What is AWS WAF
In just a short period within the cloud digital revolution, organizations have transitioned more web applications to AWS out of the data center than ever before. The agility to spin up workloads instantly provides a Dev & SRE team endless opportunities to share resources & celebrate many sprint cycle wins. This ingenuity naturally can leave applications naked to nefarious actors without predictability, exposing diligent work on the wrong side of the tracks. Thankfully, many WAF providers, including Amazon recognized parallel speed to deploy apps should not outpace security. Are you new to what a WAF is? Read our prior post on What is a WAF, as it focuses on the very basics, how they align with OWASP and more great points.
Luckily coverage natively in Amazon is achievable through their internal solution, protecting applications with their cloud-based Web Application Firewall.
Core components of Amazon WAF
- Web ACLs– Create ACLs to surround & protect a set of AWS resources. In its simplest form, you create an ACL to build the inspection logic allowing good traffic into your resources or block said requests during this flow.
- Rules– Each rule contains a statement defining how to inspect traffic & what to do with it. When the traffic rules identify a match, it meets the criteria & takes action.
AWS has a calculation for rule capacity and requirement guidelines. The good news, AWS publishes its WAF Statements which guide the WAF on how the inspection should occur. All rules include a top-level rule statement which can have additional statements as well. Complexity & simplicity can exist within statements from blocking a source address to building nesting statements which is equally supported.
How does AWS WAF work?
AWS WAF sits between the end-user requests and your applications to mitigate threats while administering rules designed for your resources. The first advantage against hardware-based device firewalls for anyone who is brand new to a WAF is the management. No hardware, support maintenance or potential points of device failure absorbing all traffic in a data center are additional key attributes.
Unlike traditional Firewalls, there is no upfront racking, fees etc. users must worry about which probably seems intuitive. Since AWS WAF is blocking bad traffic, that has a huge impact on your requests to the application itself and the flexibility to deploy cloud firewall protection.
(image from AWS)
What types of traffic does AWS WAF protect against:
AWS WAF offers many protection advantages & knowledge of security-based threats is a must. Some, not all of the protection areas include:
- SQL Injection attack
- XSS (cross-site scripting)
- Source IP
- Country Origin – however, do not be confused here with origin traffic nested through an allowable VPN for example
- Bots – good and bad ones depending on your uses case.
How much does AWS WAF cost?
There is a clear & transparent AWS WAF pricing model shared with customers on their console. It is recommended users determine a few key data points first in order to size properly which will determine the price:
- How many Web ACLs
- How many Rules will be built?
- # of Requests against your application – sometimes unknown until deployment
Should you use Amazon’s WAF or another provider?
Great question & we are asked this often. Why? For many organizations, they do prefer their security agnostic to their IaaS Cloud vendor, providing flexibility between Cloud Service Providers (CSPs) in the future.
We help more organizations connect multi-cloud architectures while installing a 3rd party WAF. This approach regardless of if it is Amazon, Azure, Oracle Cloud, GCP etc. provides organizations immense flexibility should they move between CSPs. Key points to consider:
- An agnostic 3rd party WAF is a separate instance that can protect multiple clouds
- If an organization departs a CSP for another, it allows the WAF to remain constant. For example, an organization decides to leave AWS for Oracle Cloud. Utilizing an agnostic WAF provider affords the customer constant protection, process and more without losing the Amazon WAF.
What is the ultimate WAF guide for customers in 2021? It all depends on the use case so please ask and we would be happy to discuss architectural WAF options for your business.
Recent Posts
- What is DocuSign and how it can make your business more efficient in 2025
- ServiceNow’s AI-Powered Future: Leading the Enterprise Digital Transformation
- Data Center Colocation vs. Cloud Hosting: Making the Right Choice for Enterprise Infrastructure
- How to Choose a Data Center Colocation Provider: A Comprehensive Decision Guide
- Should you purchase DocuSign or Conga Composer: Which is the correct option for Enterprises in 2025?
Archives
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- December 2020
- September 2020
- August 2020
- July 2020
- June 2020
Categories
- Uncategorized (1)
- Security Services (70)
- Cloud SaaS (57)
- Wide Area Network (300)
- Unified Communications (196)
- Client story (1)
- Inspiration (7)
- Tips & tricks (24)
- All (11)
- Clients (12)
- Design (3)
- News (260)
- Music (1)