0

I am deploying an POC environment with API gateway in front of Lambda and HTTP API would be sufficient for our usage (REST API wouldn't be used). I am planning to use AWS Web application as a protection measure in front of API gateway with HTTP API to avoid unwanted inbound traffic into API gateway.

I understand that WAF shall not be supported for direct inegration with API gateway with HTTP API. ALB can enable WAF and inegrate with HTTP API gateway as per protection recommendations. But seems WAF/ALB would be behind API Gateway HTTP API and could not prevent unwanted traffic into API gateway according to reference architecture diagram.

Would that be any integration method that WAF could be in front of HTTP API gateway or alternatives to protect HTTP API gateway from unwanted traffic?

I tried to deploy ALB and target group with HTTP API gateway but seems it would be behind the gateway which is not ideal.

Jatin Mehrotra
  • 9,286
  • 4
  • 28
  • 67
Kin.Yip
  • 3
  • 1

1 Answers1

2

Yes it's true that HTTP API as of this moment does not support WAF unlike REST API.

You can use CloudFront in front of your API Gateway and then use WAF with it.

There is a well-architected lab from AWS on this which explains this in detail

Refer more for using WAF with cloudfront

Jatin Mehrotra
  • 9,286
  • 4
  • 28
  • 67
  • Thanks for your solution but it seems way more complicated than WAF with API gateway with REST API. Maybe I will go with the less complicated solution. :) – Kin.Yip Mar 03 '23 at 03:42
  • Yes because you mentioned http api usage so i posted a solution in respect to that. Rest API with apu gateway would always be a better solution for your requirement. Although if my answer helped you, will it be possible to accept or upvote so that it' helps others in the future with a similar problem! – Jatin Mehrotra Mar 03 '23 at 04:15