AWS推出了简化的Amazon CloudFront和AWS WAF控制台，让开发者能更快地配置内容分发和安全服务。通过几步操作，开发者即可创建包含DNS和TLS证书的完整配置，并简化了与Amazon Route 53和AWS WAF的集成，减少了手动配置的复杂性。新功能还增强了与AWS WAF的集成，提供智能规则包，帮助用户抵御常见的Web攻击。

🚀 简化配置流程：新的CloudFront控制台简化了配置流程，开发者只需输入域名，即可创建安全分发。该流程自动处理TLS证书和DNS记录配置，并默认采用安全最佳实践，减少了在多个服务之间切换的需要。

🌐 提升性能与安全性：CloudFront作为CDN，通过边缘节点提供内容，减少延迟，提升用户体验。同时，它内置的安全功能保护应用免受DDoS攻击和其他威胁，并能自动扩展以应对流量变化。

🛡️ 集成AWS WAF：新的AWS WAF控制台引入了基于应用类型和安全需求的智能规则包。开发者可以通过集成体验启用AWS WAF保护，获得针对常见攻击向量的即时保护，如SQL注入和跨站脚本攻击。

<section class="blog-post-content lb-rtxt"><table id="amazon-polly-audio-table"><tbody><tr><td id="amazon-polly-audio-tab"><p></p></td></tr></tbody></table><p>Today, we’re announcing a new simplified onboarding experience for <a href="https://aws.amazon.com/cloudfront/&quot;&gt;Amazon CloudFront</a> that developers can use to accelerate and secure their web applications in seconds. This new experience, along with improvements to the <a href="https://aws.amazon.com/waf/&quot;&gt;AWS WAF</a> console experience, makes it easier than ever for developers to configure content delivery and security services without requiring deep technical expertise.</p><p>Setting up content delivery and security for web applications traditionally required navigating multiple <a href="https://aws.amazon.com/&quot;&gt;Amazon Web Services (AWS)</a> services and making numerous configuration decisions. With this new CloudFront onboarding experience, developers can now create a fully configured distribution with DNS and a TLS certificate in just a few clicks.</p><p>Amazon CloudFront offers compelling benefits for organizations of all sizes looking to deliver content and applications globally. As a content delivery network (CDN), CloudFront significantly improves application performance by serving content from edge locations closest to your users, reducing latency and improving user experience. Beyond performance, CloudFront provides built-in security features that protect your applications from distributed denial of service (DDoS) attacks and other threats at the edge, preventing malicious traffic from reaching your origin infrastructure. The service automatically scales with your traffic demands without requiring any manual intervention, handling both planned and unexpected traffic spikes with ease. Whether you’re running a small website or a large-scale application, the CloudFront integration with other AWS services and the new simplified console experience makes it easier than ever to implement these essential capabilities for your web applications.</p><p><strong>Streamlined CloudFront configuration</strong></p><p>The new CloudFront console experience guides developers through a simplified workflow that starts with the domain name they want to use for their distribution. When using <a href="https://aws.amazon.com/route53/&quot;&gt;Amazon Route 53</a>, the experience automatically handles TLS certificate provisioning and DNS record configuration, while incorporating security best practices by default. This unified approach eliminates the need to switch between multiple services like <a href="https://aws.amazon.com/certificate-manager/&quot;&gt;AWS Certificate Manager</a>, Route 53, and AWS WAF, and offers developers a faster time to production without the need to dive deep on the nuanced configuration options of each service.</p><p>For example, a developer can now create a secure CloudFront distribution for their applications fronted by a load balancer by entering their domain name and selecting their load balancer as the origin. The console automatically recommends optimal CDN and security configurations based on the application type and requirements, and developers can deploy with confidence knowing they’re following AWS best practices.</p><p>For developers who wish to host a static website on <a href="https://aws.amazon.com/s3&quot;&gt;Amazon Simple Storage Service (Amazon S3)</a>, CloudFront provides several important benefits. First, it improves your website’s performance by caching content at edge locations closer to your users, reducing latency and improving page load times. Second, it helps protect your S3 bucket by acting as a security layer—CloudFront can be configured to be the only way to access your content, preventing direct access to your S3 bucket. The new experience automatically configures these security best practices for you.</p><p><strong>Enhanced security integration with AWS WAF</strong></p><p>Complementing the new CloudFront experience, we’re also introducing an improved AWS WAF console that features intelligent Rule Packs—curated sets of security rules based on application type and security requirements. These Rule Packs enable developers to implement comprehensive security controls without needing to be security experts.</p><p>When creating a CloudFront distribution, developers can now enable AWS WAF protection through an integrated experience that uses these new Rule Packs. The console provides clear recommendations for security configurations that developers can use to preview and validate their settings before deployment.</p><p>Web applications face numerous security threats today, including SQL injection attacks, cross-site scripting (XSS), and other <a href="https://owasp.org/www-project-top-ten/&quot;&gt;OWASP Top 10</a> vulnerabilities. With the new AWS WAF integration, you automatically get protection against these common attack vectors. The recommended Rule Packs provide immediate protection against malicious bot traffic, common web exploits, and known bad actors while preventing direct-to-origin attacks that could overwhelm your infrastructure.</p><p><strong>Let’s take a look</strong></p><p>If you’ve ever created an Amazon CloudFront distribution, you’ll immediately notice that things have changed. The new experience is straightforward to follow and understand. For my example, I chose to create a distribution for a static website using Amazon S3 as my origin.</p><p><img class="alignnone wp-image-97174 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/06/12/cloudfront-onboarding-05-1024x496.png&quot; alt="New onboarding experience for Amazon CloudFront" width="1024" height="496" /></p><p>In <strong>Step 1</strong>, I give my distribution a name and select from <strong>Single website or app</strong> or the new <strong>Multi-tenant architecture</strong> option, which I can use to configure distributions that use multiple domains but share a common configuration. I choose <strong>Single website or app</strong> and enter an optional domain name. With the new experience, I can use the <strong>Check domain</strong> button to verify I have my domain as a Route 53 zone file.</p><p><img class="alignnone size-large wp-image-96922" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/06/06/cloudfront-onboarding-02-1024x441.png&quot; alt="" width="1024" height="441" /></p><p>Next, I select the origin for the distribution, which is where CloudFront will fetch the content to serve and cache. For my <strong>Origin type</strong>, I select Amazon S3. As the preceding screenshot shows, there are several additional options to choose from. Each of the options is designed to make configuration as straightforward as possible for the most popular use cases. Next, I select my S3 bucket, either by typing in the bucket name or using the <strong>Browse S3</strong> button.</p><p><img class="alignnone size-large wp-image-96923" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/06/06/cloudfront-onboarding-03-1024x347.png&quot; alt="" width="1024" height="347" /></p><p>Next, I have several settings related to using Amazon S3 as my origin. The <strong>Grant CloudFront access to origin</strong> option is an important one. This option (selected by default) will update my S3 bucket policy to allow CloudFront to access my bucket and will configure my bucket for <strong>origin access control</strong>. This way, I can use a completely private bucket and know that assets in my bucket can only be accessed through CloudFront. This is a critical step to keeping my bucket and assets secure.</p><p>In the next step, I’m presented with the option to configure AWS WAF. With AWS WAF enabled, my web servers are better protected because it inspects each incoming request for potential threats before allowing them to make their way to my web servers. There is a cost to enabling AWS WAF, and as you can see in the following screenshot, there is a calculator to help estimate additional charges.</p><p><img class="alignnone wp-image-97175 size-large" src="https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2025/06/12/cloudfront-onboarding-06-1024x527.png&quot; alt="New onboarding experience for Amazon CloudFront" width="1024" height="527" /></p><p><strong>Now available</strong></p><p>The new CloudFront onboarding experience and enhanced AWS WAF console are available today in all <a href="https://docs.aws.amazon.com/glossary/latest/reference/glos-chap.html#region&quot;&gt;AWS Regions</a> where these services are offered. You can start using these new features through the <a href="https://aws.amazon.com/console/&quot;&gt;AWS Management Console</a>. There are no additional charges for using these new experiences—you pay only for the CloudFront and AWS WAF resources you use, based on their respective pricing models.</p><p>To learn more about the new CloudFront onboarding experience and AWS WAF improvements, visit the <a href="https://docs.aws.amazon.com/cloudfront/&quot;&gt;Amazon CloudFront documentation</a> and <a href="https://docs.aws.amazon.com/waf/&quot;&gt;AWS WAF documentation</a>. Start building faster, more secure web applications today with these simplified experiences.</p></section><aside id="Comments" class="blog-comments"><div data-lb-comp="aws-blog:cosmic-comments" data-env="prod" data-content-id="ee7cb20d-f599-41de-bb9e-bb6e130ee642" data-title="Amazon CloudFront simplifies web application delivery and security with new user-friendly interface" data-url="https://aws.amazon.com/blogs/aws/amazon-cloudfront-simplifies-web-application-delivery-and-security-with-new-user-friendly-interface/&quot;&gt;&lt;p data-failed-message="Comments cannot be loaded… Please refresh and try again.">Loading comments…</p></div></aside>