AWS WAF

You can use AWS WAF as a source to help protect your application from vulnerability attacks such as cross-site scripting, SQL injections, or DDoS. For the robust network approach, configure AWS WAF in front of the Application Load Balancer and define AWS WAF rules that should be followed across the organization. This will help ensure that any traffic reaching services hosted across the organization meets security best practices and that security is checked before traffic enters the organization's environment.

The following diagram shows inbound traffic coming through AWS WAF to the Application Load Balancer in the network account. From the network account, the traffic is routed to the Network Load Balancers or Application Load Balancer in the OU accounts and sent to the target EC2 instances.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Decentralized DNS and Route 53 Profiles

Objectives