Skip to content

Cloudfront for wizard

You can connect the Wallarm Edge node to Amazon CloudFront to inspect traffic in either synchronous or asynchronous mode - without blocking any requests.

Follow the steps below to set up the connection.

  1. Download the provided code bundle for your platform.

  2. Proceed to your AWS Console โ†’ Services โ†’ Lambda โ†’ Functions.

  3. Select the us-east-1 (N. Virginia) region which is required for Lambda@Edge functions.

  4. Create function with the following settings:

    • Runtime: Python 3.x.
    • Execution role: Create a new role from AWS policy templates โ†’ Basic Lambda@Edge permissions (for CloudFront trigger).
    • Other settings can remain as default.

  5. Once the function is created, on the Code tab, paste the Wallarm request processing code.

  6. Update the following parameters in the code:

    • wlrm_node_addr: your Wallarm node URL.
    • wlrm_inline: if using asynchronous (out-of-band) mode, set to False.
    • If necessary, modify other parameters.

  7. Proceed to Actions โ†’ Deploy to Lambda@Edge and specify the following settings:

    • Configure new CloudFront trigger.
    • Distribution: your CDN that routes traffic to the origin you want to protect.
    • Cache behavior: the cache behavior for the Lambda function, typically *.

    • CloudFront event:

      • Origin request: executes the function only when CloudFront CDN requests data from the backend. If CDN returns a cached response, the function will not be executed.
      • Viewer request: executes the function for every request to CloudFront CDN.
        • Check Include body.
        • Check Confirm deploy to Lambda@Edge.

  8. Repeat the procedure for the Wallarm-provided response function, selecting responses as the trigger.

    Ensure the response trigger matches the request trigger (origin response for origin request, viewer response for viewer request).

More details