In this recipe, you will configure WAF to run on top of a lambda function that publishes an endpoint via an API Gateway:

1. Log in to your AWS account, and go to the Lambda dashboard.
2. Create a new lambda function, and choose Author from scratch. Give it a name and click Create function:

3. Add an API Gateway integration trigger:

4. Select Create a new API, and then Save the lambda function:

5. Click the endpoint URL in the API Gateway configuration summary, and you should see Hello from Lambda, if you left the default function code alone:

6. Go to the API Gateway dashboard, select the new gateway you just created, and then select the default stage. Click Create Web ACL:

7. In the WAF console, create a new web ACL. Review the concepts overview and click Next.
8. Give the ACL a name, select your region, then select your new API Gateway stage. Click Next:

9. Create an IP match condition and add you current IP address. If you aren't sure what your IP is, visit a site such as https://www.whatismyip.com/, and then add /32 to the address, in order to make it comply with CIDR (short for Classless Inter-Domain Routing) notation:

10. Create a rule. Give the rule a name, select the IP address that you created in the previous step, and then click Create:

11. Click Review and Create; then Confirm and Create.
12. Go back to the API stage, and select the new ACL that you just created. Save the changes.
13. Refresh the endpoint URL, and you should see {"message":"Forbidden"}.

With this recipe, you have successfully integrated AWS WAF with an AWS lambda function. You can apply what you have learned here to other resources, such as EC2 instances sitting behind an application load balancer, and you can create more complex rules in order to meet your needs.