Skip to main content

CloudFront Integration

IntelliFend seamlessly integrates with the CloudFront CDN through the Interceptor integration mode, leveraging the Lambda Edge function. Our worker.js script deployed in Lambda Edge intercepts requests, determining whether to allow, block, or challenge traffic with Captcha.

The following procedure describes the high-level steps for setting up CloudFront Integration.

  1. Create a role in AWS
  2. Create a policy in AWS
  3. Create an IAM user in AWS
  4. Configure integration in IntelliFend Back Office.
note

For optimal operation, our product utilizes additional AWS infrastructure, such as Lambda@Edge. Please note that these infrastructure charges will be billed separately from your AWS Marketplace transaction.

Step 1: Create a role in AWS

To create a role in AWS, follow the following steps.

  1. Go to the IAM Management Console, and click Roles in the left navigation pane.
  2. Click the Create role button.
  • Select trusted entity: Select the ‘Custom trust policy’ option.
  • Custom trust policy: Add the following statement:
silent-integration-role

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "lambda.amazonaws.com",
                    "edgelambda.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
  1. Click the Next button. In the Add permissions section, empty the permission policies, and click Next.
  2. In the Name, review, and create, specify a name (e.g., ‘intellifend-integration-role’).
  3. Review the information and click the Create role button.

Create Role

Step 2: Create a policy in AWS

To create a policy in AWS, follow the following steps.

  1. Go to the IAM Management Console, and click Policies in the left navigation pane.
  2. Click the Create policy button.
  3. Add the following statement in the Policy editor:
intellifend-policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::<account_number>:role/silent-integration-role"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunction",
                "lambda:UpdateFunctionCode",
                "lambda:GetFunction",
                "lambda:EnableReplication",
                "cloudfront:GetDistribution",
                "cloudfront:ListDistributions",
                "cloudfront:UpdateDistribution"
            ],
            "Resource": "*"
        }
    ]
}
note
  • Replace the <account_number> in the above statement with your AWS Account ID.
  • Replace the <role_name> in the above statement with the name that you have specified in Step 1: Create a role in AWS
  1. Click the Next button.

Creat Permission

  1. Specify the policy name (e.g., ‘intellifend-policy’), review the policy, then click the Create policy button.

Step 3: Create an IAM user in AWS

To create an AWS user in AWS, follow the following steps.

  1. Go to the IAM Management Console, and click Users in the left navigation pane.
  2. Click the Create user button.
  3. Specify a user name, (e.g., ‘intellifend-user’), then click the Next button.
  4. On the Set permission page
  5. Click the Next button, then review the information and click the Create user button.

Create User

Step 4: Configure integration in IntelliFend Back Office

To create the integration between your applications and IntelliFend, follow the below steps:

note

If you are a new customer from AWS Marketplace and have not yet integrated an application with IntelliFend, you will automatically be directed to the Configure Integration page where you can start the integration after logging in. Therefore, you can skip the steps 1 and 2, and start at the step 3

  1. Go to the IntelliFend Back Office page, and click Integration in the left navigation pane.

  2. Click on the application name that you want to integrate. Please make sure that its integration mode is Interceptor.

note

If you do not have the desired application, you can click ‘Add an application’ or contact us to create one for you.

  1. Input the Access key, and the Secret access key of the user that you have created in Step 3: Create IAM user in AWS, and the ARN of the IAM role that you have created in Step 1: Create a role in AWS to the form, and click Connect button.

Info: To get the Access key and the Secret key access of the user, follow the following steps:

1/ Go to the IAM user details page in AWS.

2/ Click the Create access key button.

3/ Select the Others use case, and click the Next button.

4/ Click the Create access key button.

  1. Provide your information in the integration form.

    • API: Turn on the toggle if your application is served for API requests only. You need to provide the Parameter name of API key () to generate the Visitor ID of the API request.
    • Block setting: Turn on the toggle if you want to specify the Blocking page when a visitor is blocked by mitigation action. Turn off the toggle to use the IntelliFend default blocking page.
    • Domains: Select the domains that you want its traffic to be intercepted by IntelliFend. The dropdown list shows all domains that belong to the Access Key.

  2. Review the information and click the Save button.

info

Once you save the configuration successfully, the AgentJS script will be shown on the Integration Details page. Please add it to your HTML source code. For more information about the AgentJS script, please refer to AgentJS Script.