We created a WebACL in AWS WAF to apply IP restrictions in CloudFront.
When trying to set from CloudFront Distributions/General/AWS WAF Web ACL on the console screen of CloudFront, only "None" is displayed.
The WebACL Region is set to "Global (CloudFront)".

If i specify the target CloudFront in Associated AWS resources when creating WebACL by another method,
Looking at AWS WAF Web ACL from the CloudFront console screen, it is "None",
In fact, IP restrictions are not working well.

Do you know where the cause is?

You have just created a WebACL and no other rules have been set up ↓ (CloudFront is not linked at this point)

  • Answer # 1

    Apparently it seems to be a problem on the AWS side.

    It looks like the AWS WAF console has been renewed, but the resources created there seem to be treated differently from the resources created in the traditional AWS WAF console.


    Note: The previous version of AWS WAF is now named AWS WAF Classic.To access resources created with that version,

    Apparently, CloudFront can only refer to resources created with the traditional console ...
    Although it will be supported on the AWS side in the future, it seems that there is no choice but to create a resource with the conventional console and apply it.
    Click Switch to AWS WAF Classic to return to the traditional console.
    This is a problem that should be requested from AWS ...