# AWS CloudFront + CrowdSec WAF Integration

🛡️ AWS CloudFront CDN with real-time CrowdSec threat protection via Lambda integration.

## 🏗️ Architecture

```
CrowdSec Container → API Gateway → Lambda → AWS WAF → CloudFront Distribution
```

## 📋 Project Overview

- **CloudFront Distribution**: `EATJ1HDQU8V51` 
- **Origin Server**: `origin.servidor.it.com` (HTTP-only)
- **WAF Protection**: Real-time IP blocking via CrowdSec
- **Custom Domains**: `servidor.it.com`, `www.servidor.it.com`
- **ACM Certificate**: `b011e60a-1ea1-4dd3-844f-e0851ece4784`

## 🚀 Quick Start

```bash
# 1. Deploy infrastructure
tofu init
tofu apply

# 2. Configure CrowdSec
incus exec crowdsec -- cscli collections install crowdsecurity/nginx-proxy-manager

# 3. Verify WAF configuration
aws wafv2 get-ip-set --scope CLOUDFRONT --region us-east-1 \
  --id a9e47946-c186-4b28-83a8-fe3aeb9c296b \
  --name aws-cf-dev-blocked-ips
```

## 📊 Key Resources

- **CloudFront URL**: https://d2mhxhntq3ezzr.cloudfront.net
- **WAF Web ACL ID**: `d61073b6-27b1-473e-aa9f-d2aa4a4c75a6`
- **WAF IP Set ID**: `a9e47946-c186-4b28-83a8-fe3aeb9c296b`
- **Route53 Zone ID**: `Z01934581JQAF2GS71GG`

## 🛡️ Security Features

1. **Priority 1**: CrowdSec real-time IP blocking
2. **Priority 2**: Rate limiting (10K req/5min)
3. **Priority 3**: AWS Managed Common Rules
4. **Priority 4**: AWS Managed Bad Input Rules

## 📁 Project Structure

```
├── README.md                    # This file
├── CLAUDE.md                   # Development guide for Claude Code
├── DEPLOYMENT_GUIDE.md         # Detailed deployment instructions
├── CROWDSEC-WAF-INTEGRATION.md # CrowdSec integration documentation
├── main.tf                     # CloudFront and core infrastructure
├── security.tf                 # WAF and security configurations
├── lambda.tf                   # CrowdSec Lambda integration
├── lambda-crowdsec-waf.py      # Lambda function code
└── terraform.tfvars            # Configuration variables
```

## 📚 Documentation

- **🚀 [Deployment Guide](DEPLOYMENT_GUIDE.md)** - Complete deployment instructions
- **🛡️ [CrowdSec Integration](CROWDSEC-WAF-INTEGRATION.md)** - Real-time security setup
- **🔧 [Development Guide](CLAUDE.md)** - Claude Code specific instructions

## ⚡ Common Commands

```bash
# Check WAF blocked IPs
aws wafv2 get-ip-set --scope CLOUDFRONT --region us-east-1 \
  --id a9e47946-c186-4b28-83a8-fe3aeb9c296b \
  --name aws-cf-dev-blocked-ips \
  --query 'IPSet.Addresses'

# Monitor CrowdSec decisions
incus exec crowdsec -- cscli decisions list

# View Lambda logs
aws logs tail /aws/lambda/aws-cf-dev-crowdsec-waf-updater --follow
```

---

**Status**: ✅ Production Ready | **Last Updated**: 2025-09-09