Amazon API Gateway WebSocket API with Amazon CloudFront & AWS WAF

AWS WAF → Amazon CloudFront → Amazon API Gateway → AWS Lambda

Protecting an Amazon API Gateway WebSocket API with Amazon CloudFront, AWS WAF Integration and API Keys

This pattern implements a secure WebSocket API using AWS CDK, integrating CloudFront for distribution and WAF for protection through AWS CDK with Python. It makes use of API keys to ensure that the Websocket endpoint can only be accessed via the CloudFront distribution by passing the API key as custom header from CloudFront.The WebSocket API provides real-time communication capabilities, while CloudFront ensures low-latency content delivery. The Web Application Firewall (WAF) adds an extra layer of security by protecting against common web exploits and controlling access based on configurable rules.

< Back to all patterns

Language:: Python
Framework:: AWS CDK

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/waf-cloudfront-websocket-apigw-cdk-python

Deploy

cdk deploy

Testing

See the GitHub repo for detailed testing instructions.

Cleanup

cdk destroy

Additional resources

Protecting your API using Amazon API Gateway and AWS WAF

Route Configuration for a WebSocket API

Created by:

Sidharth Kothari

Cloud Engineer @AWS

Follow on LinkedIn