CS 79D Security Portal
Featured ModuleWeek 7 · Module 7

Lab 6: CloudFront & WAF

Lab 6 demonstrates a static S3 website delivered through CloudFront and protected by AWS WAF. The page collects the deployed resource IDs, WAF rules, verification results, and supporting project evidence in one walkthrough.

Date

June 1, 2026

Topics

5

Live Demos

4

Module Brief

Lab 6 evidence module showing an S3 static website delivered through CloudFront and protected by AWS WAF rules for blocked IP ranges, countries, and malicious User-Agent patterns.

CloudFrontAWS WAFS3CloudFormationLambda
Lab Walkthrough
Open the CloudFront distribution and show the S3 static website behind it.
Show the WAF WebACL with IP range, geo, and User-Agent blocking rules.
Verify browser-like traffic receives 200 OK while blocked User-Agent requests receive 403.
Use the dashboard, API demo, and logs pages as supporting project evidence.
Supporting Demo Actions

Functional presentation controls

These actions are tied to the real backend surface, so the Lab 6 evidence page can show health, AWS workflows, module data, and S3-related interactions without leaving this module.

EC2
Health Check
Ping the NestJS backend running on EC2
Lambda
Invoke Lambda
Trigger Lambda via API Gateway → log to DynamoDB
API
List Modules
Fetch all course modules from the backend API
S3
Upload to S3
Scroll to the file upload widget below
Quick Launch

Lab 6 shortcuts

Open the deployed lab site and supporting project pages directly from here.

Lab 6 CloudFront Site

Open the deployed S3 static website served through CloudFront and protected by WAF.

Open

Live AWS

Open the live AWS dashboard used to support the Lab 6 walkthrough.

Open

Architecture

Show the application topology that supports this CloudFront/WAF lab evidence.

Open

Uploads

Demonstrate the S3 file flow with backend validation and throttling.

Open

Logs

Show live DynamoDB activity records written by Lambda and the backend.

Open

API Demo

Run human-friendly API calls and inspect current backend responses.

Open

Cabinet

Show the protected user cabinet with JWT auth and account management.

Open
Lab 6 CloudFront & WAF

Static content deployed through CloudFront and protected by WAF

This Week 7 module is focused on Lab 6: an S3 static website is published through CloudFront, and AWS WAF blocks the required IP range, countries, and malicious User-Agent patterns.

Open CloudFront Site

Direct S3 website endpoint opens only over http://. Use the CloudFront button for HTTPS and WAF-protected access.

S3 Static Website

cs79d-lab6-static-960002046733

index.html, error.html, styles.css, and SVG architecture asset uploaded.

CloudFront Distribution

E2IJWFXTFQSGI3

Status verified as Deployed with domain d5fu4kwby0ghd.cloudfront.net.

AWS WAF WebACL

cs79d-lab6-cloudfront-web-acl

Attached to CloudFront with three lab-required blocking rules.

WAF Rules

BlockIpRange130166

Blocks 130.166.0.0/16

BlockIndiaAndRussia

Blocks traffic from India and Russia

BlockMaliciousUserAgent

Blocks (?i)(sqlmap|nmap|curl|BadBot)

Verification

CloudFront status

Deployed

Browser-like request

200 OK

sqlmap User-Agent

403 Blocked

default curl User-Agent

403 Blocked

S3 Origin Endpoint

http://cs79d-lab6-static-960002046733.s3-website-us-east-1.amazonaws.com

Direct S3 website access is the lab origin path. WAF enforcement is verified through the CloudFront URL above.