Automatically deploy a single web access control list that filters web-based attacks with WAF Automation on AWS - WAF Automation on AWS

Automatically deploy a single web access control list that filters web-based attacks with WAF Automation on AWS

Publication date: September 2016 (last update: September 2021)

AWS Web Application Firewall (AWS WAF) helps protect web applications from common exploits that can affect application availability, compromise security, or consume excessive resources. AWS WAF allows you to define customizable web security rules, and control which traffic to allow to web applications and APIs deployed on Amazon CloudFront, an Application Load Balancer, or Amazon API Gateway.

Configuring WAF rules can be challenging, especially for organizations that do not have dedicated security teams. To simplify this process, AWS offers the WAF Automation on AWS solution, which automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules that filters web-based attacks. During initial configuration the AWS CloudFormation template, you can specify which protective features to include. After this solution is deployed, AWS WAF inspects web requests to existing CloudFront distributions or Application Load Balancer, and blocks them if applicable.


      Figure 1: Configurations of the AWS WAF web ACL

Figure 1: Configurations of the AWS WAF web ACL

This implementation guide discusses architectural considerations and configuration steps for deploying the WAF Automation on AWS solution in the Amazon Web Services(AWS) Cloud. It includes links to AWS CloudFormation templates that launch, configure, and run the AWS compute, network, storage, and other services required to deploy this solution on AWS, using AWS best practices for security and availability.

The information in this guide assumes working knowledge of AWS services such as AWS WAF, Amazon CloudFront, Application Load Balancers, and AWS Lambda. It also requires basic knowledge of common web-based attacks, and mitigation strategies.

Note

Starting from version 3.0, the WAF Automation on AWS solution supports the latest version of AWS WAF (AWS WAFV2) service API.

The guide is intended for IT Managers, Security Engineers, DevOps Engineers, Developers, Solutions Architects, and Website Administrators.