 |
Right this moment, we’re saying the final availability of the AWS WAF integration with AWS Amplify Internet hosting.
Internet software homeowners are always working to guard their functions from a wide range of threats. Beforehand, if you happen to needed to implement a sturdy safety posture to your Amplify Hosted functions, you wanted to create architectures utilizing Amazon CloudFront distributions with AWS WAF safety, which required extra configuration steps, experience, and administration overhead.
With the final availability of AWS WAF in Amplify Internet hosting, now you can straight connect an internet software firewall to your AWS Amplify apps via a one-click integration within the Amplify console or utilizing infrastructure as code (IaC). This integration offers you entry to the complete vary of AWS WAF capabilities together with managed guidelines, which offer safety in opposition to widespread internet exploits and vulnerabilities like SQL injection and cross-site scripting (XSS). You too can create your individual customized guidelines based mostly in your particular software wants.
This new functionality helps you implement defense-in-depth safety methods to your internet functions. You may make the most of AWS WAF rate-based guidelines to guard in opposition to distributed denial of service (DDoS) assaults by limiting the speed of requests from IP addresses. Moreover, you may implement geo-blocking to limit entry to your functions from particular international locations, which is especially precious in case your service is designed for particular geographic areas.
Let’s see the way it works
Organising AWS WAF safety to your Amplify app is simple. From the Amplify console, navigate to your app settings, choose the Firewall tab, and select the predefined guidelines you wish to apply to your configuration. 
Amplify internet hosting simplifies configuring firewall guidelines. You may activate 4 classes of safety.
- Amplify-recommended firewall safety – Shield in opposition to the commonest vulnerabilities present in internet functions, block IP addresses from potential threats based mostly on Amazon inside risk intelligence, and defend in opposition to malicious actors discovering software vulnerabilities.
- Limit entry to amplifyapp.com – Limit entry to the default Amplify generated amplifyapp.com area. That is helpful whenever you add a customized area to stop bots and engines like google from crawling the area.
- Allow IP tackle safety – Limit internet visitors by permitting or blocking requests from specified IP tackle ranges.
- Allow nation safety – Limit entry based mostly on particular international locations.
Protections enabled via the Amplify console will create an underlying internet entry management record (ACL) in your AWS account. For fine-grained rulesets, you should utilize the AWS WAF console rule builder.
After a couple of minutes, the principles are related to your app and AWS WAF blocks suspicious requests.
If you wish to see AWS WAF in motion, you may simulate an assault and monitor it utilizing the AWS WAF request inspection capabilities. For instance, you may ship a request with an empty Person-Agent worth. It should set off a blocking rule in AWS WAF.
Let’s first ship a sound request to my app.
curl -v -H "Person-Agent: MyUserAgent" https://fundamental.d3sk5bt8rx6f9y.amplifyapp.com/
* Host fundamental.d3sk5bt8rx6f9y.amplifyapp.com:443 was resolved.
...(redacted for brevity)...
> GET / HTTP/2
> Host: fundamental.d3sk5bt8rx6f9y.amplifyapp.com
> Settle for: */*
> Person-Agent: MyUserAgent
>
* Request fully despatched off
< HTTP/2 200
< content-type: textual content/html
< content-length: 0
< date: Mon, 10 Mar 2025 14:45:26 GMT
We will observe that the server returned an HTTP 200 (OK) message.
Then, ship a request with no worth related to the Person-Agent HTTP header.
curl -v -H "Person-Agent: " https://fundamental.d3sk5bt8rx6f9y.amplifyapp.com/
* Host fundamental.d3sk5bt8rx6f9y.amplifyapp.com:443 was resolved.
... (redacted for brevity) ...
> GET / HTTP/2
> Host: fundamental.d3sk5bt8rx6f9y.amplifyapp.com
> Settle for: */*
>
* Request fully despatched off
< HTTP/2 403
< server: CloudFront
... (redacted for brevity) ...
<TITLE>ERROR: The request couldn't be happy</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request couldn't be happy.</H2>We will observe that the server returned an HTTP 403 (Forbidden) message.
AWS WAF present visibility into request patterns, serving to you fine-tune your safety settings over time. You may entry logs via Amplify Internet hosting or the AWS WAF console to investigate visitors developments and refine safety guidelines as wanted.
Availability and pricing
Firewall help is accessible in all AWS Areas wherein Amplify Internet hosting operates. This integration falls underneath an AWS WAF world useful resource, much like Amazon CloudFront. Internet ACLs could be connected to a number of Amplify Internet hosting apps, however they need to reside in the identical Area.
The pricing for this integration follows the usual AWS WAF pricing mannequin, You pay for the AWS WAF assets you utilize based mostly on the variety of internet ACLs, guidelines, and requests. On prime of that, AWS Amplify Internet hosting provides $15/month whenever you connect an internet software firewall to your software. That is prorated by the hour.
This new functionality brings enterprise-grade safety features to all Amplify Internet hosting clients, from particular person builders to massive enterprises. Now you can construct, host, and defend your internet functions inside the similar service, lowering the complexity of your structure and streamlining your safety administration.
To study extra, go to the AWS WAF integration documentation for Amplify or attempt it straight within the Amplify console.
How is the Information Weblog doing? Take this 1 minute survey!
(This survey is hosted by an exterior firm. AWS handles your data as described within the AWS Privateness Discover. AWS will personal the information gathered by way of this survey and won’t share the knowledge collected with survey respondents.)