- Click Web ACLs in the left-hand navigation.
- Give the ACL rule a name (such as "Jamf-Devices-Only").
- Modify the Description or CloudWatch metric name, as required.
- Depending on where your apps are hosted, select CloudFront distributions or Regional Resources.Note:
This guide assumes the apps are hosted in Regional Resources, but follow similar steps if using CloudFront.
- If you already know the AWS Web APIs or Application Load Balancers that you want to protect with this configuration, click Add AWS resources in the Associated AWS Resources section. If you do not, you can add them later.Important:
These resources must correspond to the hostnames specified in the above Access Policy configuration section.
- Click Next at the bottom of the page.
- In the Rules section, click Add Rules.
- Select Add my own rules and rule groups.
- Select IP sets.
- Give the rule a memorable name, such as "Jamf-Devices-Only".
- Under IP set, pick the IP Set created in the previous section.
- Under Action, select Allow.
- Click Add Rule.
- Back on the rule definition page under the Default web ACL action for requests that don't match any rules section, select "Block" as the Default Action.
- On the Set rule priority screen, click Next.
- (Optional) On the Configure metrics screen, define the CloudWatch metrics.
- Click Next.
- On the Review page, validate your configuration then click Create Web ACL.Note:
If you did not add AWS Resources to this ACL, you must do so before proceeding.