Outdated docs for CloudFront+WAF integration

There are several outdated articles on the AWS website about how to integrate CloudFront and WAF (including some articles that mention writing your own Lambda function to automatically update your load balancer's security group with CloudFront IP addresses).

This is the up-to-date method at the time of writing: https://aws.amazon.com/about-aws/whats-new/2022/02/amazon-cloudfront-managed-prefix-list/ . You don't need a Lambda function for that anymore, you can use the prefix list mentioned in the article.article: note that in both cases you'll need to request a service quota increase before this will work.

I wrote a step-by-step guide on enabling WAF to protect Lightsail instances, via an Application Load Balancer, CloudFront and WAF, here.