Automatically deploy a single web access control list that filters web-based attacks with AWS WAF Security Automations - AWS WAF Security Automations

Automatically deploy a single web access control list that filters web-based attacks with AWS WAF Security Automations

Publication date: September 2016 (last update: September 2021)

AWS WAF (AWS WAF) helps protect web applications from common exploits that can affect application availability, compromise security, or consume excessive resources. AWS WAF allows you to define customizable web security rules, and control which traffic to allow to web applications and APIs deployed on Amazon CloudFront, an Application Load Balancer, or Amazon API Gateway.

Configuring WAF rules can be challenging, especially for organizations that do not have dedicated security teams. To simplify this process, AWS offers the AWS WAF Security Automations solution, which automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules that filters web-based attacks. During initial configuration the AWS CloudFormation template, you can specify which protective features to include. After this solution is deployed, AWS WAF inspects web requests to existing CloudFront distributions or Application Load Balancer, and blocks them if applicable.


      Figure 1: Configurations of the AWS WAF web ACL

Figure 1: Configurations of the AWS WAF web ACL

This implementation guide discusses architectural considerations and configuration steps for deploying the AWS WAF Security Automations solution in the Amazon Web Services(AWS) Cloud. It includes links to AWS CloudFormation templates that launch, configure, and run the AWS compute, network, storage, and other services required to deploy this solution on AWS, using AWS best practices for security and availability.

The information in this guide assumes working knowledge of AWS services such as AWS WAF, Amazon CloudFront, Application Load Balancers, and AWS Lambda. It also requires basic knowledge of common web-based attacks, and mitigation strategies.

Note

Starting from version 3.0, the AWS WAF Security Automations solution supports the latest version of AWS WAF (AWS WAFV2) service API.

The guide is intended for IT Managers, Security Engineers, DevOps Engineers, Developers, Solutions Architects, and Website Administrators.