Disabling Amazon WAF security protections
If your distribution doesn't need Amazon WAF security protections, you can disable this feature by using the CloudFront console.
If you previously enabled Amazon WAF protection and didn't choose an existing WAF configuration (also known as one-click protection), CloudFront automatically created a web ACL for you. For web ACLs created this way, the CloudFront console will disassociate the resource and delete the web ACL.
Disassociating a web ACL is different from deleting it. Disassociating removes the web ACL from your distribution, but it's not deleted from your Amazon Web Services account. For more information, see Associating or disassociating a web ACL with an Amazon resource in the Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced Developer Guide.
See the following procedure to disable Amazon WAF protections and disassociate the web ACL from your distribution.
To disable Amazon WAF security protections in CloudFront
Open the CloudFront console at https://console.amazonaws.cn/cloudfront/v4/home
. -
In the navigation pane, choose Distributions, and then choose the distribution that you want to change.
-
Choose the Security tab and then choose Edit.
-
In the Web Application Firewall (WAF) section, choose Disable Amazon WAF protection.
-
Choose Save changes.
Notes
-
If you disabled Amazon WAF security protection and you still want to delete the web ACL from your Amazon Web Services account, you can delete it manually. Follow the procedure to delete a web ACL. In the Amazon WAF & Shield console, for the Web ACLs page, you must choose the Global (CloudFront) list to find the web ACLs.
-
When you delete a distribution from the CloudFront console, CloudFront will attempt to also delete the web ACL if you chose one-click protection. This is best effort and isn't always guaranteed. For more information, see Delete a distribution.