AWS CloudFront + CrowdSec WAF Integration

🛡️ AWS CloudFront CDN with real-time CrowdSec threat protection via Lambda integration.

🏗️ Architecture

CrowdSec Container → API Gateway → Lambda → AWS WAF → CloudFront Distribution

📋 Project Overview

• CloudFront Distribution: EATJ1HDQU8V51
• Origin Server: origin.servidor.it.com (HTTP-only)
• WAF Protection: Real-time IP blocking via CrowdSec
• Custom Domains: servidor.it.com, www.servidor.it.com
• ACM Certificate: b011e60a-1ea1-4dd3-844f-e0851ece4784

🚀 Quick Start

# 1. Deploy infrastructure
tofu init
tofu apply

# 2. Configure CrowdSec
incus exec crowdsec -- cscli collections install crowdsecurity/nginx-proxy-manager

# 3. Verify WAF configuration
aws wafv2 get-ip-set --scope CLOUDFRONT --region us-east-1 \
  --id a9e47946-c186-4b28-83a8-fe3aeb9c296b \
  --name aws-cf-dev-blocked-ips

📊 Key Resources

• CloudFront URL: https://d2mhxhntq3ezzr.cloudfront.net
• WAF Web ACL ID: d61073b6-27b1-473e-aa9f-d2aa4a4c75a6
• WAF IP Set ID: a9e47946-c186-4b28-83a8-fe3aeb9c296b
• Route53 Zone ID: Z01934581JQAF2GS71GG

🛡️ Security Features

1. Priority 1: CrowdSec real-time IP blocking
2. Priority 2: Rate limiting (10K req/5min)
3. Priority 3: AWS Managed Common Rules
4. Priority 4: AWS Managed Bad Input Rules

📁 Project Structure

├── README.md                    # This file
├── CLAUDE.md                   # Development guide for Claude Code
├── DEPLOYMENT_GUIDE.md         # Detailed deployment instructions
├── CROWDSEC-WAF-INTEGRATION.md # CrowdSec integration documentation
├── main.tf                     # CloudFront and core infrastructure
├── security.tf                 # WAF and security configurations
├── lambda.tf                   # CrowdSec Lambda integration
├── lambda-crowdsec-waf.py      # Lambda function code
└── terraform.tfvars            # Configuration variables

📚 Documentation

• 🚀 Deployment Guide - Complete deployment instructions
• 🛡️ CrowdSec Integration - Real-time security setup
• 🔧 Development Guide - Claude Code specific instructions

⚡ Common Commands

# Check WAF blocked IPs
aws wafv2 get-ip-set --scope CLOUDFRONT --region us-east-1 \
  --id a9e47946-c186-4b28-83a8-fe3aeb9c296b \
  --name aws-cf-dev-blocked-ips \
  --query 'IPSet.Addresses'

# Monitor CrowdSec decisions
incus exec crowdsec -- cscli decisions list

# View Lambda logs
aws logs tail /aws/lambda/aws-cf-dev-crowdsec-waf-updater --follow

---

Status: ✅ Production Ready | Last Updated: 2025-09-09