CloudFront is a web service provided by AWS that speeds up content delivery, such as static and dynamic web content, videos, and APIs, to end-users. However, without proper protection, it can be vulnerable to various attacks, such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks. To prevent such attacks, AWS provides AWS WAF (Web Application Firewall) which helps to monitor and control the incoming and outgoing traffic from your CloudFront distribution. Ensuring that CloudFront has a WAF attached is important to secure your web application from potential threats.


Here are the remediation steps to ensure that CloudFront has WAF attached:

  1. Open the AWS WAF console and create a new web access control list (WACL).
  2. Add the desired rule sets for the WACL.
  3. Open the AWS CloudFront console.
  4. Select the CloudFront distribution that needs to be updated.
  5. Choose the "Distribution Settings" tab.
  6. Scroll down to the "AWS WAF Web ACL" section and click on "Edit".
  7. Select the desired WACL from the dropdown menu.
  8. Click on "Yes, Edit" to confirm the changes.

After following these steps, the CloudFront distribution will have the WAF attached, helping to protect against common web threats.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.