Concepts and definitions

This section describes key concepts and defines terminology specific to this solution.

ALB logs

This solution uses logs for the ALB resource. The Scanner & Probe Protection rule in this solution inspect these logs.

Athena log parser

Amazon Athena is a serverless, interactive analytics service that is built on open-source frameworks, supporting open-table and file formats. This solution runs a scheduled Athena query to inspect AWS WAF, CloudFront, or ALB logs if user chooses yes - Amazon Athena log parser when activating the HTTP Flood Protection rule or Scanner & Probe Protection rule, and can be used for Activate Bad Bot Protection through detection that operates through a structured logic chain.

AWS WAF rule

An AWS WAF rule defines:

How to inspect HTTP(S) web requests
The action to take on a request when it matches the inspection criteria

You define rules only in the context of a rule group or web ACL.

CloudFront logs

This solution uses logs for the CloudFront resource. The Scanner & Probe Protection rule in this solution inspects these logs.

IP set

An IP set provides a collection of IP addresses and IP address ranges that you want to use

together in a rule statement. IP sets are AWS resources.

Lambda log parser

This solution runs a Lambda function invoked by an Amazon Simple Storage Service (Amazon S3) object create event. The Lambda function initiates an inspection of AWS WAF, CloudFront, or ALB logs if the user chooses yes - AWS Lambda log parser when activating the HTTP Flood Protection , Scanner & Probe Protection and can be used for Bad Bot Protection rule through detection that operates through a structured logic chain.

Managed rule groups

Managed rule groups are collections of predefined, ready-to-use rules that AWS and AWS Marketplace sellers write and maintain for you. AWS WAF Pricing applies to your use of any managed rule group.

resource/endpoint type

You can associate AWS resources with web ACLs to protect them. These resources are CloudFront, ALB, AWS AppSync, Amazon Cognito, AWS App Runner, and AWS Verified Access resources. Currently this solution Amazon supports CloudFront and ALB.

WAF logs

This solution uses logs generated by AWS WAF for the resources associated with the web ACL. The HTTP Flood Protection, Scanner & Probe Protection and Activate Bad Bot Protection rules for this solution inspect these logs.

WCU

AWS WAF uses web access control list (ACL) capacity units (WCUs) to calculate and control the operating resources that are required to run your rules, rule groups, and web ACLs. AWS WAF enforces WCU quotas when you configure your rule groups and web ACLs. WCUs don’t affect how AWS WAF inspects web traffic.

web ACL

A web ACL gives you fine-grained control over the HTTP(S) web requests that your protected resource responds to.

Note

For a general reference of AWS terms, see the AWS Glossary.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Use cases

Architecture overview