Integrating ELB with AWS Services WAF ACL Demo
Start course

In this course, we shall be discussing Amazon Elastic Load Balancers (ELBs) and how ELBs integrate with other AWS services to help provide high availability, improve performance, and increase security for your applications.

Learning Objectives

By the end of this course, you will have a greater understanding of:

  • ELBs integrations with key AWS services
  • ELBs importance to Amazon Kubernetes

Intended Audience

Anyone working with AWS Networking will benefit from this course, also if you are:

  • Studying for the AWS Networking Specialty certification
  • Studying for the AWS Solutions Architect certifications

If you are looking to increase your AWS knowledge, this course is for you.


Before attending this course, you should be familiar with Amazon ELB, including the different ELB types and how they are configured. Experience with AWS services such as CloudFront, WAF, and Global Accelerator is also desirable but not required.

For more information on these services, please see our existing courses: 


I'm in the WAF & Shield dashboard. To create a new ACL, we select 'Create web ACL'. Notice that I filled in some details, including a name for the ACL, the name of the CloudWatch metrics that the ACL will generate, and a resource type of CloudFront distribution.

If you wish to use your ACL with Application Load Balancers, API gateways, or appsync, choose regional resources, select the region, and then you'll be able to choose your regional resource. We want to associate this ACL with CloudFront, so we leave CloudFront distributions selected and scroll down. Next, we select 'Add AWS resources'. We can then choose the CloudFront distributions we wish to associate this ACL with.

You can select one or more distributions here. I'll select just one. And then select 'Add'. Now, we have our CloudFront distribution selected, we choose 'Next'. The next step is to add rules and rule groups. If I select the 'Add rules' drop down, we can create our own rules or select 'Add managed rules group'. I'll select 'Add manage rules group'.

Here, we can find a list of rule groups provided by AWS and third parties. If I expand the AWS managed rule groups section, we can see there is one paid for rule group, Boc control. If I scroll down, we see a list of free rule groups, each one protecting our systems from common known patterns of attack. I'm going to select the rule group for Linux operating systems. I'm going to select 'Add to web ACL' next to that rule group.

I'm happy that rule groups. If I scroll down, I can select 'Add rules'. You can repeat this process by adding more manage rule groups or creating rules and rule groups of your own. We can set the default action of this ACL. In my case, the default action is set to allow. So, if traffic does not match one of the rules in the rule groups, the traffic is allowed. If I scroll down and select 'Next', we can set rule priorities. If you have lots of rules or rule groups in your ACL, then probably it's important because rules higher up the list will take precedence over rules further down. As I only have one rule group here, I'll select 'Next'.

We can configure CloudWatch metrics. If you're happy with that, select 'Next'. We can then review our settings before scrolling down and selecting 'Create web ACL'. Once you select 'Create web ACL', the ACL is created and attached to the selected CloudFront distributions and will start protecting your distributions straight away.


About the Author

Mike has worked in IT since 1997, specializing in networking, storage, and architecture. He's been in cloud computing for the last 8 years, working across several cloud platforms but specializing in AWS. He's been involved in many cloud projects over the years covering migrations, hybrid connectivity, security optimization, networking, and storage architecture.

He gained his first training qualification in 1998 and, about 3 years ago, became an AWS Authorized Champion Instructor. He's delivered AWS cloud courses across Europe for a range of clients, with a focus on Architecture, Security, and Networking. He currently holds certifications for the four biggest cloud vendors, including the AWS Solutions Architect Professional, AWS DevOps Engineer, and AWS Advanced Networking specialty certifications.

He lives in the North of England with his wife Frances and their dog Inca.