Architecture details

Focus mode

Architecture details - Security Automations for AWS WAF

This section describes the components and AWS services that make up this solution and the architecture details on how these components work together.

AWS services in this solution

AWS service	Description
AWS WAF	Core. Deploys an AWS WAF web ACL, AWS Managed Rules rule groups, custom rules, and IP sets. Makes AWS WAF API calls to block common attacks and secure web applications.
Amazon Data Firehose	Core. Delivers AWS WAF logs to Amazon S3 buckets.
Amazon S3	Core. Stores AWS WAF, CloudFront, and ALB logs.
AWS Lambda	Core. Deploys multiple Lambda functions to support custom rules.
Amazon EventBridge	Core. Creates events rules to invoke Lambda.
Amazon Athena	Supporting. Creates Athena queries and work groups to support the Athena log parser.
AWS Glue	Supporting. Creates databases and tables to support the Athena log parser.
Amazon API Gateway	Supporting. Creates a bad bot honeypot endpoint.
Amazon SNS	Supporting. Sends Amazon Simple Notification Service (Amazon SNS) email notifications to support IP retention on allowed and denied lists.
AWS Systems Manager	Supporting. Provides application-level resource monitoring and visualization of resource operations and cost data.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

AWS Well-Architected design considerations

Log parser options