configure a set of rules known as a web access control list (web ACL) that allow, block, or count web requests based on customizable web security rules and conditions that you define. For more information, see Using AWS WAF to protect your APIs.
To add AWS WAF
-
Open the API Gateway console at https://console.aws.amazon.com/apigateway/
. -
In the APIs navigation pane, and then choose your custom identity provider template.
-
Choose Stages.
-
In the Stages pane, choose the name of the stage.
-
In the Stage Editor pane, choose the Settings tab.
-
Do one of the following:
-
Under Web Application Firewall (WAF), for Web ACL, choose the web ACL that you want to associate with this stage.
-
If the web ACL you need doesn't exist, you will need to create one by doing the following:
-
Choose Create Web ACL.
-
On the AWS WAF service homepage, choose Create web ACL.
-
In Web ACL details, for Name, type the name of the web ACL.
-
In Rules, choose Add rules, then choose Add my own rules and rule groups.
-
For Rule type, choose IP set to identify a specific list of IP addresses.
-
For Rule, enter the name of the rule.
-
For IP set, choose an existing IP set. To create an IP set, see Creating an IP set.
-
For IP address to use as the originating address, choose IP address in header.
-
For Header field name, enter
SourceIP
. -
For Position inside header, choose First IP address.
-
For Fallback for missing IP address, choose Match or No Match depending on how you want to handle an invalid (or missing) IP address in the header.
-
For Action, choose the action of the IP set.
-
For Default web ACL action for requests that don't match any rules, choose Allow or Block and then click Next.
-
For steps 4 and 5, choose Next.
-
In Review and create, review your choices, and then choose Create web ACL.
-
-
-
Choose Save Changes.
-
Choose Resources.
-
For Actions, choose Deploy API.
For information on how secure AWS Transfer Family with AWS web application firewall, see
Securing AWS Transfer Family with AWS application firewall and Amazon API Gateway