Skip to content

Cloudfront for wizard

You can connect the Wallarm Edge node to Amazon CloudFront to inspect traffic in either synchronous or asynchronous mode - without blocking any requests.

Follow the steps below to set up the connection.

  1. Download the provided code bundle for your platform.

  2. Proceed to your AWS Console → ServicesLambdaFunctions.

  3. Select the us-east-1 (N. Virginia) region which is required for Lambda@Edge functions.

  4. Create function with the following settings:

    • Runtime: Python 3.x.
    • Execution role: Create a new role from AWS policy templatesBasic Lambda@Edge permissions (for CloudFront trigger).
    • Other settings can remain as default.

  5. Once the function is created, on the Code tab, paste the Wallarm request processing code.

  6. Update the following parameters in the code:

    • wlrm_node_addr: your Wallarm node URL.
    • wlrm_inline: if using asynchronous (out-of-band) mode, set to False.
    • If necessary, modify other parameters.

  7. Proceed to ActionsDeploy to Lambda@Edge and specify the following settings:

    • Configure new CloudFront trigger.
    • Distribution: your CDN that routes traffic to the origin you want to protect.
    • Cache behavior: the cache behavior for the Lambda function, typically *.

    • CloudFront event:

      • Origin request: executes the function only when CloudFront CDN requests data from the backend. If CDN returns a cached response, the function will not be executed.
      • Viewer request: executes the function for every request to CloudFront CDN.
        • Check Include body.
        • Check Confirm deploy to Lambda@Edge.

  8. Repeat the procedure for the Wallarm-provided response function, selecting responses as the trigger.

    Ensure the response trigger matches the request trigger (origin response for origin request, viewer response for viewer request).

More details