By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Should I attach WAF to ALB or to API Gateway

0

I'm looking to implement the architecture described here : https://aws.amazon.com/blogs/networking-and-content-delivery/accessing-an-aws-api-gateway-via-static-ip-addresses-provided-by-aws-global-accelerator/.

Diagram showing an architecture that consists of Global Accelerator to Application Load Balancer to VPC Endpoint Interfaces to API Gateway

I'm wondering where the best place to attach a WAF - to the ALB or to the the API Gateway?

Topics
Networking & Content DeliverySecurity, Identity, & ComplianceServerlessFront-End Web & Mobile
Tags
AWS Global AcceleratorAWS WAFAmazon API GatewayNetworking & Content DeliveryApplication Load Balancer
Language
English
stromae
asked 10 months ago471 views
1 Answer
2
Accepted Answer

Hi,

The AWS WAF should be your first line of defense to protect web applications and APIs from attacks that could affect their availability and performance, compromise security, or consume excessive resources.

Therefore, I will attach it to the ALB.

profile picture
EXPERT
Mikel Del Tio
answered 10 months ago
profile pictureAWS
EXPERT
Tushar_J
reviewed 10 months ago
profile pictureAWS
EXPERT
Uri
reviewed 10 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content