The AWS Best Practices for DDoS Resiliency whitepaper provides an overview of DDoS attacks, capabilities provided by AWS, mitigation techniques, and a DDoS-resilient reference architecture that can be used as a guide to help protect application availability.
Q: Can I incorporate the AWS WAF Security Automations and AWS WAF Security Automations for Classic solutions into my existing web application firewall strategy?
A: Yes. You can aggregate existing rules and solution-created rules into a single web ACL. Note that individual web ACLs are subject to rule limits (now called quotas); see the AWS WAF Developer Guide for information.
Q: How much does it cost to run either solution?
A: Both solutions are free to launch; however, you are responsible for the cost of the AWS services used while running either solution. For example, if you select to use the Athena Log Parser on installation, you will be charged for Athena usage. For more information, see the sample Cost Estimate of Amazon Athena. The total cost for running either solution depends on the protection activated and the amount of data ingested, stored, and processed. For full details, see the pricing webpage for each AWS service you will be using in the relevant solution.
Q: Can I use these solutions to protect multiple web applications?
A: Yes. After you deploy the AWS WAF Security Automations or AWS WAF Security Automations for WAF Classic solution, you can associate its web ACL (with all the rules included in the solution) with multiple web applications. Note that the web ACL that the solution creates will be compatible with either a CloudFront distribution or an Application Load Balancer, depending on what you select for the Endpoint Type template parameter.
Q: Can I extend the functionality of AWS WAF Security Automations?
A: Yes. You can modify and customize all the rules provided in either solution. During initial configuration, use the template parameters to control rule behavior, as well as the code for the AWS Lambda functions.
Q: Do these solutions integrate with my third-party web application firewall?
A: No. These rules are specific to the AWS WAF service.
Q: Can I deploy these solutions in any AWS Region?
A: For web apps deployed with an Application Load Balancer, you must deploy the relevant solution's AWS CloudFormation template in an AWS Region that supports AWS WAF for Application Load Balancers (for the most current AWS WAF availability, see AWS service offerings by Region).
For web apps deployed with Amazon CloudFront, you can deploy the solution template only in the US East (N. Virginia) Region.
Training and Certification
AWS Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future. Learn more »
Getting Started with AWS Security, Identity, and Compliance
This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering
Introduction to Amazon Macie
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. In this course, you will be introduced to Amazon Macie, how the service works, and the underlying concepts driving the service.
AWS Certified Security – Specialty
This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.
The AWS Partner Network (APN) is focused on helping partners build successful AWS-based businesses to drive superb solutions and customer experiences. APN Partners are focused on customer success, helping you take full advantage of all the business benefits that AWS has to offer. With their deep expertise on AWS, APN Partners are uniquely positioned to help your company at any stage of your Cloud Adoption Journey and to help you solve some of your most complex problems.