What does this AWS Solutions Implementation do?

AWS WAF is a web application firewall that enables customers to quickly create custom, application-specific rules that block common attack patterns that can affect application availability, compromise security, or consume excessive resources. AWS WAF can be completely administered via APIs that make security automation easy, enabling rapid rule propagation and fast incident response.

The AWS WAF Security Automations solution uses AWS CloudFormation to automatically deploy a set of AWS WAF rules designed to filter common web-based attacks. Users can select from preconfigured protective features that define the rules included in an AWS WAF web access control list (web ACL). After the solution deploys, AWS WAF begins inspecting web requests to the user’s existing Amazon CloudFront distributions or Application Load Balancers, and blocks them when applicable.

Starting from version 3.0, the AWS WAF Security Automations solution supports the latest version of AWS WAF (AWS WAFV2) service API. If you need to maintain AWS WAF Classic, deploy version 2.3.3 of this solution.

  • AWS WAF Security Automations
  • AWS WAF Security Automations for WAF Classic
  • AWS WAF Security Automations
  • AWS Solutions Implementation overview

    The AWS WAF Security Automations solution provides fine-grained control over the requests attempting to access your web application. The diagram below presents the architecture you can build using the solution's implementation guide and accompanying AWS CloudFormation template.

    At the core of the design is an AWS WAF web ACL that acts as central inspection and decision point for all incoming requests. The protective functions you choose to activate determine the custom rules that are added to your web ACL.

    Live Streaming on AWS with MediaStore | Architecture Diagram
    Live Streaming on AWS with MediaStore | Architecture Diagram
     Click to enlarge

    AWS WAF Security Automations architecture

    AWS Managed Rules (A): This set of AWS managed core rules provides protection against exploitation of a wide range of common application vulnerabilities or other unwanted traffic.

    Manual IP lists (B and C): This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to block or allow.

    SQL Injection (D) and XSS (E): The solution configures two native AWS WAF rules that are designed to protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.

    HTTP flood (F): This component protects against attacks that consist of a large number of requests from a particular IP address, such as a web-layer DDoS attack or a brute-force login attempt.

    Scanners and Probes (G): This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.

    IP Reputation Lists (H): This component is the IP Lists Parser AWS Lambda function which checks third-party IP reputation lists hourly for new ranges to block.

    Bad Bots (I): This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.

    AWS WAF Security Automations

    Version 3.0
    Last updated: 07/2020
    Author: AWS

    Estimated deployment time: 15 min

    Source code  CloudFormation template 
    Use the button below to subscribe to solution updates.

    Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.

  • AWS WAF Security Automations for WAF Classic
  • AWS Solutions Implementation overview

    The AWS WAF Security Automations solution provides fine-grained control over the requests attempting to access your web application. The diagram below presents the architecture you can build using the solution's implementation guide and accompanying AWS CloudFormation template.

    At the core of the design is an AWS WAF web ACL that acts as central inspection and decision point for all incoming requests. The protective functions you choose to activate determine the custom rules that are added to your web ACL.

    waf-security-automations-for-waf-classic-architecture
    waf-security-automations-for-waf-classic-architecture
     Click to enlarge

    AWS WAF Security Automations for WAF Classic architecture

    Manual IP lists (A and B): This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to block or allow.

    SQL Injection (C) and XSS (D): The solution configures two native AWS WAF rules that are designed to protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.

    HTTP flood (E): This component protects against attacks that consist of a large number of requests from a particular IP address, such as a web-layer DDoS attack or a brute-force login attempt.

    Scanners and Probes (F): This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.

    IP Reputation Lists (G): This component is the IP Lists Parser AWS Lambda function which checks third-party IP reputation lists hourly for new ranges to block.

    Bad Bots (H): This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.

    AWS WAF Security Automations for WAF Classic

    Version 2.3.3
    Last updated: 06/2020
    Author: AWS

    Estimated deployment time: 15 min

    Source code  CloudFormation template 
    Use the button below to subscribe to solution updates.

    Note: To subscribe to RSS updates, you must have an RSS plug-in enabled for the browser you are using.

Features

AWS WAF Security Automations reference implementation

Leverage the AWS WAF Security Automations solution out of-the-box, or as a reference implementation for building your own set of WAF rules.

Quickly configure WAF rules

The AWS CloudFormation template automatically launches and configures the AWS WAF settings and protective features you choose to include during initial deployment.

Identifies and blocks cross-site scripting (XSS) attacks

The solution configures two native AWS WAF rules that are designed to protect against common SQL injection or XSS patterns in the URI, query string, or body of a request.

Log Analysis

When activated, AWS CloudFormation provisions an Amazon Athena query and a scheduled AWS Lambda function responsible for orchestrating Athena executing, processing result output, and updating AWS WAF.
Build icon
Deploy a Solution yourself

Browse our library of AWS Solutions Implementations to get answers to common architectural problems.

Learn more 
Find an APN partner
Find an APN Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Explore icon
Explore Solutions Consulting Offers

Browse our portfolio of Consulting Offers to get AWS-vetted help with solution deployment.

Learn more