An online education platform hosts its static website content, including images, HTML, and CSS files, in an Amazon S3 bucket. To improve performance and enforce security policies, the company wants to distribute this content globally through Amazon CloudFront. However, corporate compliance requires that every request to the site be filtered through AWS WAF to protect against common web exploits. What is the most appropriate way for the solutions architect to design the system while meeting both performance and security requirements?