I'm considering adding CloudFront in front of my REST API Gateway since they've rolled out flat rate pricing that includes WAF and DDoS protection. From an infrastructure design standpoint, does this make sense?
4 Answers
I really recommend having a WAF as a standard defense for most companies. It plays a crucial role in shielding against automated attacks. You'd be hard-pressed to find a scenario where having a WAF isn't beneficial.
CloudFront provides cool advantages like edge delivery, caching, and the ability to connect to multiple origins (like S3 for serving static files). These benefits can really enhance performance beyond just protection.
For those interested, you can find more about the flat-rate pricing in the docs. They also offer a free tier along with a pro plan starting at $15/month, which is pretty attractive.
Using CloudFront definitely makes sense if you're looking for extra protection and if the pricing works for your budget. But if those features aren't necessary for you, it could be more than you need.
Flat pricing combined with those extra benefits can indeed make it more economical compared to adding WAF to your API Gateway directly.