README.md

REST API in Amazon API Gateway with Amazon CloudFront Behavior using AWS WAF for API protection

CDK example of:

• Using multiple behaviors in Amazon CloudFront:
  • Default behavior serving assets from Amazon S3 bucket and an additional behavior serving a REST API from Amazon API Gateway in a custom path
• Using AWS WAF for API protection:
  • Using AWS WAF to protect the REST API from malicious requests and blocking requests from the internet allowing only CloudFront to access the API with a custom header

Final Architecture:

Extra resources:

• Prevent requests from accessing API directly
• Protecting your API using Amazon API Gateway and AWS WAF — Part 2
• How to enhance Amazon CloudFront origin security with AWS WAF and AWS Secrets Manager