Use AWS WAF to block traffic to my lightsail instance

I have an AWS lightsail instance running wordpress. It is getting pounded with hits from Chinese IP addresses - and they keep changing IP's. I started making hundreds of iptables rules but am giving up as this is clearly the wrong approach.

I discovered the AWS WAF service, and created an ACL which drops traffic from China. And the WAF is in the same region as my lightsail instance.

Great. But it's not doing anything...still getting hit. I can't figure out how (or IF) I connect my lightsail traffic to the WAF. Is it even possible?

I don't need a load balancer, nor cloudfront, nor do a have a gateway (I think). This setup is really simple...


Solution 1:

AWS WAF will not work in your use case unless you use an Application Load Balancer

AWS WAF is tightly integrated with Amazon CloudFront and the Application Load Balancer (ALB), services that AWS customers commonly use to deliver content for their websites and applications.

If you're not using one of these technologies AWS WAF will not work for you.

I understand you do not want to use an Application Load Balancer but Lightsail does support it. If you were to use it then you could use AWS WAF.

References

Lightsail with other AWS Services
AWS WAF FAQ