Posted On: Oct 1, 2020

You can now enable AWS WAF integration for your GraphQL APIs in AWS AppSync, making it easier to protect your APIs against common web exploits.

AWS AppSync is a managed GraphQL service that simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources with less network calls. With AppSync, you can build scalable applications, including those requiring real-time updates, on a range of data sources such as NoSQL data stores, relational databases, HTTP APIs, and your custom data sources with AWS Lambda.

AWS WAF is a web application firewall that helps to protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. To learn more visit the product page here.

You can use AWS WAF to protect your AppSync GraphQL APIs against attacks such as SQL injection and cross-site scripting (XSS). AWS WAF gives you the flexibility to define rule statements anywhere within the web request, such as HTTP headers or body, allowing you to filter requests based on IP address, country, field size length, requests, and/or strings or regular expression patterns. You can also implement rate-based rules, which can be used to slow down brute force attacks and limit API usage based on IP addresses. Furthermore, AWS Managed Rules for AWS WAF help you protect your applications without the need to create or manage the rules directly.

Support for AWS WAF on AppSync is available currently on the AWS regions where both services are available. For more details on the AWS WAF integration with AppSync, refer to our blog post and the AppSync documentation.