AWS solutions documentation change
Summary
Added Amazon WAF documentation section explaining default configuration lacks WAF and provides guidance for manual implementation to enhance API security and DDoS protection
Security assessment
The change adds documentation about AWS WAF as a security feature to protect APIs, but does not indicate a specific security vulnerability being addressed. It proactively recommends security hardening through WAF implementation.
Diff
diff --git a/solutions/latest/dynamic-image-transformation-for-amazon-cloudfront/security.md b/solutions/latest/dynamic-image-transformation-for-amazon-cloudfront/security.md index 84216869d..8599fc9ee 100644 --- a//solutions/latest/dynamic-image-transformation-for-amazon-cloudfront/security.md +++ b//solutions/latest/dynamic-image-transformation-for-amazon-cloudfront/security.md @@ -5 +5 @@ -Demo UIIAM rolesAmazon API GatewayAmazon CloudFront +Demo UIIAM rolesAmazon API GatewayAmazon CloudFrontAmazon WAF @@ -31 +31 @@ This solution deploys an Amazon API Gateway REST API and uses the default API en -[How to custom domains](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) +[How to setup custom domains](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) @@ -38,0 +39,6 @@ Amazon CloudFront is deployed using the default CloudFront domain name and TLS c +## Amazon WAF + +This solution’s default configuration doesn’t deploy a web application firewall (WAF) in front of the API endpoints. To enhance your API security by setting up a WAF, you must do so manually. AWS provides an in-depth guide on how you can control access to your API Gateway with AWS WAF. For instructions on how to implement AWS WAF in front of your API and increase distributed denial of service (DDoS) protection for your web applications, see Using AWS WAF to protect your APIs. + +[Get started with AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/getting-started.html) +