如何在 CloudFront 发行版的 CloudFormation 模板中配置“核心保护”和“速率限制”

问题描述 投票:0回答:1

因此我尝试配置 AWS::CloudFront::Distribution 以便启用基本的安全保护。

At the moment in the AWS Dashboard the Security tab of the distribution looks like this after deployment.

And I am trying to configure these options,但我在文档中找不到任何描述如何在 CloudFormation 模板中执行此操作的内容。

以下是我的 CloudFront 发行版的基本配置:

CloudFrontDistribution:
  Type: AWS::CloudFront::Distribution
  Properties:
    DistributionConfig:
      Origins:
        - Id: S3Origin
          DomainName:
            Fn::Join:
              - ''
              - - !Ref FrontendS3Bucket
                - '.s3-${env:REGION}.amazonaws.com'
          S3OriginConfig:
            OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${FrontendS3OAI}'
        - Id: ApiGatewayOrigin
          DomainName:
            Fn::Join:
              - ''
              - - !Ref HttpApi
                - '.execute-api.${env:REGION}.amazonaws.com'
          CustomOriginConfig:
            OriginProtocolPolicy: https-only
            OriginSSLProtocols:
              - TLSv1.2
      DefaultRootObject: index.html
      DefaultCacheBehavior:
        TargetOriginId: S3Origin
        CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6 # Managed-CachingOptimized
        ViewerProtocolPolicy: https-only
      CacheBehaviors:
        - TargetOriginId: ApiGatewayOrigin
          PathPattern: /api/*
          ViewerProtocolPolicy: https-only
          OriginRequestPolicyId: b689b0a8-53d0-40ab-baf2-68738e2966ac # Managed-AllViewerExceptHostHeader
          CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad # Managed-CachingDisabled
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
            - PUT
            - PATCH
            - POST
            - DELETE
      Enabled: true
amazon-web-services aws-cloudformation amazon-cloudfront rate-limiting amazon-waf
1个回答
0
投票

速率限制是 Web 应用程序防火墙的一部分,您也可以在屏幕截图中看到。 这是配置的方法。

步骤1 使用它创建一个 WAF。 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html

步骤2 将 WAF 与 Cloudfront 分发集成 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.