AWS WAF attached to Amazon API Gateway REST API

AWS WAF → Amazon API Gateway → AWS Lambda

Creates an Amazon API Gateway with a WebACL attached to control access. This WebACL limits the requests to certain countries.

This sample project demonstrates how to use AWS WAF to add extra security to an Amazon API Gateway REST API. In this example, only requests from the US will be accepted. All others will be rejected with a 403. To add another country, add the country code to the 'CountryCode' array starting on line 32.

< Back to all patterns

Language:: Python
Framework:: AWS SAM

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/waf-apigw-rest

Deploy

sam deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

Delete the stack: sam delete.

Additional resources

AWS WAF

Building rules

Created by:

Eric Johnson

Eric Johnson is a Principal Developer Advocate for Serverless Applications at Amazon Web Services and is based in Northern Colorado. Eric is a fanatic about serverless and enjoys helping developers understand how serverless technologies introduces a major paradigm shift in how they approach building and running applications at massive scale with minimal administration overhead. Prior to this, Eric has worked as a developer, solutions architect and AWS Evangelist for an AWS partner company.

Follow on LinkedIn