A WAF can be put in front of cloudfront to restrict access by ip range. This can be used to essentially allow only vpn traffic to reach the site. It would be nice if the quickstart had this pattern laid out, ideally as a configurable option. Restricting access to the site to a vpn is a common ask.
AC:
The quickstart includes the optional creation and configuration of WAF in front of cloudfront.
A WAF can be put in front of cloudfront to restrict access by ip range. This can be used to essentially allow only vpn traffic to reach the site. It would be nice if the quickstart had this pattern laid out, ideally as a configurable option. Restricting access to the site to a vpn is a common ask.
AC: