AWS WAF - protecting resources in another account

Question

Hi all, is it possible to protect say a Cloudfront distro that's in a different account to the one that the WAF is in, please?

For example, can I add a load balancer into the remit of the WAF from another account?

thanks,

Matt

Accepted Answer

You must use an AWS WAF WebACL in the same account as the resource that you want to protect - whether that's a CloudFront distribution or an ALB. However, as mentioned in a previous answer, you can use AWS Firewall Manager to centrally manage AWS WAF WebACLs across your entire AWS Organization.

Answer

You can do it using AWS Firewall Manager - Using AWS Firewall Manager, you can easily roll out AWS WAF rules for your Application Load Balancers, API Gateways, and Amazon CloudFront distributions. 
https://aws.amazon.com/firewall-manager/?nc1=h_ls
There is some requirements to be able to use The AWS Firewall Manager, you must use AWS Organizations (https://aws.amazon.com/organizations/) and have AWS Config (https://aws.amazon.com/config/) set on all accounts.

Answer

Looks like I will need VPC Peering I think at minimum to do this.

AWS WAF - protecting resources in another account

相關內容