Bot Protection for Websites Using the Amazon CloudFront CDN

If your site is running on the Amazon CloudFront CDN, you can install a robust real-time bot protection solution in a few minutes, without any changes to your architecture.

Real-time bot protection for CloudFront sites

The DataDome bot protection solution integrates seamlessly with CloudFront to ensure your content is secure wherever it sits. For AWS users, only a few clicks are needed to activate real-time Cloudfront bot detection & protection, secure your data, protect your online content, and block bot attacks on Cloudfront sites.

Because the DataDome logic is executed prior to CloudFront’s routine process, we provide real-time protection for both cached and non-cached pages. Visitor request interaction takes place at the edge, located close to the users, with a latency of less than 10 milliseconds.

In this article, you’ll discover why you need a real-time bot protection solution in addition to CloudFront, how our CloudFront module works, the key benefits of the DataDome solution, and the steps to get started with our CloudFront module.

How the DataDome module for CloudFront works

CloudFront distributes your content using hundreds of locations around the world. This means that protecting the origin is great, but it’s not enough—we also need to protect your content at the edge.

Using “at the edge” functions encompass many benefits, but it comes with specific challenges. How do you protect your site content when it is delivered by tens of thousands of servers located at AWS’ 166 points of presence around the world?

Enter Amazon’s Lambda@Edge service, which DataDome was one of the very first companies in the world to adopt.

Before CloudFront executes its standard procedure, an event is triggered and processes the DataDome logic in a Lambda@Edge function. The module makes a call to the closest DataDome regional endpoint using a keep alive connection. Depending on the API response, the DataDome module either blocks the request or allows CloudFront to continue its regular processing.

To minimize latency, DataDome’s AWS bot protection solution is deployed to all AWS Regional Caches. Route 53, with a specific Lambda API endpoint, ensures that the DataDome server is called from the nearest infrastructure point.

Lambda@Edge enables DataDome to offer serverless setup for all types of use cases, which considerably simplifies the onboarding process. Thanks to this feature, any AWS user around the world can subscribe to and activate DataDome’s AWS bot management solution with a few clicks from their AWS console, taking less than 2 minutes to complete the process.

The CloudFront module is designed to protect the user experience for human visitors. If any errors were to arise during the process, or a timeout is met, the CloudFront module will automatically disable its blocking activity and allow the routine CloudFront process to proceed.

When I discovered that DataDome was integrated with CloudFront, I stopped looking. Moreover, with the opportunity to test the solution for free for a month, we had nothing to lose

Olivier Dupuis, CTO of Interencheres.com

Learn more about how Interencheres.com uses DataDome with CloudFront to ensure its platform is clear of bot-generated spam emails and unwanted traffic.

Key benefits

DataDome uses AI and machine learning to analyze every request to your website and determine whether the visitor is a human or a bot.

By leveraging the DataDome AWS bot protection module, CloudFront users can expect:

Improved site performance due to the elimination of high volumes of illicit traffic
Real-time protection from all OWASP automated threats
Unrivaled customization options, thanks to a powerful custom rules engine
Reliable analytics, with realtime data on 100% of your traffic
Simplified administration by paying per usage via your existing AWS bill

The CloudFront bot detection & protection module will protect all your customer critical touch points—ranging from web service APIs to login forms. Since genuine traffic patterns vary between endpoints, we use a distinct algorithm for each one.

To adjust your setup, you can create real-time custom rules to override the AI’s decisions, and allow or deny access for specific visitor groupings based on 13 different criteria.

Getting started with the DataDome module for CloudFront

To start testing out DataDome with CloudFront in less than a minute, click the Free trial button below to create your account—no need for a credit card or contract.

Then, follow the CloudFront module setup instructions, which should take you under an hour.

Once the module is installed, you can access your unique DataDome dashboard, where you can observe real-time bot traffic to all of your CloudFront endpoints. Enjoy!