Closed kstro21 closed 2 years ago
Thanks for your comments. The out-of-box solution is designed to support one endpoint per solution deployment within the same region and account. Therefore you will need to deploy one stack for each endpoint to different region/account, if you want to use the out-of-box solution.
@aijunpeng thanks for answering.
How many CloudFront distributions can I monitor with the out-of-box solution?
For http flood feature, you can associate one CF distribution to the WebACL. For scanner&probes feature, there is no restriction on the number of CF distributions as the solution processes all CF logs that are in your application access log bucket.
Thanks again, @aijunpeng
What is the best approach for dealing with multiple Distributions if I want to enable all of the protections?
I'm a little bit confused, would you mind giving me a piece of advice?
I double checked and realized that WAF service actually allows you to attach one or more distributions to one WebACL. I apologize for my previous mistake. check out https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-associating-aws-resource.html
@kstro21 There is a limitation with the WAF CLOUDFRONT deployment. It can only be deployed in the us-east-1 region. So basically this limitation prevents the template from being an all-around design i.e. ALB, and CloudFront both in the same stack.
I have deployed version 3 of the solution, but it seems the parameter
EndpointType
limits the resource we can monitor choosing between CloudFront and ALB. I've reviewed the templateaws-waf-security-automations-firehose-athena.template
and there are conditions for creating theAWS::Glue::Table
, exactly one for ALB or one for CloudFront, not both.Describe the feature you'd like I would like to monitor both(ALB and CloudFront) with a single solution. Is it possible? If I set
EndpointType=CloudFront
can I monitor also ALB resources or do I need to create one stack for eachEndpointType
?