You can allowlist Detectify’s IPs in CloudFront through code like Terraform, CloudFormation, or similar; or with click-ops through the UI. This article will walk you through the procedure for allowlisting Detectify’s IPs in the CloudFront UI.
1. Navigate to CloudFront in the AWS platform.
2. In the list of Distributions, select the distribution where you want to allowlist Detectify’s IPs.
3. Go to the Security tab.
4. In the Security tab, you should see “Security - Web Application Firewall (WAF)”
a. If WAF is enabled, it should say “Core protections: Enabled”.
b. If Waf isn’t enabled, it should say “Core protections: Disabled”.
5. In the dropdown by “Manage protections”, select “Manage rules”.
6. Select “Add rule” and then “IP-based rule”.
7. From the dropdown menu under “Actions”, select “Allow”
8. Write a name for the rule to remember what it is used for.
9. The IP address version should be set as IPv4.
10. In the “IP addresses” field, input the IP addresses you want to allowlist.
a. For most cases, these would be 52.17.9.21/32 and 52.17.98.131/32.
b. For a complete list of all IP addresses that Detectify uses, see this article.
11. To finish, click “Create rule” in the bottom right corner to finalize the allowlisting.