This response might contain information related to
security, a nuanced topic. You should verify the response using informed human
judgement. Visit Security in Amazon Q Developer for more details.
Thank you for your question about setting up AWS WAF for
your Angular PWA served from Route 53 and CloudFront. I understand your concern
about the Classic WAF expiring and wanting to set up a solution that will
remain viable. Let me guide you through the process of setting up the latest
version of AWS WAF (WAFV2) for your application.
Here's an overview of what we'll do:
- Confirm
we're using the latest AWS WAF version
- Create
a Web ACL
- Configure
rules for your Web ACL
- Associate
the Web ACL with your CloudFront distribution
- Test
and monitor your WAF configuration
Let's go through each step:
- Confirm
AWS WAF Version
- Navigate
to the AWS WAF console (https://console.aws.amazon.com/wafv2/home )
- Ensure
you're using the latest version (WAFV2), not the Classic version
- For
CloudFront distributions, you'll see "Global (CloudFront)" as
the only region option, which is correct
- Create
a Web ACL
- In
the AWS WAF console, click "Create web ACL"
- Choose
a name and description for your Web ACL
- For
"Resource type" select "CloudFront distributions"
- Select
your CloudFront distribution in the "Associated AWS resources"
section
- Configure
Rules
- Add
rules to your Web ACL based on your security requirements
- Consider
starting with AWS managed rule groups, which provide protection against
common threats
- Add
your own rules as needed, such as geo-blocking or rate-limiting rules
- Associate
with CloudFront
- If
you didn't associate your Web ACL with your CloudFront distribution
during creation, you can do it now
- Go
to your CloudFront distribution settings
- In
the "General" tab, find the "AWS WAF" section and
choose your Web ACL
- Test
and Monitor
- After
applying your Web ACL, test your application thoroughly
- Monitor
the AWS WAF metrics in CloudWatch to ensure it's working as expected
- Adjust
rules as necessary based on your application's traffic patterns and
security needs
By following these steps, you'll have set up the latest
version of AWS WAF for your Angular PWA, which will not be affected by the
Classic WAF expiration in September.
Remember to regularly review and update your WAF rules to
maintain optimal security for your application. If you need more detailed
information about specific rule configurations or best practices, please refer
to the AWS WAF documentation or consider consulting with an AWS security
expert.
