AWS WAF is a web application firewall service that lets you monitor web requests for Amazon CloudFront distributions and restrict access to your content. Use AWS WAF to block or allow requests based on conditions that you specify, such as the IP addresses that requests originate from or values in the requests.

For additional protection against Distributed Denial of Service (DDoS) attacks, AWS also offers AWS Shield Advanced. AWS Shield Advanced provides expanded DDoS attack protection for your CloudFront distributions, Amazon Route 53 hosted zones, and Elastic Load Balancing load balancers. AWS Shield Advanced incurs additional charges. For more information about this optional service, see Help me choose in the Developer Guide.

AWS WAF and AWS Shield Advanced Developer Guide
Describes how to get started with AWS WAF and AWS Shield Advanced, explains key concepts, and provides step-by-step instructions that show you how to use the features.
HTML | PDF | Kindle  

AWS WAF API Reference
Describes all the API operations for AWS WAF in detail.

AWS Shield Advanced API Reference
Describes all the API operations for AWS Shield Advanced in detail.